Unable to update custom security attributes on service principals #1281
Description
This snippet
Import-Module Microsoft.Graph.Applications
$params = @{
CustomSecurityAttributes = @{
Engineering = @{
"@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue"
ProjectDate = "2022-10-01"
}
}
}
Update-MgServicePrincipal -ServicePrincipalId $servicePrincipalId -BodyParameter $paramsdoes not work. Source: https://github.com/microsoftgraph/microsoft-graph-docs/blob/main/api-reference/beta/includes/snippets/powershell/assign-serviceprincipal-customsecurityattribute-string-powershell-snippets.md
Error message is AttributeSet for value you are trying to assign does not exist engineering
The problem seems to be that the attribute set name and the attribute name start with an uppercase letter. At some point during the process, the first letter is converted to lowercase and the resulting body looks like this:
{
"customSecurityAttributes": {
"engineering": {
"@odata.type": "#Microsoft.DirectoryServices.CustomSecurityAttributeValue",
"projectDate": "2022-10-01"
}
}
}The Graph API correctly rejects this PATCH request because the attribute set does not exist.
The snippet above uses -BodyParameter $params. An alternative is using -CustomSecurityAttributes, i.e., Update-MgServicePrincipal -CustomSecurityAttributes $newCsa -ServicePrincipalId [...]. Not only is this poorly documented and one has to guess the correct format for the $newCsa param (the documentation only says that it should be a hashtable), but it suffers from the same problem, namely inappropriate uppercase to lowercase conversion.
All in all, there seems to be no way of updating custom security attributes with this SDK.
Tested on PS 7.2.4 with SDK version 1.9.6.