在没有用户凭据的情况下登录 Azure 自动化帐户到 Azure AD
[英]Login Azure Automation account, without user credential, to Azure AD
问题描述
is possible to connect with an azure automation account to azuread with cmdlet:
可以使用 cmdlet 将 azure 自动化帐户连接到 azuread:
- MsOnline Module MsOnline 模块
- AzureAD Module AzureAD 模块
without use credential stored in automation account?不使用存储在自动化帐户中的凭据?
I'm using following code with credential and works fine:我正在使用以下带有凭据的代码并且工作正常:
$azureadcred = Get-AutomationPSCredential -Name 'AzureAD'
Connect-AzureAD -credential $azureadcred
$o365cred = Get-AutomationPSCredential -Name 'O365'
Connect-Msolservice -credential $o365cred
Any help is appreciated任何帮助表示赞赏
Thanks谢谢
1 个解决方案
解决方案1
0 2020-05-05 09:15:53
How to connect AzureAD module without user
We can use the service principal to connect module AzureAD.我们可以使用服务主体来连接模块 AzureAD。 Meanwhile, you use the Azure Automation Account, we can directly use Azure Automation Run As accounts to connect the module.同时,您使用 Azure 自动化账户,我们可以直接使用Azure 自动化运行方式账户连接模块。
The detailed steps are as below.详细步骤如下。
Assign Azure AD role to the Run As accounts.
将Azure AD 角色分配给运行方式帐户。 a.一个。 Get the object id of the Run As accounts获取运行方式帐户的 object id b.
湾。 assign role分配角色
Connect-AzureAD
$role =Get-AzureADDirectoryRole -Filter "DisplayName eq 'Company Administrator'"
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId <the object id you copy>
- PowerShell Script PowerShell 脚本
$servicePrincipalConnection=Get-AutomationConnection -Name 'AzureRunAsConnection'
$connectState = Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
if ($connectState) {
"Connected."
} else {
"Doesn't seem to be connected."
}
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$context.Account
$graphToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.microsoft.com").AccessToken
$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.windows.net").AccessToken
Connect-AzureAD -TenantId $context.tenant.id -AccountId $context.Account.Id -AzureEnvironmentName $context.Environment.Name -AadAccessToken $aadToken -MsAccessToken $graphToken
get-azureaduser -Top 5
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.