Share via


Remove-MsolServicePrincipalCredential

Updated: July 30, 2015

Applies To: Azure, Office 365, Windows Intune

Note



  • The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Remove-MsolServicePrincipalCredential cmdlet can be used to remove a credential key from a service principal in the case of a compromise or as part of credential key rollover expiration. The service principal is identified by supplying either the object ID, application ID, or service principal name (SPN). The credential to be removed is identified by its key ID.

Syntax

Remove-MsolServicePrincipalCredential -KeyIds <Guid[]> [-TenantId <Guid>] [<CommonParameters>]

Remove-MsolServicePrincipalCredential -ObjectId <Guid> [-TenantId <Guid>] [<CommonParameters>]

Remove-MsolServicePrincipalCredential -AppPrincipalId <GUID> [-TenantId <Guid>] [<CommonParameters>]

Remove-MsolServicePrincipalCredential -ServicePrincipalName <string> [-TenantId <Guid>] [<CommonParameters>]

Parameters

    -AppPrincipalId <GUID>
        The application ID associated with the service principal to remove the 
        credential from.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -KeyIds <Guid[]>
        Specifies the list of credential keys to be removed. The list of key 
        IDs for a service principal can be obtained using the 
        Get-MsolServicePrincipalCredential cmdlet.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ObjectId <Guid>
        The object ID of the service principal to remove the credential from.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ServicePrincipalName <string>
        The unique name of the service principal to add the credential to.
        An SPN must use one of the following formats "appName" or 
        "appName/hostname" or be a valid URL.  AppName represents the name of 
        the application and hostname represents the URI authority for the 
        application.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer, PipelineVariable, and OutVariable. For more information, 
    see 
        about_CommonParameters 
    (https://go.microsoft.com/fwlink/?LinkID=113216).

Examples

The following command removes a credential key from a service principal. In this example, the key ID "19805a93-e9dd-4c63-8afd-88ed91f33546" will be removed from the service principal associated with the service principal name "MyApp2/Contoso.com". To show a list of key IDs associated with a service principal, use the Get-MsolServicePrincipalCredential cmdlet.

Remove-MsolServicePrincipalCredential -KeyIds @("19805a93-e9dd-4c63-8afd-88ed91f33546") -ServicePrincipalName "MyApp2/Contoso.com"

Additional Resources

There are several other places you can get more information and help. These include:

See Also

Other Resources

Manage Azure Active Directory by using Windows PowerShell