API tools faq
paste
Guest User

Script for changing primary user

a guest
Mar 19th, 2025
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1. $tenantId = "xxxxxxxxxxxxxxx"
  2. $clientId = "xxxxxxxxxxxxxxx"
  3. $clientSecret = "xxxxxxxxxxxxxxx"
  4.  
  5. $body = @{
  6. grant_type = "client_credentials"
  7. client_id = $clientId
  8. client_secret = $clientSecret
  9. scope = "https://graph.microsoft.com/.default"
  10. }
  11.  
  12. $tokenResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body
  13. $accessToken = $tokenResponse.access_token
  14.  
  15. $secureAccessToken = ConvertTo-SecureString -String $accessToken -AsPlainText -Force
  16.  
  17. Connect-MgGraph -AccessToken $secureAccessToken
  18.  
  19. $UserPrincipalName = "[email protected]"
  20.  
  21. $ManagedDeviceID = "xxxxxxxxxxxxxxx"
  22.  
  23. #Function to make Microsoft Graph API calls
  24. Function Invoke-MsGraphCall {
  25.  
  26. [cmdletBinding()]
  27. param(
  28. [Parameter(Mandatory=$True)]
  29. [string]$URI,
  30. [Parameter(Mandatory=$True)]
  31. [string]$Method,
  32. [Parameter(Mandatory=$False)]
  33. [string]$Body
  34. )
  35.  
  36.  
  37.  
  38. #Create Splat hashtable
  39. $graphSplatParams = @{
  40. Headers = @{
  41. "Content-Type" = "application/json"
  42. }
  43. Method = $Method
  44. URI = $URI
  45. #ErrorAction = "SilentlyContinue"
  46. }
  47.  
  48. #If method requires body, add body to splat
  49. If($Method -in ('PUT','PATCH','POST')){
  50.  
  51. $graphSplatParams["Body"] = $Body
  52.  
  53. }
  54.  
  55.  
  56. #Return API call result to script
  57. #$MSGraphResult = Invoke-RestMethod u/graphSplatParams
  58. $MSGraphResult = Invoke-MgGraphRequest u/graphSplatParams
  59.  
  60. #Return status code variable to script
  61. Return $MSGraphResult
  62.  
  63. }
  64.  
  65. #Get managed device and check for primary user --> This works
  66. $URI = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$ManagedDeviceID/users"
  67. $Method = "GET"
  68.  
  69. $MSGraphCall = Invoke-MsGraphCall -AccessToken $AccessToken -URI $URI -Method $Method -Body $Body
  70.  
  71.  
  72. $PrimaryUser = $MSGraphCall.value.UserPrincipalName
  73. $PrimaryUserId = $MSGraphCall.value.id
  74.  
  75. #Get AAD Id of primary user to assign -> This also works
  76. $URI= "https://graph.microsoft.com/beta/users/$UserPrincipalName"
  77. $Method = "GET"
  78.  
  79. $MSGraphCall = Invoke-MsGraphCall -AccessToken $AccessToken -URI $URI -Method $Method -Body $Body
  80. $UserID = $MSGraphCall.id
  81.  
  82.  
  83. #Update Primary User on Managed Device -> This failes
  84. #Create required variables
  85. Write-Output "Updating primary user on Intune Device ID $ManagedDeviceID. New Primary User is $UserPrincipalName, ID: $UserID"
  86. $Body = @{ "@odata.id" = "https://graph.microsoft.com/beta/users/$UserId" } | ConvertTo-Json
  87. $URI = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$ManagedDeviceID')/users/`$ref"
  88. $Method = "POST"
  89.  
  90.  
  91. #Call Invoke-MsGraphCall
  92. $MSGraphCall = Invoke-MsGraphCall -AccessToken $AccessToken -URI $URI -Method $Method -Body $Body
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!