Trying to list all the certificates in my account.
When using Get-AzureCertificate, it complains I need to select default subscription with Select-AzureSubscription.
But no subscription can be selected with Select-AzureSubscription,
I can only select subscription with Select-AzureRmSubscription. But this Get-AzureCertificate needs Select-AzureSubscription.
How do I list all certificates in my Azure with PowerShell?
Did you log in to an ASM subscription? Looks like you have logged in using Add-AzureRMAccount or Login-AzureRMAccount. Use Add-AzureAccount instead.
Related
I need to select my Azure Subscription in Azure PowerShell.
I copy/paste the Subscription ID (to ensure no typos) from the Azure Management Portal, it's a hex-string:
When I run:
Select-AzureSubscription -SubscriptionId '0300...'
I get an error message:
Select-AzureSubscription : The subscription id 0300... doesn't exist.
I know my subscription ID is correctly copied from the settings in Azure Management Portal, I even did a BeyondCompare to make sure.
I'm wondering about security... am I missing something? Do I need to somehow provide my Azure credentials? It wouldn't make sense to just allow anyone to select any Azure subscription, unless the Subscription ID is supposed to be super-secret, like an SSN.
You need to log on to your Azure account first:
To start working with the Azure Service Management cmdlets, first log
on to your Azure account. To log on to your account, run the following
command:
Add-AzureAccount
After logging into Azure, Azure PowerShell creates a context for the
given session. That context contains the Azure PowerShell environment,
account, tenant, and subscription that will be used for all cmdlets
within that session. Now you are ready to use the modules below.
Source: https://learn.microsoft.com/en-us/powershell/azure/install-azure-ps?view=azuresmps-3.7.0
My Azure account having one subscription is added as a contributor to another Azure account. Using Login-AzureRmAccount in PowerShell, I login to my account and Get-AzureSubscription returns only my own subscription. On the Azure portal, I can switch between these two subscriptions and create/remove resources on the other subscription.
I have checked Select-AzureSubscription, and it can be used in case Get-AzureSubscription returns multiple accounts to choose among them.
I also do not have the credentials of the other account to login manually.
Is there any way to access my contributor-role subscription in PowerShell and run Azure scripts on it?
"Contributor" is an RBAC (Role based access control) role, so you have access to the subscription throught Azure Resource Manager.
To find this subscription in PowerShell, you can use the Get-AzureRmSubscription cmdlet instead of Get-AzureSubscription. Then you can use the cmdlet Select-AzureRmSubscription to select the subscription instead of Select-AzureSubscription.
I am trying to login to Azure AD using PowerShell with a co-administrator account. I use Connect-MsolService and I get in but I can't see any subscriptions when I use Get-AzureSubscription. At the same time, I can login in the portal (both old and new) using that account and I see it there. The issue is I need to do some things that both portals do not let me do.
Is there an issue if I created the subscription using a Microsoft account on outlook.com? Am I missing something?
Just to add to the discussion, if you're not a direct owner of the subscriptions (but have an admin role for the whole or part of the Azure infrastructure) you can use the following cmdlets to get all subscriptions and switch between them:
Get-AzureRmSubscription
Select-AzureRmSubscription -SubscriptionName "subscription_name"
https://learn.microsoft.com/en-us/powershell/module/azurerm.profile/get-azurermsubscription?view=azurermps-5.0.0
This lists the available subscriptions for co-admins and contributors and can be used in Azure resource management scripts if you do not directly own the subscription but have sufficient privileges to access the resources.
Do you get a sign in dialgoue when you run Add-AzureAccount from powershell?
Can you then Get-AzureSubscription after that?
These guides might help in ensuring all the basics work:
https://redmondmag.com/articles/2016/01/25/connect-to-microsoft-azure-with-powershell.aspx
https://azure.microsoft.com/en-gb/documentation/articles/powershell-install-configure/
Update:
What are you trying to do after?
If you want to switch subscriptions, does the following work?:
Switch-AzureMode –Name AzureResourceManager
Get-AzureSubscription
Ref:
https://msdn.microsoft.com/en-us/library/azure/dn931949.aspx
In the new Azure portal you have the option to use Role Based Access (RBAC). I want to give a user rights to startup and shutdown a virtual machine in Azure. I also don't want that is it possible for this user to create new VM's in Azure so I don't want to make this user Administrator. I gave the user the required rights in the new Azure portal (owner for: the VM, Cloud Service and storage).
When I open PowerShell with the user that has rights on Azure. I first execute the command Add-AzureAccount. After this I execute the following command: Start-AzureVM -ServiceName "MyVM" -Name "MyVM". Then I receive the following error: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
When I perform this scenario for a Subscription Administrator everything works fine.
Is the described scenario supported by the Azure PowerShell cmdlets? What are possible alternatives?
Thanks in advance
Unfortunately, RBAC through Powershell is currently only available for ARM-resources, i.e. non-"classic" resources in the preview portal, and users needs to have accounts in the Azure AD tenant associated with the subscription. Federated Microsoft accounts will won't work.
I have two subscription one with old cloud service and other is with new cloud service. I am using Powershell to access my new subscription. I have downloaded latest .publishsettings and set it using Import-AzurePublishSettingsFile. My problem is that I always get the old subscription set and could not figureout how to force powershell to use my new subscription.
Just to clarify, there are two kinds of 'special' subscriptions, the 'current' subscription (which is the subscription used for any command in the current PowerShell session), and the Defaul subscription, which is the subscription used even after the current PowerShell session ends.
using Select-AzureSubscription <subscription-name> will set the current subscription. If you'd like to change the subscription across sessions, use Select-AzureSubscription -Default <subscription name>
With new Powershell commands you would need to set which particular subscription you would want to use. The steps are as below:
Import-AzurePublishSettingsFile yourpublishsettings.publishsettings
Get-AzureSubscription (this will give you the list of subscription)
Select-AzureSubscription _select_subscription_name (this way you can set which particular subscription you want to use)
This should work!!
This answer is for the classic Azure management. If you're on the new ARM then you want to do something like
Login-AzureRmAccount
Get-AzureRmSubscription
Set-AzureRmContext -SubscriptionId blah
where blah is the subscription ID from the second command