使用 powershell 重置 Azure 服务主体的客户端密码
[英]Reset the client secret of Azure Service Principal using powershell
问题描述
Using powershell commands i want to reset the Service Principal client secret.
使用 powershell 命令我想重置服务主体客户端密码。
I followed the below steps from the article https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-5.8.0 but it didnot reset the password我按照文章https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-5.8.0中的以下步骤操作,但它没有重置密码
Remove-AzADSpCredential -DisplayName ServicePrincipalName
$newCredential = New-AzADSpCredential -ServicePrincipalName ServicePrincipalName
can you tell what i am doing wrong.你能告诉我我做错了什么吗? I just want to reset the secret and have new one我只想重置秘密并拥有一个新的
I executed the above command and then i went to the app registration of that service principal and there i went to certificates & secrets i see it has not createed new secret.我执行了上述命令,然后我去了该服务主体的应用程序注册,在那里我去了证书和秘密,我看到它没有创建新的秘密。
Using bash i am able to reset the password by executing the below command but i want it to be done using powershell command使用 bash 我可以通过执行以下命令来重置密码,但我希望使用 powershell 命令来完成
az ad sp credential reset --name
1 个解决方案
解决方案1
2 已采纳 2021-04-26 08:06:35
I went to the app registration of that service principal and there I went to certificates & secrets I see it has not created new secret.
Well, actually the command New-AzADSpCredential did create a new secret for you.好吧,实际上New-AzADSpCredential命令确实为您创建了一个新秘密。 Firstly, you need to know the relationship between App Registration(AD App) and Service principal, see Application and service principal objects in Azure Active Directory .首先,您需要了解应用注册(AD App)和服务主体之间的关系,请参阅Azure Active Directory 中的应用程序和服务主体对象。
In short, the service principal is the local representation for the AD App in a specific tenant.简而言之,服务主体是特定租户中 AD 应用程序的本地表示。 When you create the secret for the service principal, it will not appear in the Certificates & secrets blade, you can just get it with Get-AzADSpCredential .当您为服务主体创建密钥时,它不会出现在Certificates & secrets刀片中,您可以使用Get-AzADSpCredential获取它。
If you want to reset the secret that you can find in the portal, you need to reset the sceret for the AD App(ie App Registration) via Remove-AzADAppCredential and New-AzADAppCredential .如果要重置可在门户中找到的密码,则需要通过Remove-AzADAppCredential和New-AzADAppCredential重置 AD 应用程序的密码(即应用注册)。
You could refer to the sample below, it resets a secret with value ce96a0ed-5ae8-4a5a-9b3c-630da9ea3023 , it is valid for one year, you can find it in the portal.您可以参考下面的示例,它重置了一个值为ce96a0ed-5ae8-4a5a-9b3c-630da9ea3023 ,有效期为一年,您可以在门户中找到它。
$obj = (Get-AzADApplication -DisplayName joyappv2).ObjectId
Remove-AzADAppCredential -ObjectId $obj -Force
$azurePassword = ConvertTo-SecureString "ce96a0ed-5ae8-4a5a-9b3c-630da9ea3023" -AsPlainText -Force
$date = Get-Date
$newCredential = New-AzADAppCredential -ObjectId $obj -Password $azurePassword -StartDate $date -EndDate $date.AddYears(1)
Note: You could not get the secret value again after creating it, so please store it when creating.注意:创建后无法再次获取密值,请在创建时保存。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.