在 Powershell 上使用 Azure Active Directory 进行身份验证 [英] Authenticating with Azure Active Directory on powershell
问题描述
我正在尝试探索 Azure Active Directory V2 PowerShell 模块
我有一个 Azure 帐户,并且我设置了一个包含多个用户的 Active Directory.
I have an Azure Account, and I have set up an Active Directory with multiple users.
我的第一个目标很简单:显示用户列表.
My first goal is simple: show me the list of users.
所以我输入:
Connect-AzureAD
我会看到一个对话框并输入我的用户帐户和密码.它返回 Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext 类型的对象.
I am presented with a dialog and type in my user account and password. It returns on object of type Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext.
然后我输入
Get-AzureADUser
错误是:
Get-AzureADUser : 执行 GetUsers 时出错
Get-AzureADUser : Error occurred while executing GetUsers
代码:Authentication_Unauthorized
Code: Authentication_Unauthorized
消息:未找到用户
HttpStatusCode:禁止
HttpStatusCode: Forbidden
我仍然能够列出使用 Azure RM Powershell 模块的用户.以下代码有效:
I am still able to list the users using the Azure RM Powershell module. The following code works:
Add-AzureRmAccount
Get-AzureRmADUser
<小时>
我该怎么做才能让 Get-AzureADUser 工作?
推荐答案
Connect-AzureAD cmdlet 建立与ADD domian 的连接,登录成功后会显示:
The cmdlet Connect-AzureAD establishes connection to ADD domian, after we login successed a confirmation will display:
PS C:windowssystem32> connect-azuread
Account Environment Tenant
------- ----------- ------
jasontest1@xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
可以使用此 cmdlet Get-AzureADDomain 验证连接,如果用户连接到 AAD 域,在该域中他具有管理 权限 - 有关域的信息将显示:
The connection can be vaildated with this cmdlet Get-AzureADDomain, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:
PS C:windowssystem32> get-azureaddomain
Name AvailabilityStatus AuthenticationType
---- ------------------ ------------------
hcl.com Managed
msgamestudios.com Managed
foobar.local Managed
multimap.com Managed
skypestaytogether.com Managed
insightsquarterly.com.au Managed
calanit.onmicrosoft.com Federated
msft.ccsctp.net Managed
ruffiangames.com Managed
xn--m1bg0b0byewac1j8b.com Managed
VoicesforInnovation.org Managed
shaanximic.com Managed
www.yunnanmic.com Managed
wsmbela.pss.com Managed
fornax.off Managed
api.staging.yammer.com Managed
codenauts.net Managed
acompli.com Managed
testdomains.co Managed
microsoft.hr Managed
Bayportali.mmdservice.com Managed
contoso.com Managed
api.swrepository.com Managed
Equivio.com Managed
sunshine.am Managed
microsoftaffiliates.com Managed
如果用户有没有管理员权限,我们会得到和你一样的错误.
If user has no admin privileges, we will get the error same as you.
Get-AzureADDomain : Error occurred while executing GetDomains
Code: Authentication_Unauthorized
Message: User was not found
HttpStatusCode: Forbidden
原因是,GetAzureADDomian cmdlet 没有指定租户,因此与用户没有管理员权限的域建立了连接.
为确保连接到预期的 AAD 域,必须在调用 Connect-AzureAD cmdlet 时指定租户 ID.
To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD cmdlet.
PS C:windowssystem32> Connect-AzureAD -TenantId
这篇关于在 Powershell 上使用 Azure Active Directory 进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
