Context
I have a Microsoft account, an I have and Azure subscription for it. I've got access rights (added as user: owner) to other Microsoft account's other subscriptions.
All works OK, when I log with my one and only credential in to the Azure portal, I can see the directories (tenants?) listed in the top right menu, so I can switch. After switching to a directory I can see the subscription(s) for that directory.
I would like to use this credential similarly in PowerShell. So far I used Select-AzureRmSubscription with success, and interestingly I experienced, that I can omit -TenanttId parameter even the subscription is under other tenant as my default directory. (I suppose Select-AzureRmSubscription iterates though all the tenant's all subscriptions to find the guid I providing in -SubscrptionId parameter. (or was this only a "bug"?). Anyway now I've switched to an other client computer, and freshly installed AzureRM PowerShell modules, and the very same Select-AzureRmSubscription does not work there. So I thought this "bug" was "fixed" and now I must use the -TenantId parameter too. However I still got error.
NOTE: All works from my older developer machine: I can switch between subscriptions of different tenants just by using Select-AzureRmSubscription (even not using -TenantId parameter)
What I've tried:
$subscriptionId = "42940206-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$tenantId = "ce8a477c-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Login-AzureRmAccount
Select-AzureRmSubscription -SubscriptionId $subscriptionId -TenantId $tenanId
I've got the following error message:
Set-AzureRmContext : Cannot validate argument on parameter 'SubscriptionId'. The argument "42940206-xxxx-xxxx-xxxx-xxxxxxxxxxxx" does not
belong to the set "0692a8b8-xxxx-xxxx-xxxx-xxxxxxxxxxxx" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.
What is this 0692a8b8-xxxx-xxxx-xxxx-xxxxxxxxxxxx" specified by the ValidateSet attribute. It is neither any of my subscription ids, neither any my tenantIds...
Differences between the two client machines
Working: Poweshell 5, approx half year old AzureRM modules, installed by PowerShellGet's Install-Module
Not Working: Poweshell 4, latest AzureRM modules, installed by PowerShellGet's Install-Module
The trivial next step would be to install PowerShell 5 on the new machine, but it is a production machine many of stabilized and day by day running PowerShell scripts, so I would not like to risk to break the production processes...
I ran into similar issue. I was only experiencing the issue if the subscriptions were in different tenants.
The cure, for me, was to get the subscription object, then select it. So, using your example above, where you have $subscriptionId setup with your subscription ID value you want, you'd do:
Get-AzureRmSubscription -SubscriptionId $subscriptionId | Select-AzureRmSubscription
Related
I have a PowerShell script running in Octopus Deploy as part of my deployment process. An extract of the script is below:
Import-AzurePublishSettingsFile "myAzurePublishSetting.PublishSettings"
Select-AzureSubscription 'mySubscription'
Set-AzureSubscription -SubscriptionName 'mySubscription' -Environment 'myEnvironment' -CurrentStorageAccountName 'myStorageAccount'
I'm now getting the below error from the Set-AzureSubscription cmdlet:
ServiceEndpoint and ResourceManagerEndpoint values do not match existing environment. Please use Environment parameter.
at Microsoft.WindowsAzure.Commands.Profile.SetAzureSubscriptionCommand.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Octopus Deploy is hosted in an Azure virtual machine. This script worked fine until a few days ago so maybe Azure has changed something since nothing else has changed.
It's even more puzzling since I can run this script successfully on the virtual machine in both a PowerShell window and using Calamari.exe which is apparently what Octopus uses under the hood to call the script.
Any ideas?
This can happen if you have made changes to Azure subscriptions, for example disabling a subscription. Powershell still has a cache of the previous subscriptions. Use Get-AzureAccount to get the Id of the account and then Remove-AzureAccount. Finally, add the account again using Add-AzureAccount.
I have created an ARM template that I would like to deploy via Powershell to Azure directory where I am guest - meaning, I have contributor access to one particular resource group. How do I do that?
Normally, when using my own subscription, I just go Login-AzureRMSubscription and Select-AzureRMSubscription -SubscriptionId myidblabla and then New-AzureRMResourceGroupDeployment -name blabla -TemplateFile mypath -ResourceGroupName somenmae
But how do I target the directories where I am invited? Using Get-AzureRMSubscriptions, I can see also where I am guest but I cannot switch to them.
Any help with this would be greatly appreciated!
Thanks!
Edit: I have tried to Select-AzureRmSubscription -TenantId but the reply I get is details about my own subscription including my tenant Id and I still cannot see the resource group that I have access to. Note - If I login to the portal, I can easily switch to the directory and see my resource group in the resource group sections and deploy resources to it.
According to your description, we can use this command to login Azure and change directory.
Select-AzureRmSubscription -SubscripitionID <ID of sub> -TenantId <ID of Azure Tenant>
We can actually just specify the tennant ID to select the directory, without a subscription ID.
Select-AzureRmSubscription -TenantId <ID of Azure Tenant>
I am attempting to login to an Azure account through a PowerShell script by means of making use of a publishsettings file; However, I am still finding that it is requiring me to login to my account using Login-AzureRmAccount, regardless of having those credentials.
My step-by step looks something like this:
Clear out all accounts that may be available:
Get-AzureAccount | ForEach-Object { Remove-AzureAccount $_.ID -Force }
Download the PublishSettings file: Import-AzurePublishSettingsFile –PublishSettingsFile $PublishSettingsFileNameWithPath
Select the Azure subscription using the subscription ID:
Select-AzureRMSubscription -SubscriptionId $SubscriptionId
And finally, create a new resource group in the subscription before deploying it: New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force 2>> .\errorCIMS_RG.txt | Out-File .\rgDetailsCIMS_RG.txt
However, this is when an error is thrown: Run Login-AzureRmAccount to login.
Assuming I have the PublishSettings file, and it hasnt expired, why would this be giving back an error?
As Mihail said, we should check Azure PowerShell version first, and install the latest version.
We can run this command to list Azure PowerShell version:
Get-Module -ListAvailable -Name Azure -Refresh
By the way, Import-AzurePublishSettingsFile work for ASM, New-AzureRmResourceGroup is ARM command, so if you want to create resource group, you should Login-AzureRmAccount first.
Note:
The AzureResourceManager module does not support publish settings
files.
More information about Import-AzurePublishSettingsFile, please refer to this link.
I solved this problem by updating to last version of azure powershell cmdlet.
You can find last one here:
https://github.com/Azure/azure-powershell/releases
I tried to use Login-AzureRmAccount and Add-AzureRmAccount to login to my Azure Accounts. I have two of them, it was easy to add both of them via Add-AzureAccount and manage the active and default one using Select-Azuresubscription.
With the RM cmdlets every time I do Add-AzureRmAccount it overrides the previous authenticated one. This makes it hard for me to switch between a private and a company azure account.
Are there any solutions for that ?
I am using the PowerShell Gallery to update the Azure and AzureRM Modules and using the latest ones.
The official way is to do something like this
$profile1 = Login-AzureRmAccount
$profile2 = Login-AzureRmAccount
Select-AzureRmProfile -Profile $profile2
You can then save the profiles to disk using
Save-AzureRmProfile -Profile $profile1 -Path e:\ps\profile1.json
You can then load with
Select-AzureRmProfile -Path e:\ps\profile1.json
My personal approach though was to create a module that gave a cmdlet with profile1,profile2 etc as parameters. It would then download and decrypt credentials and feed them into Add-AzureRMAccount (this way I can use the same credential file from assorted locations)
Use Login-AzureRMAccout to login two accounts respectively. Then use Get-AzureRmSubscription to check the subscription info and note down the two TenantIds.
To switch between a private and a company azure account, you can specify the TenantId parameter using
$loadersubscription = Get-AzureRmSubscription -SubscriptionName $YourSubscriptionName -TenantId $YourAssociatedSubscriptionTenantId
I'm trying to use the Windows Azure PowerShell module to manage a subscription.
I have downloaded my certificate (the .publishsettings file) and imported it with Import-AzurePublishSettingsFile and then I've selected my subscription with Select-AzureSubscription neither of which gave errors.
I've also set my subscription using Set-AzureSubscription -SubscriptionName "Blah"
Still, I get a
Get-AzureService : Value cannot be null.
Parameter name: subscriptionId
when running Get-AzureService
I've read getting started guides and various documentation but I can't work out what I'm doing wrong. Which in my mind, makes this a UX problem that Microsoft should address.
Update
I got a bit further, I used
Set-AzureSubscription -SubscriptionName "Blah" -SubscriptionId 0123
which changed the error from Get-AzureService to:
Get-AzureService : Value cannot be null.
Parameter name: managementCertificate
But now I cannot set my certificate since the argument wants an X509Certificate type.
There is a better way to authenticate when using the Azure Powershell cmdlets --- Add-AzureAccount. This will prompt you for your login credentials instead of using the service management certificate.
You may still run into some issues because Azure powershell caches your subscriptions in XML files in %appdata%\Windows Azure Powershell.
I would recommend:
Close the Azure Powershell window
Delete the XML files in %appdata%\Windows Azure Powershell.
Open Azure Powershell and run Add-AzureAccount.
This should ensure that you have the correct subscriptions configured.
I hope this might help you-
Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile filenamewithpath
filenamewithpath is the publishsetting file with path saved on your pc