Powershell-New-AzureRmADServicePrincipal-获取秘密属性不起作用吗? [英] Powershell - New-AzureRmADServicePrincipal - getting secret property doesn't work?

查看:29
本文介绍了Powershell-New-AzureRmADServicePrincipal-获取秘密属性不起作用吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当我尝试在下面运行代码

  $ ServicePrincipalName ="MY SPN名称"$ ScopeSubscriptionId =订阅ID"$ AzureAdApplication = New-AzADApplication -DisplayName $ ServicePrincipalName-主页"https://$ServicePrincipalName.local" -IdentifierUris"https://$ServicePrincipalName.com" -ErrorAction停止$ sp = New-AzADServicePrincipal -ApplicationId $ AzureAdApplication.ApplicationId -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction Stop

我无法从"$ sp"对象中检索秘密属性.我完全知道这是秘密字符串,应该这样访问:

  $ BSTR = [System.Runtime.InteropServices.Marshal] :: SecureStringToBSTR($ sp.Secret)$ UnsecureSecret = [System.Runtime.InteropServices.Marshal] :: PtrToStringAuto($ BSTR)

当我从第二行删除ApplicationId参数时,一切正常.

  $ sp = New-AzADServicePrincipal -DisplayName $ ServicePrincipalName -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction停止

有什么想法为什么会这样?尽管我观察到这种行为发生在最后几天.

解决方案

由于使用以下两个命令时,它不会自动为您创建秘密.

  $ AzureAdApplication = New-AzADApplication -DisplayName $ ServicePrincipalName-主页"https://$ServicePrincipalName.local" -IdentifierUris"https://$ServicePrincipalName.com" -ErrorAction停止$ sp = New-AzADServicePrincipal -ApplicationId $ AzureAdApplication.ApplicationId -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction Stop

您也可以在门户网站中对其进行检查:

使用不带 -ApplicationId 的命令创建服务主体时,它将创建服务主体以及AD App(应用程序注册),并且还将自动为您创建秘密

  $ sp = New-AzADServicePrincipal -DisplayName $ ServicePrincipalName -Scope/subscriptions/$ ScopeSubscriptionId -ErrorAction停止

在门户中对其进行检查:

如果要将命令与 -ApplicationId 一起使用,则可以手动为AD App创建密钥,也可以使用

此外,如果您只想生成密钥的随机值,则需要使用链接.

When i trying to run code below

$ServicePrincipalName = "MY SPN name"
$ScopeSubscriptionId = "Subscription ID"

$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com" -ErrorAction Stop

$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop

I'am unable to retrive secret property from "$sp" object. I totaly know that it's secret string and should be accesed like this:

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

When I delete ApplicationId parameter from second line, everything works correctly. 

$sp = New-AzADServicePrincipal -DisplayName $ServicePrincipalName -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop

Any ideas why it works like this? Although I observed that this behavior occurred on last days.

解决方案

Because when you use the two commands below, it will not create the secret for you automatically.

$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com" -ErrorAction Stop    
$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop

You could also check it in the portal:

When you use the command without -ApplicationId to create the service principal, it will create a service principal along with an AD App(App registration), and it will also create a secret for you automatically.

$sp = New-AzADServicePrincipal -DisplayName $ServicePrincipalName -Scope /subscriptions/$ScopeSubscriptionId -ErrorAction Stop

Check it in the portal:

If you want to use the command with -ApplicationId, you could create a secret for your AD App manually, you could use New-AzADAppCredential, you can set the secret value yourself, in my sample, the secret is password01!.

$AzureAdApplication = New-AzADApplication -DisplayName $ServicePrincipalName -HomePage "https://$ServicePrincipalName.local" -IdentifierUris "https://$ServicePrincipalName.com"
$sp = New-AzADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId -Scope /subscriptions/$ScopeSubscriptionId 

$SecureStringPassword = ConvertTo-SecureString -String "password01!" -AsPlainText -Force
New-AzADAppCredential -ApplicationId $AzureAdApplication.ApplicationId -Password $SecureStringPassword -EndDate (Get-Date).AddYears(1)

Besides, if you just want to generate the random value for the secret, you need to use New-AzureADApplicationPasswordCredential in AzureAD module, see this link.

这篇关于Powershell-New-AzureRmADServicePrincipal-获取秘密属性不起作用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆