自動化連接-AzureAD Powershell 腳本

Question

我使用 PowerShell 創建了一個連接到 AzureAD 的腳本，該腳本應該自動連接到 AzureAD。 下面是我的腳本。

$TenantId = ""
$SecFile = "C:\Azure-AD\Password.txt"
$SecUser = "C:\Azure-AD\UserName.txt"
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential  -ArgumentList $SecUser,
 (Get-Content $SecFile | ConvertTo-SecureString)

Connect-AzureAD -TenantId $TenantId-credential $MyCredential

我正在使用以下行生成來加密我的密碼

(Get-Credential).Password | ConvertFrom-SecureString | Out-File "C:\AzureAD\Password.txt"

當我運行我的腳本時，我收到以下錯誤：

PS C:\Azure-AD> .\Azure-Connect.ps1
Connect-AzureAD : One or more errors occurred.:
At C:\BackupTableau\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD: One or more errors occurred.
At C:\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AggregateException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD :
At C:\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AdalServiceException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD : Response status code does not indicate success: 404 (NotFound).
At C:\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], HttpRequestException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD : : Unknown error
At C:\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AdalException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD : One or more errors occurred.:
At C:\Azure-AD\Azure-Connect.ps1:10 char:1
+ Connect-AzureAD -TenantId $TenantId -credential $MyCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-AzureAD], AadAuthenticationFailedException
    + FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadAuthenticationFailedException,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

關於如何修復錯誤以使腳本成功運行的任何解決方案？

Answer 1

您的腳本（最初）編寫時使用(Get-Content $secFile ...)從密碼文件中檢索密碼，但僅將 $secUser 作為用戶名傳遞，這將只是包含您的用戶的文件名。

嘗試使用(Get-Content $secUser)從文件中獲取用戶名的值。

我認為這會對你有所幫助。 除此之外，我能否讓您對相對較新的模塊Microsoft.Powershell.SecretManagement和Microsoft.Powershell.SecretStore感興趣，它們允許您更安全地存儲您的憑據，而無需將它們作為純文本存儲在文件中 - 我使用這些模塊非常好例如，通常用於存儲我在 Azure DevOps REST API 中使用的個人訪問令牌。