![]() If you receive the error: "New-AzADServicePrincipal: Another object with the same value for $newCredential = New-AzADSpCredential -ServicePrincipalName ServicePrincipalName Remove-AzADSpCredential cmdlet: Remove-AzADSpCredential -DisplayName ServicePrincipalName This cmdlet doesn't support user-defined credentials when resetting theīefore assigning any new credentials, you may want to remove existing credentials to prevent sign New-AzADSpCredential to add a new credential If you forget the credentials for a service principal, use Sign in with Azure PowerShell Reset credentials Connect-AzAccount -ServicePrincipal -Tenant -CertificateThumbprint -ApplicationId įor instructions on importing a certificate into a credential store accessible by PowerShell, see Local certificate store based on a certificate thumbprint. To sign in with a service principal using a password: # Use the application ID as the username, and the secret as passwordĬonnect-AzAccount -ServicePrincipal -Credential $credentials -Tenant Ĭertificate-based authentication requires that Azure PowerShell can retrieve information from a Service principal, you need the applicationId value associated with it, and the tenant it's Test the new service principal's credentials and permissions by signing in. The changes can be verified by listing the assigned roles: Get-AzRoleAssignment -ServicePrincipalName ServicePrincipalName Principal's permissions, the Contributor role should be removed. Contact your Azure Active Directory admin toĪdding a role doesn't restrict previously assigned permissions. 'Microsoft.Authorization/roleAssignments/write'". If your account doesn't have permission to assign a role, you see an error message that yourĪccount "doesn't have authorization to perform action Remove-AzRoleAssignment -ObjectId -RoleDefinitionName 'Contributor' The following example adds the Reader role and removes the Contributor role: New-AzRoleAssignment -ApplicationId -RoleDefinitionName 'Reader'
0 Comments
Leave a Reply. |