Azure自动化-由Get-PSAutomationCredential提供的凭据不能与Add-AzureAccount一起使用? [英] Azure automation - credentials delivered by Get-PSAutomationCredential don't work with Add-AzureAccount?

问题描述

我正在修改画廊运行手册，该手册将实时数据库按计划复制到测试数据库.第一步失败了.验证和选择相关的天蓝色订阅

I'm modifying a gallery runbook that copies a live database to a test database on a schedule. It's failing at the first hurdle; authenticating and selecting the relevatn azure subscription

Runbook看起来像这样:

The runbook looks like this:

$Cred = Get-AutomationPSCredential -Name 'automationCredential'

Write-Output "UN: $($Cred.Username)"

Add-AzureAccount -Credential $Cred

我已经使用了门户网站凭证刀片来创建名为"automationCredential"的凭证.对于用户名和密码，我提供了用于登录到Azure门户的用户名/密码.注意:这不是学校/工作的Microsoft帐户，而是个人帐户

I've used the portal credentials blade to create a credential named "automationCredential". For the username and password I supplied the username/pw that I log into the azure portal with. Note: this is NOT a school/work microsoft account, but a personal one

我可以告诉对Get-PSAutomationCredential的调用正在解决，因为Write-Ouput调用显示正确的值

I can tell the call to Get-PSAutomationCredential is working out, because the Write-Ouput call shows the correct value

Add-AzureAccount但是会出现以下错误:

Add-AzureAccount however, delivers the following error:

Add-AzureAccount : unknown_user_type: Unknown User Type At
Set-DailyDatabaseRestore:22 char:22 CategoryInfo          :
CloseError: (:) [Add-AzureAccount], AadAuthenticationFailedException
FullyQualifiedErrorId :
Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount

任何指针如何获得工作证书?

Any pointers how to get a working credential?

推荐答案

根据您的描述，您的帐户似乎是Microsoft帐户(例如*@outlook.com，* @ hotmail.com). Microsoft不支持非交互式登录.使用您的帐户直接登录订阅也是不安全的.对于Runbook，可以使用以下代码登录.

According to your description, it seems that your account is a Microsoft account(such as *@outlook.com, *@hotmail.com). Microsoft does not support non-interactive login. It is also unsafe for you to use your account to login your subscription directly. For a runbook, you could use the following codes to logon.

$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         

    "Logging in to Azure..."
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}

在上面的代码中，您需要使用连接AzureRunAsConnection，它是Azure默认创建的，可以直接使用它，可以检查此连接，其中包括您的订阅信息.

In above code, you need use connection AzureRunAsConnection, it is created by Azure default, you could use it directly, you could check this connection, it includes your subscription information.

此外，您可以创建一个新的连接，请参考此链接.

Also, you could create a new connection, please refer to this link.

这篇关于Azure自动化-由Get-PSAutomationCredential提供的凭据不能与Add-AzureAccount一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！