在Powershell上使用Azure Active Directory进行身份验证 [英] Authenticating with Azure Active Directory on powershell
问题描述
我正在尝试探索 Azure Active Directory V2 PowerShell模块
我有一个Azure帐户,并且已经建立了一个具有多个用户的Active Directory.
I have an Azure Account, and I have set up an Active Directory with multiple users.
我的第一个目标很简单:向我显示用户列表.
My first goal is simple: show me the list of users.
所以我输入:
Connect-AzureAD
出现一个对话框,然后输入我的用户帐户和密码.返回类型为Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext的对象.
I am presented with a dialog and type in my user account and password. It returns on object of type Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext.
然后我输入
Get-AzureADUser
错误是:
Get-AzureADUser:执行GetUsers时发生错误
Get-AzureADUser : Error occurred while executing GetUsers
代码:Authentication_Unauthorized
Code: Authentication_Unauthorized
消息:找不到用户
HttpStatusCode:禁止
HttpStatusCode: Forbidden
我仍然能够使用Azure RM Powershell模块列出用户.以下代码有效:
I am still able to list the users using the Azure RM Powershell module. The following code works:
Add-AzureRmAccount
Get-AzureRmADUser
我该怎么做才能使Get-AzureADUser正常工作?
What do I do to get Get-AzureADUser to work?
推荐答案
cmdlet Connect-AzureAD建立与ADD domian的连接,成功登录后将显示确认:
The cmdlet Connect-AzureAD establishes connection to ADD domian, after we login successed a confirmation will display:
PS C:\windows\system32> connect-azuread
Account Environment Tenant
------- ----------- ------
jasontest1@xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
可以使用此cmdlet Get-AzureADDomain断开连接,如果用户连接到他具有管理特权的AAD域,则将显示有关该域的信息:
The connection can be vaildated with this cmdlet Get-AzureADDomain, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:
PS C:\windows\system32> get-azureaddomain
Name AvailabilityStatus AuthenticationType
---- ------------------ ------------------
hcl.com Managed
msgamestudios.com Managed
foobar.local Managed
multimap.com Managed
skypestaytogether.com Managed
insightsquarterly.com.au Managed
calanit.onmicrosoft.com Federated
msft.ccsctp.net Managed
ruffiangames.com Managed
xn--m1bg0b0byewac1j8b.com Managed
VoicesforInnovation.org Managed
shaanximic.com Managed
www.yunnanmic.com Managed
wsmbela.pss.com Managed
fornax.off Managed
api.staging.yammer.com Managed
codenauts.net Managed
acompli.com Managed
testdomains.co Managed
microsoft.hr Managed
Bayportali.mmdservice.com Managed
contoso.com Managed
api.swrepository.com Managed
Equivio.com Managed
sunshine.am Managed
microsoftaffiliates.com Managed
如果用户没有没有管理员权限,我们将得到与您相同的错误.
If user has no admin privileges, we will get the error same as you.
Get-AzureADDomain : Error occurred while executing GetDomains
Code: Authentication_Unauthorized
Message: User was not found
HttpStatusCode: Forbidden
原因是, cmdlet GetAzureADDomian没有指定租户,因此已建立与用户没有管理员权限的domian的连接.
为确保连接到预期的AAD domian,必须在对Connect-AzureAD cmdlet的调用中指定承租人ID .
To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD cmdlet.
PS C:\windows\system32> Connect-AzureAD -TenantId
这篇关于在Powershell上使用Azure Active Directory进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
