Azure自动化-由Get-PSAutomationCredential提供的凭据不能与Add-AzureAccount一起使用? [英] Azure automation - credentials delivered by Get-PSAutomationCredential don't work with Add-AzureAccount?
问题描述
我正在修改画廊运行手册,该手册将实时数据库按计划复制到测试数据库.第一步失败了.验证和选择相关的天蓝色订阅
I'm modifying a gallery runbook that copies a live database to a test database on a schedule. It's failing at the first hurdle; authenticating and selecting the relevatn azure subscription
Runbook看起来像这样:
The runbook looks like this:
$Cred = Get-AutomationPSCredential -Name 'automationCredential'
Write-Output "UN: $($Cred.Username)"
Add-AzureAccount -Credential $Cred
我已经使用了门户网站凭证刀片来创建名为"automationCredential"的凭证.对于用户名和密码,我提供了用于登录到Azure门户的用户名/密码.注意:这不是学校/工作的Microsoft帐户,而是个人帐户
I've used the portal credentials blade to create a credential named "automationCredential". For the username and password I supplied the username/pw that I log into the azure portal with. Note: this is NOT a school/work microsoft account, but a personal one
我可以告诉对Get-PSAutomationCredential的调用正在解决,因为Write-Ouput
调用显示正确的值
I can tell the call to Get-PSAutomationCredential is working out, because the Write-Ouput
call shows the correct value
Add-AzureAccount但是会出现以下错误:
Add-AzureAccount however, delivers the following error:
Add-AzureAccount : unknown_user_type: Unknown User Type At
Set-DailyDatabaseRestore:22 char:22 CategoryInfo :
CloseError: (:) [Add-AzureAccount], AadAuthenticationFailedException
FullyQualifiedErrorId :
Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount
任何指针如何获得工作证书?
Any pointers how to get a working credential?
推荐答案
根据您的描述,您的帐户似乎是Microsoft帐户(例如*@outlook.com,* @ hotmail.com). Microsoft不支持非交互式登录.使用您的帐户直接登录订阅也是不安全的.对于Runbook,可以使用以下代码登录.
According to your description, it seems that your account is a Microsoft account(such as *@outlook.com, *@hotmail.com). Microsoft does not support non-interactive login. It is also unsafe for you to use your account to login your subscription directly. For a runbook, you could use the following codes to logon.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
在上面的代码中,您需要使用连接AzureRunAsConnection
,它是Azure默认创建的,可以直接使用它,可以检查此连接,其中包括您的订阅信息.
In above code, you need use connection AzureRunAsConnection
, it is created by Azure default, you could use it directly, you could check this connection, it includes your subscription information.
此外,您可以创建一个新的连接,请参考此链接.
Also, you could create a new connection, please refer to this link.
这篇关于Azure自动化-由Get-PSAutomationCredential提供的凭据不能与Add-AzureAccount一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!