Powershell-New-AzureRmADServicePrincipal-获取秘密属性不起作用吗? [英] Powershell - New-AzureRmADServicePrincipal - getting secret property doesn't work?
问题描述
当我尝试在下面运行代码
$ ServicePrincipalName ="MY SPN名称"$ ScopeSubscriptionId =订阅ID"$ AzureAdApplication = New-AzADApplication -DisplayName $ ServicePrincipalName-主页"https://$ServicePrincipalName.local" -IdentifierUris"https://$ServicePrincipalName.com" -ErrorAction停止$ sp = New-AzADServicePrincipal -ApplicationId $ AzureAdApplication.ApplicationId -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction Stop
我无法从"$ sp"对象中检索秘密属性.我完全知道这是秘密字符串,应该这样访问:
$ BSTR = [System.Runtime.InteropServices.Marshal] :: SecureStringToBSTR($ sp.Secret)$ UnsecureSecret = [System.Runtime.InteropServices.Marshal] :: PtrToStringAuto($ BSTR)
当我从第二行删除ApplicationId参数时,一切正常.
$ sp = New-AzADServicePrincipal -DisplayName $ ServicePrincipalName -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction停止
有什么想法为什么会这样?尽管我观察到这种行为发生在最后几天.
由于使用以下两个命令时,它不会自动为您创建秘密.
$ AzureAdApplication = New-AzADApplication -DisplayName $ ServicePrincipalName-主页"https://$ServicePrincipalName.local" -IdentifierUris"https://$ServicePrincipalName.com" -ErrorAction停止$ sp = New-AzADServicePrincipal -ApplicationId $ AzureAdApplication.ApplicationId -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction Stop
您也可以在门户网站中对其进行检查:
使用不带 -ApplicationId
的命令创建服务主体时,它将创建服务主体以及AD App(应用程序注册),并且还将自动为您创建秘密
$ sp = New-AzADServicePrincipal -DisplayName $ ServicePrincipalName -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction停止
在门户中对其进行检查:
如果要将命令与 -ApplicationId
一起使用,则可以手动为AD App创建密钥,也可以使用
此外,如果您只想生成密钥的随机值,则需要使用链接.
When i trying to run code below
$ServicePrincipalName = "MY SPN name"
$ScopeSubscriptionId = "Subscription ID"
$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com" -ErrorAction Stop
$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop
I'am unable to retrive secret property from "$sp" object. I totaly know that it's secret string and should be accesed like this:
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
When I delete ApplicationId parameter from second line, everything works correctly.
$sp = New-AzADServicePrincipal -DisplayName $ServicePrincipalName -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop
Any ideas why it works like this? Although I observed that this behavior occurred on last days.
Because when you use the two commands below, it will not create the secret for you automatically.
$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com" -ErrorAction Stop
$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop
You could also check it in the portal:
When you use the command without -ApplicationId
to create the service principal, it will create a service principal along with an AD App(App registration), and it will also create a secret for you automatically.
$sp = New-AzADServicePrincipal -DisplayName $ServicePrincipalName -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop
Check it in the portal:
If you want to use the command with -ApplicationId
, you could create a secret for your AD App manually, you could use New-AzADAppCredential
, you can set the secret value yourself, in my sample, the secret is password01!
.
$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com"
$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId
$SecureStringPassword = ConvertTo-SecureString -String "password01!" -AsPlainText -Force
New-AzADAppCredential -ApplicationId $AzureAdApplication.ApplicationId -Password $SecureStringPassword -EndDate (Get-Date).AddYears(1)
Besides, if you just want to generate the random value for the secret, you need to use New-AzureADApplicationPasswordCredential
in AzureAD
module, see this link.
这篇关于Powershell-New-AzureRmADServicePrincipal-获取秘密属性不起作用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!