mayrund/Add-AppRolesToUserOrGroup.ps1

## Add-AppRolesToUserOrGroup.ps1
# Parameters
$tenantId = "<tenant-id>"
$userOrGroupOId = "<user-or-group-id>"
$appRegistrationName = "<app-registration-name>"

# Connect to Azure AD using the specified tenant ID
Connect-AzureAD -TenantId $tenantId > Out-Null

# Retrieve the Azure AD application with the specified display name
$application = Get-AzureADApplication -All $true | Where-Object {$_.DisplayName -eq $appRegistrationName}

# Obtain the object ID of the application
$appRegistrationObjectId = $application.ObjectId
Write-Host ("Application registration object id is {0}" -f $appRegistrationObjectId)

# Retrieve the enterprise application associated with the application ID
$enterpriseApplication = Get-AzureADServicePrincipal -Filter "appId eq '$($application.AppId)'"
Write-Host ("Enterprise application object id is {0}" -f $enterpriseApplication.ObjectId)

# Retrieve the app roles associated with the application
$roles = (Get-AzureADApplication -ObjectId $appRegistrationObjectId).AppRoles

Write-Host ("Found {0} roles" -f $roles.Count)
foreach ($role in $roles) {
    $roleAssignmentParams = @{
        ObjectId     = $enterpriseApplication.ObjectId
        PrincipalId  = $userOrGroupOId
        ResourceId   = $enterpriseApplication.ObjectId
        Id           = $role.Id
    }
    Write-Host "Adding role" $role.Value
    try {
        New-AzureADServiceAppRoleAssignment @roleAssignmentParams
    }
    catch {
        $errorMessage = $_.Exception.Message
        $duplicatePermissionError = "Permission being assigned already exists on the object"
        if ($errorMessage -like "*$duplicatePermissionError*") {
            Write-Host "An error occurred: $duplicatePermissionError"
        } else {
            Write-Host "An error occurred: $errorMessage"
        }
        $errorOccurred = $true
    }
}
if ($errorOccurred) {
    Write-Host "Errors occurred. Please check above."
} else {
    Write-Host "Roles have been added to the user/group successfully."
}
	# Parameters
	$tenantId = "<tenant-id>"
	$userOrGroupOId = "<user-or-group-id>"
	$appRegistrationName = "<app-registration-name>"

	# Connect to Azure AD using the specified tenant ID
	Connect-AzureAD -TenantId $tenantId > Out-Null

	# Retrieve the Azure AD application with the specified display name
	$application = Get-AzureADApplication -All $true \| Where-Object {$_.DisplayName -eq $appRegistrationName}

	# Obtain the object ID of the application
	$appRegistrationObjectId = $application.ObjectId
	Write-Host ("Application registration object id is {0}" -f $appRegistrationObjectId)

	# Retrieve the enterprise application associated with the application ID
	$enterpriseApplication = Get-AzureADServicePrincipal -Filter "appId eq '$($application.AppId)'"
	Write-Host ("Enterprise application object id is {0}" -f $enterpriseApplication.ObjectId)

	# Retrieve the app roles associated with the application
	$roles = (Get-AzureADApplication -ObjectId $appRegistrationObjectId).AppRoles

	Write-Host ("Found {0} roles" -f $roles.Count)
	foreach ($role in $roles) {
	$roleAssignmentParams = @{
	ObjectId = $enterpriseApplication.ObjectId
	PrincipalId = $userOrGroupOId
	ResourceId = $enterpriseApplication.ObjectId
	Id = $role.Id
	}
	Write-Host "Adding role" $role.Value
	try {
	New-AzureADServiceAppRoleAssignment @roleAssignmentParams
	}
	catch {
	$errorMessage = $_.Exception.Message
	$duplicatePermissionError = "Permission being assigned already exists on the object"
	if ($errorMessage -like "$duplicatePermissionError") {
	Write-Host "An error occurred: $duplicatePermissionError"
	} else {
	Write-Host "An error occurred: $errorMessage"
	}
	$errorOccurred = $true
	}
	}
	if ($errorOccurred) {
	Write-Host "Errors occurred. Please check above."
	} else {
	Write-Host "Roles have been added to the user/group successfully."
	}