[英]Login Azure Automation account, without user credential, to Azure AD
is possible to connect with an azure automation account to azuread with cmdlet:可以使用 cmdlet 将 azure 自动化帐户连接到 azuread:
without use credential stored in automation account?不使用存储在自动化帐户中的凭据?
I'm using following code with credential and works fine:我正在使用以下带有凭据的代码并且工作正常:
$azureadcred = Get-AutomationPSCredential -Name 'AzureAD'
Connect-AzureAD -credential $azureadcred
$o365cred = Get-AutomationPSCredential -Name 'O365'
Connect-Msolservice -credential $o365cred
Any help is appreciated任何帮助表示赞赏
Thanks谢谢
How to connect AzureAD module without user
如何在没有用户的情况下连接 AzureAD 模块
We can use the service principal to connect module AzureAD.我们可以使用服务主体来连接模块 AzureAD。 Meanwhile, you use the Azure Automation Account, we can directly use Azure Automation Run As accounts to connect the module.
同时,您使用 Azure 自动化账户,我们可以直接使用Azure 自动化运行方式账户连接模块。
The detailed steps are as below.详细步骤如下。
Assign Azure AD role to the Run As accounts.将Azure AD 角色分配给运行方式帐户。 a.
一个。 Get the object id of the Run As accounts
获取运行方式帐户的 object id
b.湾。 assign role
分配角色
Connect-AzureAD
$role =Get-AzureADDirectoryRole -Filter "DisplayName eq 'Company Administrator'"
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId <the object id you copy>
$servicePrincipalConnection=Get-AutomationConnection -Name 'AzureRunAsConnection'
$connectState = Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
if ($connectState) {
"Connected."
} else {
"Doesn't seem to be connected."
}
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$context.Account
$graphToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.microsoft.com").AccessToken
$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.windows.net").AccessToken
Connect-AzureAD -TenantId $context.tenant.id -AccountId $context.Account.Id -AzureEnvironmentName $context.Environment.Name -AadAccessToken $aadToken -MsAccessToken $graphToken
get-azureaduser -Top 5
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.