Connect-AzureAD
Connects with an authenticated account to use Active Directory cmdlet requests.
Syntax
Connect-AzureAD
[-AzureEnvironmentName <EnvironmentName>]
[-TenantId <String>]
[-Credential <PSCredential>]
[-AccountId <String>]
[-LogLevel <LogLevel>]
[-LogFilePath <String>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureAD
[-AzureEnvironmentName <EnvironmentName>]
-TenantId <String>
-CertificateThumbprint <String>
-ApplicationId <String>
[-LogLevel <LogLevel>]
[-LogFilePath <String>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureAD
[-AzureEnvironmentName <EnvironmentName>]
[-TenantId <String>]
-AadAccessToken <String>
[-MsAccessToken <String>]
-AccountId <String>
[-LogLevel <LogLevel>]
[-LogFilePath <String>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Connect-AzureAD cmdlet connects an authenticated account to use for Azure Active Directory cmdlet requests.
You can use this authenticated account only with Azure Active Directory cmdlets.
Examples
Example 1: Connect a PowerShell session to a tenant
PS C:\> Connect-AzureAD -Confirm
This command connects the current PowerShell session to an Azure Active Directory tenant. The command prompts you for a username and password for the tenant you want to connect to. The Confirm parameter prompts you for confirmation.
If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication.
Example 2: Connect a session using a variable
PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureAD -Credential $Credential
The first command gets the user credentials, and then stores them in the $Credential variable.
The second command connects the current PowerShell session using the credentials in $Credential.
This account authenticates with Azure Active Directory using organizational ID credentials. You cannot use multi-factor authentication or Microsoft account credentials to run Azure Active Directory cmdlets with this account.
Example 3: Connect a session as a service principal
# Login to Azure AD PowerShell With Admin Account
Connect-AzureAD
# Create the self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "<password>"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName com.foo.bar -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\temp\examplecert.pfx -Password $pwd
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\examplecert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure Active Directory Application
$application = New-AzureADApplication -DisplayName "test123" -IdentifierUris "https://test123"
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "Test123" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
# Create the Service Principal and connect it to the Application
$sp=New-AzureADServicePrincipal -AppId $application.AppId
# Give the Service Principal Reader access to the current tenant (Get-AzureADDirectoryRole)
Add-AzureADDirectoryRoleMember -ObjectId 5997d714-c3b5-4d5b-9973-ec2f38fd49d5 -RefObjectId $sp.ObjectId
# Get Tenant Detail
$tenant=Get-AzureADTenantDetail
# Now you can login to Azure PowerShell with your Service Principal and Certificate
Connect-AzureAD -TenantId $tenant.ObjectId -ApplicationId $sp.AppId -CertificateThumbprint $thumb
This command authenticates the user to Azure Active Directory as a service principal.
Parameters
-AadAccessToken
Specifies an Azure Active Directory Graph access token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AccountId
Specifies the ID of an account. You must specify the UPN of the user when authenticating with a user access token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ApplicationId
Specifies the application ID of the service principal.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AzureEnvironmentName
Specifies the name of the Azure environment. The acceptable values for this parameter are:
- AzureCloud
- AzureChinaCloud
- AzureUSGovernment
- AzureGermanyCloud
The default value is AzureCloud.
Type: | EnvironmentName |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CertificateThumbprint
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential.
The PSCredential object provides the user ID and password for organizational ID credentials.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InformationAction
Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:
- Continue
- Ignore
- Inquire
- SilentlyContinue
- Stop
- Suspend
Type: | ActionPreference |
Aliases: | infa |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InformationVariable
Specifies a variable in which to store an information event message.
Type: | String |
Aliases: | iv |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-LogFilePath
The path where the log file for this PowerShell session is written to. Provide a value here if you need to deviate from the default PowerShell log file location.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-LogLevel
Specifies the log level. The accdeptable values for this parameter are:
- Info
- Error
- Warning
- None
The default value is Info.
Type: | LogLevel |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MsAccessToken
Specifies a Microsoft Graph access token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TenantId
Specifies the ID of a tenant.
If you do not specify this parameter, the account is authenticated with the home tenant.
You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.
Type: | String |
Aliases: | Domain, TenantDomain |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για