This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 15%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
I have a custom security attibute set that is applied to various service principals within my directory. I'd like to use Graph powershell to remove this attribute assignment from a list of these service principals. I don't want to deprecate the attribute set, I just want to remove the service principal from the scope of assignment.
| Service Principal | Custom Security Attribute |
|---|---|
| ServicePrincipal1 | owned=$true |
| ServicePrincipal2 | owned=$true |
I'd like to use Graph to make it so that ServicePrincipal1 simply isn't in scope for this assignment anymore. I don't want to flip the boolean from $true to $false, just make it so that ServicePrincipal1 isn't assigned to the set.
There is various documentation available for removing multi-valued attributes or string values, but nothing that I can find for boolean and those same methods don't appear to work.
Any assistance would be appreciated.
$params = @{
customSecurityAttributes = @{
Owned = @{
"@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue"
Owned = $true
}
}
}
Update-MgServicePrincipal -ServicePrincipalId $appid -BodyParameter $params
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Try setting the value to null:
Be aware that this effectively removes the specified attribute, or even the set if it does not contain any additional CSA assignments for said user.
Thanks Vasil.
Using Postman, i'm getting an error indicating "invalid property" as null isn't recognized as boolean. When running in Powershell I get a message that either "null" isn't recognized as a command and that $null isn't supported boolean.
I'm wondering if because I selected boolean type there isn't a programmatic way to remove this...Running against a string this appears to work fine.
The example above is for Bool attribute, I have no trouble nulling its value via PowerShell either:
Make sure you are sending an actual null value (use Invoke-MgGraphRequest as needed).