In a PS console I can do the following to get all of the Azure resources for a subscription.
Login-AzureRmAccount
Get-AzureRmResource
I want to do this in a Azure function, but Login-AzureRmAccount is an interactive prompt.
You will need to log in using a service principal instead of interactive login. See https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal for details on setting that up.
Related
I am trying to execute below command in azure devops to set the AD group as setsqlserveradmin.
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "xyz" -ServerName "xyzsqlserver" -DisplayName "ADgroup" -ObjectId "27f75d8c-xxxx-xxxx-xxxx-xxxxxxxxxx"
Below is the Error logs
2020-05-07T15:55:05.2211587Z ##[command]Disconnect-AzAccount -Scope Process
ErrorAction Stop 2020-05-07T15:55:05.6167436Z ##[command]Clear-AzContext -Scope Process - ErrorAction
Stop 2020-05-07T15:55:05.9479005Z ##[error]Cannot find the Azure Active Directory object 'Adgroup'.
Please make sure that the user or group you are authorizing is registered in the current
subscription's Azure Active directory. To get a list of Azure Active Directory groups use Get-
AzADGroup, or to get a list of Azure Active Directory users use Get-AzADUser. 2020-05-
07T15:55:06.0117846Z ##[section]Finishing: Azure PowerShell script: InlineScript
Note - I checked Adgroup and correponding objectid is correct.
powershell task 4.0 and version 3.1.0
I can reproduce your issue, first, make sure the group is in the same tenant of your service connection.
Then navigate to the Azure portal -> Azure Active Directory -> App registrations -> find the AD App Registration related to your service connection, follow the steps below to add the Application permission Directory.Read.All of Azure Active Directory Graph(not Microsoft Graph), don't forget to click the Grant admin consent for xxx button at last.
After adding the permission, there is some delay(30m - 1h), then test the command, it works.
I am attempting to login to an Azure account through a PowerShell script by means of making use of a publishsettings file; However, I am still finding that it is requiring me to login to my account using Login-AzureRmAccount, regardless of having those credentials.
My step-by step looks something like this:
Clear out all accounts that may be available:
Get-AzureAccount | ForEach-Object { Remove-AzureAccount $_.ID -Force }
Download the PublishSettings file: Import-AzurePublishSettingsFile –PublishSettingsFile $PublishSettingsFileNameWithPath
Select the Azure subscription using the subscription ID:
Select-AzureRMSubscription -SubscriptionId $SubscriptionId
And finally, create a new resource group in the subscription before deploying it: New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force 2>> .\errorCIMS_RG.txt | Out-File .\rgDetailsCIMS_RG.txt
However, this is when an error is thrown: Run Login-AzureRmAccount to login.
Assuming I have the PublishSettings file, and it hasnt expired, why would this be giving back an error?
As Mihail said, we should check Azure PowerShell version first, and install the latest version.
We can run this command to list Azure PowerShell version:
Get-Module -ListAvailable -Name Azure -Refresh
By the way, Import-AzurePublishSettingsFile work for ASM, New-AzureRmResourceGroup is ARM command, so if you want to create resource group, you should Login-AzureRmAccount first.
Note:
The AzureResourceManager module does not support publish settings
files.
More information about Import-AzurePublishSettingsFile, please refer to this link.
I solved this problem by updating to last version of azure powershell cmdlet.
You can find last one here:
https://github.com/Azure/azure-powershell/releases
I was looking a way to delete azure storage account using powershell.
There are powershell command to remove blob,container,table,queue, filed, directory. But I don't see any way to remove/delete azure storage account using powershell.
Through portal I can do it, but need to do it through powershell.
Anyone knows how to do this ?
Have you tried Remove-AzureRmStorageAccount or Remove-AzureStorageAccount depending on the deployment model you are using?
To find those you can always use Get-Command remove-azure*storage*
This article may help you -> scroll down to- To remove the whole storage account
This is the powershell command-
Remove-AzureRmResourceGroup -Name resourceGrouptest
where resourceGrouptest is the name of the resource group.
you also need to first login into your account using-
Login-AzureRmAccount
I tried to use Login-AzureRmAccount and Add-AzureRmAccount to login to my Azure Accounts. I have two of them, it was easy to add both of them via Add-AzureAccount and manage the active and default one using Select-Azuresubscription.
With the RM cmdlets every time I do Add-AzureRmAccount it overrides the previous authenticated one. This makes it hard for me to switch between a private and a company azure account.
Are there any solutions for that ?
I am using the PowerShell Gallery to update the Azure and AzureRM Modules and using the latest ones.
The official way is to do something like this
$profile1 = Login-AzureRmAccount
$profile2 = Login-AzureRmAccount
Select-AzureRmProfile -Profile $profile2
You can then save the profiles to disk using
Save-AzureRmProfile -Profile $profile1 -Path e:\ps\profile1.json
You can then load with
Select-AzureRmProfile -Path e:\ps\profile1.json
My personal approach though was to create a module that gave a cmdlet with profile1,profile2 etc as parameters. It would then download and decrypt credentials and feed them into Add-AzureRMAccount (this way I can use the same credential file from assorted locations)
Use Login-AzureRMAccout to login two accounts respectively. Then use Get-AzureRmSubscription to check the subscription info and note down the two TenantIds.
To switch between a private and a company azure account, you can specify the TenantId parameter using
$loadersubscription = Get-AzureRmSubscription -SubscriptionName $YourSubscriptionName -TenantId $YourAssociatedSubscriptionTenantId
I'm trying to use the Windows Azure PowerShell module to manage a subscription.
I have downloaded my certificate (the .publishsettings file) and imported it with Import-AzurePublishSettingsFile and then I've selected my subscription with Select-AzureSubscription neither of which gave errors.
I've also set my subscription using Set-AzureSubscription -SubscriptionName "Blah"
Still, I get a
Get-AzureService : Value cannot be null.
Parameter name: subscriptionId
when running Get-AzureService
I've read getting started guides and various documentation but I can't work out what I'm doing wrong. Which in my mind, makes this a UX problem that Microsoft should address.
Update
I got a bit further, I used
Set-AzureSubscription -SubscriptionName "Blah" -SubscriptionId 0123
which changed the error from Get-AzureService to:
Get-AzureService : Value cannot be null.
Parameter name: managementCertificate
But now I cannot set my certificate since the argument wants an X509Certificate type.
There is a better way to authenticate when using the Azure Powershell cmdlets --- Add-AzureAccount. This will prompt you for your login credentials instead of using the service management certificate.
You may still run into some issues because Azure powershell caches your subscriptions in XML files in %appdata%\Windows Azure Powershell.
I would recommend:
Close the Azure Powershell window
Delete the XML files in %appdata%\Windows Azure Powershell.
Open Azure Powershell and run Add-AzureAccount.
This should ensure that you have the correct subscriptions configured.
I hope this might help you-
Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile filenamewithpath
filenamewithpath is the publishsetting file with path saved on your pc