如何在Azure DevOps发布管道中建立连接帐户

Question

In the release pipeline, I am trying to connect to Azure AD by using Connect-Azaccount so I can run Get-AzADgroup to retrieve some Az AD group names and their guid and output to variables.

I created Azure Powershell task with the following inline script.

(Get-AzADGroup -DisplayName "group-name").origin

Answer 1

It seems you need to use a non-interactive login, follow the steps as below.

1. Create an Azure Active Directory application and create a secret for the app, save the secret and get values for signing in .

2.In your AD App -> API permissions -> Add a permission -> select Azure Active Directory Graph -> Application permissions -> Directory.Read.All -> click Add permissions -> click Grant admin consent for xxx , refer to the screenshot.

3.Try the script as below, use the values which you get in step 1, it works fine on my side.

Note : You need to use the Task version with 4.*(preview) when you use Az powershell module.

$azureAplicationId ="<your ad app application id>"
$azureTenantId= "<your tenant id>"
$azurePassword = ConvertTo-SecureString "<the secret of your ad app>" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId  -ServicePrincipal 
#I just test to get all groups, you could do other operations
Get-AzADGroup