Deploying an AzureKeyVault and trying to retrieve ObjectId with an inline powershell script

Question

Deploying an AzureKeyVault and trying to retrieve ObjectId with an inline powershell script

Josh Martin 5

ArmTemplateCode.pdf

Hi guys, I'm thinking this is the best place to post this as you guys are the cream of the crop. I'm very new to azure Devops and I am playing around ARM templates and have created a relatively simple azurekeyvault. In my code I am trying to create an inline PowerShell script that will grab someone deploying the ARM templates ObjectId and storing it into the parameter, as opposed to entering it in manually or having to deploy it from the azure portal. I just cannot seem to get it to work, and it is quite frustrating. I was wondering if someone could take a quick look and maybe explain what I am doing wrong. Very Kind regards.

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-02-22T00:20:50.33+00:00
@Josh Martin

Thank you for your post and I apologize for the delayed response!

From your issue, I understand that you're trying to create an inline PS script that will get the user's Object ID deploying the ARM template and store it as a parameter.

Are you running into any error messages when trying to deploy your current script?

Have you looked into the Use deployment scripts in ARM templates documentation?

When it comes to getting a user's Object ID, since this would be stored of Azure AD, have you tried logging into Azure AD as part of your PS script, getting the User's Object ID, and storing that as a variable?

For example:

#Connect to Azure AD Connect-AzureAD -TenantId "<TenantID>" #Get Signed In user's ObjectID and store it in the ObjectID Variable $UserInfo = Get-AzADUser -SignedIn $ObjectID = $UserInfo.Id #Output ObjectID $ObjectID #Deploy Key Vault ARM Template via PowerShell

I hope this helps!
Josh Martin 5 Reputation points

2023-02-22T00:32:34.21+00:00

Sorry, did receive just then, but yes that is correct, I'm trying to do an inline PowerShell script getting the users ObjectId and deploying that has a stored parameter. With your response, are you saying to connect to azure and store objectId similarly to how you've done it there inside my inline PS script? or in a new terminal of PowerShell? Sorry for rookie questions am quite new to azure and coding.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-03-14T20:42:43.1433333+00:00

@Josh Martin

Thank you for following up on this and I apologize for the delayed response!

I reached out to our Key Vault engineering team to confirm this, and when it comes to getting the user's Object ID deploying the ARM template and storing it as a parameter to be used in the ARM template. This doesn't look to be possible, because an ARM template is for the azure resources in your subscription (i.e. VM, Key Vault, etc.). However, Azure AD objects such as a user's Object ID isn't part of ARM. For more info.

Azure Resource Manager (ARM) is the deployment and management service for Azure. You apply management settings at any of these levels of scope. For more info - Understand scope.

Similar Issue - Similar Issue - ARM Template: Looking up a user object Id

If you'd like this feature to be possible, I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this.

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-03-15T19:10:21.13+00:00

@Josh Martin

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

1 answer

Your answer

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-02-22T00:20:50.33+00:00

@Josh Martin

Thank you for your post and I apologize for the delayed response!

From your issue, I understand that you're trying to create an inline PS script that will get the user's Object ID deploying the ARM template and store it as a parameter.

Are you running into any error messages when trying to deploy your current script?

Have you looked into the Use deployment scripts in ARM templates documentation?

When it comes to getting a user's Object ID, since this would be stored of Azure AD, have you tried logging into Azure AD as part of your PS script, getting the User's Object ID, and storing that as a variable?

For example:

#Connect to Azure AD Connect-AzureAD -TenantId "<TenantID>" #Get Signed In user's ObjectID and store it in the ObjectID Variable $UserInfo = Get-AzADUser -SignedIn $ObjectID = $UserInfo.Id #Output ObjectID $ObjectID #Deploy Key Vault ARM Template via PowerShell

I hope this helps!
Josh Martin 5 Reputation points

2023-02-22T00:32:34.21+00:00

Sorry, did receive just then, but yes that is correct, I'm trying to do an inline PowerShell script getting the users ObjectId and deploying that has a stored parameter. With your response, are you saying to connect to azure and store objectId similarly to how you've done it there inside my inline PS script? or in a new terminal of PowerShell? Sorry for rookie questions am quite new to azure and coding.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-03-14T20:42:43.1433333+00:00

@Josh Martin

Thank you for following up on this and I apologize for the delayed response!

I reached out to our Key Vault engineering team to confirm this, and when it comes to getting the user's Object ID deploying the ARM template and storing it as a parameter to be used in the ARM template. This doesn't look to be possible, because an ARM template is for the azure resources in your subscription (i.e. VM, Key Vault, etc.). However, Azure AD objects such as a user's Object ID isn't part of ARM. For more info.

Azure Resource Manager (ARM) is the deployment and management service for Azure. You apply management settings at any of these levels of scope. For more info - Understand scope.

Similar Issue - Similar Issue - ARM Template: Looking up a user object Id

If you'd like this feature to be possible, I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this.

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-03-15T19:10:21.13+00:00

@Josh Martin

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

Answer 1

To retrieve the ObjectId of an Azure Key Vault, you can use the Azure PowerShell module to run a script inline. Here's an example of how to do it:

Open PowerShell and log in to your Azure account using the Connect-AzAccount cmdlet.
Create a new Key Vault using the New-AzKeyVault cmdlet. Make sure to include the -EnabledForDeployment parameter, as this will allow you to retrieve the ObjectId later on.

    powershellCopy code
    $resourceGroup = "myResourceGroup"
$vaultName = "myKeyVault"

New-AzKeyVault -ResourceGroupName $resourceGroup -Name $vaultName -EnabledForDeployment
    ```
    
    
1. Retrieve the ObjectId of the Key Vault using the **`Get-AzResource`** cmdlet. This cmdlet returns an Azure Resource Manager resource, which includes the ObjectId of the Key Vault.

powershellCopy code
$keyVault = Get-AzResource -ResourceGroupName $resourceGroup -ResourceType "Microsoft.KeyVault/vaults" -ResourceName $vaultName

$keyVault.ObjectId ```

The **`Get-AzResource`** cmdlet is used to retrieve the Key Vault resource, and the **`ObjectId`** property is used to retrieve the ObjectId of the Key Vault.

That's it! You can now use this ObjectId in other scripts and commands to manage your Key Vault.

Share via

Deploying an AzureKeyVault and trying to retrieve ObjectId with an inline powershell script

ArmTemplateCode.pdf

1 answer

Your answer