Share via

Azure Automation Account: how to get the credentials of the users who started a Runbook?

JO 21 Reputation points
2020-06-13T18:15:07.747+00:00

GoodMorning.
I have an Automation Account in my Azure subscription with some runbooks.
The Automation account can be accessed by many admins that simply start the runbook to have some jobs accomplished.
The runbooks are powershell.

Let;s say, just for instance, that I'd want to email the job results to the person that started the runbook
So, I need to know who started the job

How can I get with powershell, within the runbook, the username of the user that started the runbook?

Many thanks for your help

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,140 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. tbgangav-MSFT 10,386 Reputation points
    2020-06-15T03:51:02.967+00:00

    Hi @JO ,

    Thanks for reaching out!!

    AFAIK currently it's not possible to get the user information of the user that started the runbook from within the runbook itself. You may raise feedback in this UserVoice / feedback forum. Responsible product group / feature team would check feasibility of the raised feature request, prioritize against existing feature backlog and add in roadmap as appropriate. Once feedback is created, you may upvote it and other features that are of interest. We would announce and/or update the related Azure document once a feature request is addressed.

    It used to be possible to get the user information who started the runbook from outside the runbook by leveraging Az PowerShell cmdlet Get-AzAutomationJob which gives required information in 'StartedBy' output parameter but now it gives output as "{scrubbed}" because it's considered as PII so to get the user information who started the runbook from outside the runbook, you would have to leverage Az PowerShell cmdlet Get-AzLog and the event to look for this requirement is "Microsoft.Automation/automationAccounts/jobs/write".

    Examples:

    Get Activity log event based on start time, end time and runbook job id: 

    Get-AzLog -ResourceGroupName "<ResourceGroupName>" -DetailedOutput -StartTime "<StartTimeOfQueryInLocalTime>" -EndTime "<EndTimeOfQueryInLocalTime>" | ?{($_.Status.Value -eq "Started") -and ($_.OperationName.Value -eq "Microsoft.Automation/automationAccounts/jobs/write") -and ($_.Id -like "*<RunbookJobID>*")} | Select Caller

    or 

    Get-AzLog -ResourceGroupName "<ResourceGroupName>" -DetailedOutput -StartTime "<StartTimeOfQueryInLocalTime>" -EndTime "<EndTimeOfQueryInLocalTime>" | ?{($_.Status.Value -eq "Started") -and ($_.Authorization.Action -eq "Microsoft.Automation/automationAccounts/jobs/write") -and ($_.Id -like "*<RunbookJobID>*")} | Select Caller

    Get Activity log event based on start time, end time: 

    Get-AzLog -ResourceGroupName "<ResourceGroupName>" -DetailedOutput -StartTime "<StartTimeOfQueryInLocalTime>" -EndTime "<EndTimeOfQueryInLocalTime>" | ?{($_.Status.Value -eq "Started") -and ($_.OperationName.Value -eq "Microsoft.Automation/automationAccounts/jobs/write")} | Select Caller

    or 

    Get-AzLog -ResourceGroupName "<ResourceGroupName>" -DetailedOutput -StartTime "<StartTimeOfQueryInLocalTime>" -EndTime "<EndTimeOfQueryInLocalTime>" | ?{($_.Status.Value -eq "Started") -and ($_.Authorization.Action -eq "Microsoft.Automation/automationAccounts/jobs/write")} | Select Caller