Useful scripts

Convert SID to Username $SID ='S-1-5-21-1924530255-1943933946-939161726-500' $objSID = New-Object System.Security.Principal.SecurityIdentifier($SID) $objUser = $objSID.Translate([System.Security.Principal.NTAccount]) Write-Host "Resolved user name: " $objUser.Value Convert Username to SID $user ='TestDomainMorgan' $objUser = New-Object System.Security.Principal.NTAccount($user) $objSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) Write-Host "Resolved user's sid: " $objSID.Value

Unlike the SPNs (App Registration) in Azure, a manual Admin Consent can't be given to a Managed Identity object. We have to use the script to do that. Before creating the script, you need to find the below details: TenantID: Go to Azure Active Directory and in Overview, you will find the Tenant ID. GraphAppID: It's the ID for different types of APIs, such as Microsoft Graph. Most of the time we use Microsoft Graph and its ID is 00000003-0000-0000-c000-000000000000. You can find IDs for commonly used Microsoft apps here . DisplayNameofMSI: Give the name same as your app. PermissionName: API permission you need on your app, such as User.Read.All or Sites.Read.All etc. I am taking Directory.Read.All as an example in this script. $TenantID="provide the tenant ID" $GraphAppId = "00000003-0000-0000-c000-000000000000" $DisplayNameOfMSI="provide the App name" $PermissionName = "Directory.Read.All" Install-Module AzureAD Connect-AzureAD -Tenan...