Authenticating with Azure Active Directory on powershell
Question
I am attempting to explore the features of the Azure Active Directory V2 PowerShell Module
I have an Azure Account, and I have set up an Active Directory with multiple users.
My first goal is simple: show me the list of users.
So I type:
Connect-AzureAD
I am presented with a dialog and type in my user account and password. It returns on object of type Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext .
I then type
Get-AzureADUser
And the error is:
Get-AzureADUser : Error occurred while executing GetUsers
Code: Authentication_Unauthorized
Message: User was not found
HttpStatusCode: Forbidden
I am still able to list the users using the Azure RM Powershell module. The following code works:
Add-AzureRmAccount
Get-AzureRmADUser
What do I do to get Get-AzureADUser to work?
2 answers
solution1
19 ACCPTED 2017-04-10 02:23:44
The cmdlet Connect-AzureAD establishes connection to ADD domian, after we login successed a confirmation will display:
PS C:\windows\system32> connect-azuread
Account Environment Tenant
------- ----------- ------
jasontest1@xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
The connection can be vaildated with this cmdlet Get-AzureADDomain , if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:
PS C:\windows\system32> get-azureaddomain
Name AvailabilityStatus AuthenticationType
---- ------------------ ------------------
hcl.com Managed
msgamestudios.com Managed
foobar.local Managed
multimap.com Managed
skypestaytogether.com Managed
insightsquarterly.com.au Managed
calanit.onmicrosoft.com Federated
msft.ccsctp.net Managed
ruffiangames.com Managed
xn--m1bg0b0byewac1j8b.com Managed
VoicesforInnovation.org Managed
shaanximic.com Managed
www.yunnanmic.com Managed
wsmbela.pss.com Managed
fornax.off Managed
api.staging.yammer.com Managed
codenauts.net Managed
acompli.com Managed
testdomains.co Managed
microsoft.hr Managed
Bayportali.mmdservice.com Managed
contoso.com Managed
api.swrepository.com Managed
Equivio.com Managed
sunshine.am Managed
microsoftaffiliates.com Managed
If user has no admin privileges, we will get the error same as you.
Get-AzureADDomain : Error occurred while executing GetDomains
Code: Authentication_Unauthorized
Message: User was not found
HttpStatusCode: Forbidden
The reason is that, the cmdlet GetAzureADDomian has no tenant specified, so the connection was established to a domian, where user has no admin privileges.
To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD cmdlet.
PS C:\windows\system32> Connect-AzureAD -TenantId
solution2
0 2019-09-16 21:13:17
As already answered here, please use:
PS C:\windows\system32> Connect-AzureAD -TenantId {YOUR_TENANT_ID}
Example:
PS C:\windows\system32> Connect-AzureAD -TenantId ce1af0ab-ae35-4f60-8f2d-944444444444
It's a common mistake to use TenantId we get when executing Connect-AzureAd , like following:
But use the TenantId from Azure Portal --> Azure Active Directory --> Properties --> Directory Id .
The Directory Id = TenantId .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.