My Azure account having one subscription is added as a contributor to another Azure account. Using Login-AzureRmAccount in PowerShell, I login to my account and Get-AzureSubscription returns only my own subscription. On the Azure portal, I can switch between these two subscriptions and create/remove resources on the other subscription.
I have checked Select-AzureSubscription, and it can be used in case Get-AzureSubscription returns multiple accounts to choose among them.
I also do not have the credentials of the other account to login manually.
Is there any way to access my contributor-role subscription in PowerShell and run Azure scripts on it?
"Contributor" is an RBAC (Role based access control) role, so you have access to the subscription throught Azure Resource Manager.
To find this subscription in PowerShell, you can use the Get-AzureRmSubscription cmdlet instead of Get-AzureSubscription. Then you can use the cmdlet Select-AzureRmSubscription to select the subscription instead of Select-AzureSubscription.
Related
I have my own Azure account, which I can connect to quite happily using Windows Powershell, using microsoft account and password. My client has an Azure account, which my microsoft account has been setup as an owner and co-administrator for, but when I login to Azure using Powershell Login-AzureRMAccount cmdlet and enter my microsoft credentials, I can only access my own azure account and not my clients. How do I use powershell to login to my clients azure account?
Step 1: Login-AzureRmAccount
To log into Azure Account
Step 2: Get-AzureRmSubscription
To list down all the Azure subscriptions associated with your account
Step 3: Select-AzureRmSubscription -Subscription 'Subscription ID or Subscription Name'
To switch between Azure subscriptions.
Pass in the subscription ID or Subscription Name from Step 2 to switch to the required Azure subscription
Thanks to No Refunds No Returns, this was the answer I was looking for.
Add-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Trying to list all the certificates in my account.
When using Get-AzureCertificate, it complains I need to select default subscription with Select-AzureSubscription.
But no subscription can be selected with Select-AzureSubscription,
I can only select subscription with Select-AzureRmSubscription. But this Get-AzureCertificate needs Select-AzureSubscription.
How do I list all certificates in my Azure with PowerShell?
Did you log in to an ASM subscription? Looks like you have logged in using Add-AzureRMAccount or Login-AzureRMAccount. Use Add-AzureAccount instead.
I need to select my Azure Subscription in Azure PowerShell.
I copy/paste the Subscription ID (to ensure no typos) from the Azure Management Portal, it's a hex-string:
When I run:
Select-AzureSubscription -SubscriptionId '0300...'
I get an error message:
Select-AzureSubscription : The subscription id 0300... doesn't exist.
I know my subscription ID is correctly copied from the settings in Azure Management Portal, I even did a BeyondCompare to make sure.
I'm wondering about security... am I missing something? Do I need to somehow provide my Azure credentials? It wouldn't make sense to just allow anyone to select any Azure subscription, unless the Subscription ID is supposed to be super-secret, like an SSN.
You need to log on to your Azure account first:
To start working with the Azure Service Management cmdlets, first log
on to your Azure account. To log on to your account, run the following
command:
Add-AzureAccount
After logging into Azure, Azure PowerShell creates a context for the
given session. That context contains the Azure PowerShell environment,
account, tenant, and subscription that will be used for all cmdlets
within that session. Now you are ready to use the modules below.
Source: https://learn.microsoft.com/en-us/powershell/azure/install-azure-ps?view=azuresmps-3.7.0
I am trying to login to Azure AD using PowerShell with a co-administrator account. I use Connect-MsolService and I get in but I can't see any subscriptions when I use Get-AzureSubscription. At the same time, I can login in the portal (both old and new) using that account and I see it there. The issue is I need to do some things that both portals do not let me do.
Is there an issue if I created the subscription using a Microsoft account on outlook.com? Am I missing something?
Just to add to the discussion, if you're not a direct owner of the subscriptions (but have an admin role for the whole or part of the Azure infrastructure) you can use the following cmdlets to get all subscriptions and switch between them:
Get-AzureRmSubscription
Select-AzureRmSubscription -SubscriptionName "subscription_name"
https://learn.microsoft.com/en-us/powershell/module/azurerm.profile/get-azurermsubscription?view=azurermps-5.0.0
This lists the available subscriptions for co-admins and contributors and can be used in Azure resource management scripts if you do not directly own the subscription but have sufficient privileges to access the resources.
Do you get a sign in dialgoue when you run Add-AzureAccount from powershell?
Can you then Get-AzureSubscription after that?
These guides might help in ensuring all the basics work:
https://redmondmag.com/articles/2016/01/25/connect-to-microsoft-azure-with-powershell.aspx
https://azure.microsoft.com/en-gb/documentation/articles/powershell-install-configure/
Update:
What are you trying to do after?
If you want to switch subscriptions, does the following work?:
Switch-AzureMode –Name AzureResourceManager
Get-AzureSubscription
Ref:
https://msdn.microsoft.com/en-us/library/azure/dn931949.aspx
In the new Azure portal you have the option to use Role Based Access (RBAC). I want to give a user rights to startup and shutdown a virtual machine in Azure. I also don't want that is it possible for this user to create new VM's in Azure so I don't want to make this user Administrator. I gave the user the required rights in the new Azure portal (owner for: the VM, Cloud Service and storage).
When I open PowerShell with the user that has rights on Azure. I first execute the command Add-AzureAccount. After this I execute the following command: Start-AzureVM -ServiceName "MyVM" -Name "MyVM". Then I receive the following error: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
When I perform this scenario for a Subscription Administrator everything works fine.
Is the described scenario supported by the Azure PowerShell cmdlets? What are possible alternatives?
Thanks in advance
Unfortunately, RBAC through Powershell is currently only available for ARM-resources, i.e. non-"classic" resources in the preview portal, and users needs to have accounts in the Azure AD tenant associated with the subscription. Federated Microsoft accounts will won't work.