I am trying to run following cmdlet- Set-UnifiedGroup but it is not available in ExchangePowerShell 0.11.0
Is there a way to import it to Automation Account module in different way?
If this cmdldet is not available, any tip on changing group email from Azure Automation?
Related
I need to write PowerShell script for AzureDevOps pipeline which will export solution from Dynamics organization (online version). Also it's important to use 'Service Principal/client secret (supports MFA)' auth type.
I have found some examples, https://d365dotblog.com/2020/05/04/powershell-scripts-to-export-and-import-the-dynamics-365-ce-solution/ - it is one of them, but it doesnt work inside pipeline and has another type of auth.
I am newbie in PowerShell and dont know how to write script by myself. Also I haven't found info about my question in the internet. Can you give me example?
Example, I want to Offboard Tiger from Azure Develops Organization BigZoo (Tiger has 3 Azure organization, BigZoo, SmallZoo, middleZoo--I only want to remove tiger from BigZoo)
Use this Azure CLI in the Azure Cloudshell Powershell will be working
az devops user remove --user tiger
[--org BigZoo]
[--yes]
But it does not work in Azure function-->Azure function use PowerShell environment--> CloudPowerShell can read AzureCLi but Powershell In AzureFunction cannot read anything related with Az
So, if I only want use powershell without any help from Azure CLI, there are some module but all imported module is remove user from all Organizations--> Not remove user from specific organization
Any suggestion? Remove user from specific AzureDevops Organization. Using API seems too complex . Any good idea?
Thanks
I've not tried this but there is the VSTeam powershell module in the PowerShell gallery which wraps the Azure Devops API.
This has a function called: Remove-VSTeamUserEntitlement
Docs here:
https://methodsandpractices.github.io/vsteam-docs/docs/modules/vsteam/commands/Remove-VSTeamUserEntitlement
Module here:
https://www.powershellgallery.com/packages/VSTeam/
Add the module to the Requirements.psd1 file of your azure functions project and you should be able to utilise it.
I have a VSTS release pipeline which provisions a new function app with a Managed Service Identity. My solution includes a shared key vault instance for my app secrets. Key vault allows a maximum of 16 access control entries so I've taken the approach of creating an Azure AD group for applications which I will add application service principals to. All straight forward and workable in PowerShell locally, but I'm not able to figure out a way to do this using hosted build servers in the VSTS release pipeline and a Run Powershell In Azure release task.
The Azure CLI is at version 1.X on the Hosted build server and 2.x on the Hosted 2017 build server
* 1.x doesn't appear to offer AD group manipulation or graph API access
* 2.x does offer az ad group member add but the hosted 2017 build has a problem with New-AzureStorageTable which is used elsewhere in my pipeline, so I can't use it
Similarly, the Azure RM powershell module on the Hosted build server is very old and doesn't appear to support group membership manipulation. The version on the Hosted 2017 server (which I can't use) has commands like Get-AzureRmADGroup but nothing to add a user to that group.
The cmdlet Add-AzureADGroupMember, available in the AAD powershell would be a nice solution, but it's not available on either the Hosted or Hosted 2017 build servers.
I've considered both automation runbooks and direct HTTPS posts to the graph API using the OAuth token available in the release pipeline, but want to stay with PowerShell to keep the number of technologies in my release pipeline as small as possible. I'd also prefer to avoid storing credentials in a secured manner for use in a PowerShell command like Login-AzureRmAccount and rely on the identity of the Service Endpoint I defined for my release pipeline.
Suggestions appreciated.
Since the Hosted agent can’t meet your requirements, you can configure a private build agent (it’s free) on your machine: Deploy an agent on Windows.
Regarding Add-AzureADGroupMember cmdlet, you can install it by calling Install-Module -Name AzureAD through Azure PowerShell task, which works fine on Hosted agent.
Script:
Install-PackageProvider -Name NuGet -Force -Scope CurrentUser
Install-Module -Name AzureAD -Force -Verbose -Scope CurrentUser
I have been trying to install the Azure Active Directory Module for Windows for Powershell. So far I have not been able to find a combination of the Sign-In Assistant and Powershell module versions that allows me to create a connection in a Powershell session. My measure for success has been to run the Connect-MsolService cmdlet to create such a connection. I have tried it both from the command line and in a script. The (few) forum and blogs posts that reference this functionality have been very contradictory.
I am using the same credentials that I use to log into manage.windowsazure.com.
As to the specifics I have the following configuration:
Windows Server 2012R2
Powershell version 4.0 ($PSVersionTable.PSVersion)
Microsoft Online Services Sign-In Assistant version 7.250.4556.0
Windows Azure Active Directory Module for Windows Azure version
1.0.8362. The version number is based on the command (get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
My questions are as follows:
What versions work on Windows Server 2012R2?
Is there a specific .Net version that I might be missing?
Am I looking at it wrong? For example is the cmdlet
Connect-MsolService not the metric to be using? Is there another way
that I might verify that I have a connection?
My understanding is that the Powershell cmdlets, as well as all the other methods for managing Azure, are based on the REST API's. Would that be a better way to go? Of course I would not be able to dynamically enter commands, but I would be able to validate credentials etc.
Are you trying to authenicate with an MSA account? Try connecting with a Global Admin AAD account (eg. globaladminuser#tenant.onmicrosoft.com).
I would like to schedule stop/start Azure virtual machines with an Azure automation runbook.
This is what I've done so far. Created new automation runbook from gallery in Azure management portal. Chose 'Stop Windows Azure Virtual Machines on a Schedule' from 'VM Lifecycle Management' (it's this script). Runbook created, went to Author page of this runbook and pressed test. Provided the necessary parameters. Then several errors appeared on the output, starting with this:
1/21/2015 9:15:26 AM, Error: New-ScheduledTaskTrigger : The term 'New-ScheduledTaskTrigger' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At Stop-AzureVMsOnSchedule:41 char:41
Why this cmdlet cannot be found? I tried to upload the ScheduledTasks module in assets menu from my machine (c:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks) but it complained about that the format is invalid.
Could you give me a hint why this script is not working or do you know an alternative what to use for scheduling tasks in an automation runbook?
"Stop Windows Azure Virtual Machines on a Schedule" is an Azure PowerShell script not designed to work as a runbook in Azure Automation. You can see that when you attempt to import it from gallery:
I recommend instead you import the runbook for stopping VMs created by jeffbow. By hooking this runbook up to an Azure Automation schedule asset you will be able to schedule shutting down your Azure VMs:
This script needs to be edited to work in Azure Automation.
New-ScheduledTaskTrigger does not work in Azure Automation environment.
To schedule Automation runbook, use New-AzureAutomationSchedule
Details at https://msdn.microsoft.com/en-us/library/dn690271.aspx