Remove-AzureRmADSpCredential
Removes a credential from a service principal.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Remove-AzureRmADSpCredential
-ObjectId <Guid>
[-KeyId <Guid>]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-AzureRmADSpCredential
-ServicePrincipalName <String>
[-KeyId <Guid>]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-AzureRmADSpCredential
-DisplayName <String>
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-AzureRmADSpCredential
-ServicePrincipalObject <PSADServicePrincipal>
[-KeyId <Guid>]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Remove-AzureRmADSpCredential cmdlet can be used to remove a credential key from a service principal in the case of a compromise or as part of credential key rollover expiration. The service principal is identified by supplying either the object ID or service principal name (SPN). The credential to be removed is identified by its key ID if an individual credential is to be removed or with an 'All' switch to delete all credentials associated with the service principal.
Examples
Example 1 - Remove a specific credential from a service principal
PS C:\> Remove-AzureRmADSpCredential -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -KeyId 9044423a-60a3-45ac-9ab1-09534157ebbRemoves the credential with key id '9044423a-60a3-45ac-9ab1-09534157ebb' from the service principal with object id '00001111-aaaa-2222-bbbb-3333cccc4444'.
Example 2 - Remove all credentials from a service principal
PS C:\> Remove-AzureRmADSpCredential -ServicePrincipalName http://test123Removes all credentials from the service principal with the SPN "http://test123".
Example 3 - Remove all credentials from a service principal using piping
PS C:\> Get-AzureRmADServicePrincipal -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 | Remove-AzureRmADSpCredentialGets the service principal with object id '00001111-aaaa-2222-bbbb-3333cccc4444' and pipes that to the Remove-AzureRmADSpCredential cmdlet to remove all credentials from that service principal.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
The display name of the service principal.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Force
Switch to delete credential without a confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyId
Specifies the credential key to be removed. The key Ids for a service principal can be obtained using the Get-AzureRmADSpCredential cmdlet.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ObjectId
The object id of the service principal to remove the credentials from.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PassThru
Specifying this will return true if the command was successful.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ServicePrincipalName
The name (SPN) of the service principal to remove the credentials from.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ServicePrincipalObject
The service principal object to remove the credentials from.
| Type: | PSADServicePrincipal |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Parameters: ServicePrincipalObject (ByValue)