Hi All. I’ve tried searching but haven’t found any hits based on the search queries I’ve given, so i’ll try posting instead. I’ve been tasked with writing a script that can be run from a Jamf Self Service action to add users to a specific Azure AD group. My script should work, but seems to be failing. I’m getting a repeated error HTTP Error 411. The request must be chunked or have a content length. even when passing a flag to chunk it. I’m not great at API, and Azure API is new to me. Anyone out there have experience with that? I can share my script, but wanted to make sure I’m not trying to do the impossible first.
#!/bin/sh
# Add a user to an Azure AD group.sh
#
#
# Created by Ed on 2/28/23.
#
## Read the KerberosSSO plist to get shortname of signed in user
plistLoc="/Users/Shared/.KerberosSSO/"
plistName="com.apple.KerberosSSO.attributes.plist"
valueName="user_name"
foundItem=$(defaults read ${plistLoc}${plistName} ${valueName} | /usr/bin/awk -F '@' '{print $1}')
email=$foundItem@company.com
echo "$email"
## Get Access token for Graph API
Auth_token=$(/usr/bin/curl --location --request POST 'https://login.microsoftonline.com/ourdomain' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=123456789-987654321' --data-urlencode 'client_secret=pretty-fancy-password' --data-urlencode 'scope=https://graph.microsoft.com/GroupMember.ReadWrite.All https://graph.microsoft.com/User.Read.All ' --data-urlencode 'username=secretserviceaccount@company.com ' --data-urlencode 'password=WhyDoYouWantMyPassword123? ')
## Get Current Group Members and then add them to the group
/usr/bin/curl --location --request GET 'https://graph.microsoft.com/v1.0/groups/123456789-987654321/members?$select=userPrincipalName' --header 'Transfer-Encoding: chunked' --header 'Content-Type: application/json' --header "Authorization: Bearer $Auth_token"
## Add found user to group
/usr/bin/curl --location --request POST 'https://graph.microsoft.com/v1.0/groups/123456789-987654321/members/$ref' --header 'Content-Type: application/json' --header "Authorization: Bearer $Auth_token"
--data-raw '{
"@odata.id": "https://graph.microsoft.com/v1.0/users/$email"
}'