Move all Microsoft Entra application proxy apps assigned to a connector group to another connector group
The PowerShell script example moves all Microsoft Entra application proxy applications currently assigned to a connector group to a different connector group.
If you don't have an Azure subscription, create an Azure free account before you begin.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
The sample requires the Microsoft Graph Beta PowerShell module 2.10 or newer.
Sample script
# This sample script moves all Microsoft Entra application proxy applications assigned to a specific connector group to another connector group.
#
# .\move-all-apps-to-a-connector-group.ps1 -CurrentConnectorGroupId <ObjectId of the current connector group> -NewConnectorGroupId <ObjectId of the new connector group>
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) or beyond and one of the following modules:
#
# Microsoft.Graph.Beta ver 2.10 or newer
#
# Before you begin:
#
# Required Microsoft Entra role: Global Administrator or Application Administrator
# or appropriate custom permissions as documented https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-app-permissions
#
#
param(
[parameter(Mandatory=$true)]
[string] $CurrentConnectorGroupId = "null",
[parameter(Mandatory=$true)]
[string] $NewConnectorGroupId = "null"
)
$currentGroupId = $CurrentConnectorGroupId
$newGroupId = $NewConnectorGroupId
$connectorAssignedApp = $null
If (($currentGroupId -eq "null") -or ($newGroupId -eq "null")) {
Write-Host "Parameter is missing." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Write-Host ".\move-all-apps-to-a-connector-group.ps1 -CurrentConnectorGroupId <ObjectId of the current connector group> -NewConnectorGroupId <ObjectId of the new connector group>" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Exit
}
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scope Directory.ReadWrite.All -NoWelcome
Try {
$temp = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $currentGroupId
$temp = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $newGroupId
}
Catch {
Write-Host "Possibly, one of the parameters is incorrect." -BackgroundColor "Black" -ForegroundColor "Red"
Write-Host " "
Exit
}
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapServPrinc = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
Write-Host "Displaying Microsoft Entra application proxy applications moved from the connector Id :",$currentGroupId," to: ",$newGroupId -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
$connectorAssignedApp = Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $CurrentConnectorGroupId;
$movedApps, $notmovedApps = 0, 0
foreach ($item in $connectorAssignedApp) {
if ($item.AppId -in ($aadapServPrinc.AppId)) {
$item.DisplayName + " (AppId: " + $item.AppId + ")"
$params = @{
"@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/$NewConnectorGroupId"
}
Set-MgBetaApplicationConnectorGroupByRef -ApplicationId $item.Id -BodyParameter $params
$movedApps = $movedApps + 1
}
else
{
$notmovedApps = $notmovedApps + 1
}
}
Write-Host ("")
Write-Host ("$movedApps apps has been moved to the new connector.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("$notmovedApps apps could not be moved to the new connector. Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("")
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."
Write-Host ("")
Script explanation
| Command | Notes |
|---|---|
| Connect-MgGraph | Connects to Microsoft Graph |
| Get-MgBetaServicePrincipal | Gets a service principal |
| Get-MgBetaOnPremisePublishingProfileConnectorGroup | Gets an Enterprise Application |
| Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication | Lists applications assigned to a connector group |
| Set-MgBetaApplicationConnectorGroupByRef | Assigns an application to the connector group |
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for