Skip to content

Commit 6749ba5

Browse files
RobdeJongRobdeJong
committed
Updated connect-azuread cmdlet with example for service principal sign in
1 parent a8eb7c4 commit 6749ba5

File tree

1 file changed

+35
-1
lines changed

1 file changed

+35
-1
lines changed

Azure AD Cmdlets/AzureAD/v2/Connect-AzureAD.md

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,11 +66,45 @@ You cannot use multi-factor authentication or Microsoft account credentials to r
6666

6767
### Example 3: Connect a session as a service principal
6868
```
69-
PS C:\> Connect-AzureAD -TenantId "xxxx-xxxx-xxxx-xxxx" -ApplicationId "xxxx-xxxx-xxxx-xxxx" -CertificateThumbprint "xxxx-xxxx-xxxx-xxxx"
69+
# Login to Azure AD PowerShell With Admin Account
70+
Connect-AzureAD
71+
72+
# Create the self signed cert
73+
$currentDate = Get-Date
74+
$endDate = $currentDate.AddYears(1)
75+
$notAfter = $endDate.AddYears(1)
76+
$pwd = "<password>"
77+
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName com.foo.bar -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
78+
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
79+
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\temp\examplecert.pfx -Password $pwd
80+
81+
# Load the certificate
82+
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\examplecert.pfx", $pwd)
83+
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
84+
85+
86+
# Create the Azure Active Directory Application
87+
$application = New-AzureADApplication -DisplayName "test123" -IdentifierUris "https://test123"
88+
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "Test123" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
89+
90+
# Create the Service Principal and connect it to the Application
91+
$sp=New-AzureADServicePrincipal -AppId $application.AppId
92+
93+
# Give the Service Principal Reader access to the current tenant (Get-AzureADDirectoryRole)
94+
Add-AzureADDirectoryRoleMember -ObjectId 5997d714-c3b5-4d5b-9973-ec2f38fd49d5 -RefObjectId $sp.ObjectId
95+
96+
# Get Tenant Detail
97+
$tenant=Get-AzureADTenantDetail
98+
# Now you can login to Azure PowerShell with your Service Principal and Certificate
99+
Connect-AzureAD -TenantId $tenant.ObjectId -ApplicationId $sp.AppId -CertificateThumbprint $thumb
100+
70101
```
71102

72103
This command authenticates the user to Azure Active Directory as a service principal.
73104

105+
106+
107+
74108
## PARAMETERS
75109

76110
### -AadAccessToken

0 commit comments

Comments
 (0)