Get-MsolServicePrincipalCredential
Updated: July 30, 2015
Applies To: Azure, Office 365, Windows Intune
Note
- The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.
The Get-MsolServicePrincipalCredential cmdlet can be used to retrieve a list of credentials associated with a service principal.
Syntax
Get-MsolServicePrincipalCredential -ObjectId <Guid> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]
Get-MsolServicePrincipalCredential -ServicePrincipalName <string> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]
Parameters
-AppPrincipalId <Guid>
The application ID associated with the service principal credentials
to retrieve.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ObjectId <Guid>
The object ID associated with the service principal credentials to
retrieve.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <string>
The unique name of the service principal to retrieve credentials from.
An SPN must use one of the following formats "appName" or
"appName/hostname" or be a valid URL. AppName represents the name of
the application and hostname represents the URI authority for the
application.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-TenantId <Guid>
The unique ID of the tenant to perform the operation on. If this is
not provided, then the value will default to the tenant of the current
user. This parameter is only applicable to partner users.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information,
see
about_CommonParameters
(https://go.microsoft.com/fwlink/?LinkID=113216).
Examples
Output is provided by Microsoft.Online.Administration.ServicePrincipalCredential. The output retrieves the list of credentials associated with a service principal. Each service principal contains the following information:
Type - The type of service principal credential (Asymmetric/Symmetric/Password)
Value - The value of the credential. If the credential type is certificate, this represents the base 64 encoded certificate. If credential type is symmetric, it represents an AES key
KeyGroupId - The identifier reserved for internal use
KeyId - The unique identifier of the key
StartDate - The effective start date of the credential usage
EndDate - The effective end date of the credential usage
Usage - Specifies if the credential is used to "sign" or "verify" a token
Example 1
The following command will retrieve all of the credential properties (but not the credential value) associated with the service principal name (SPN) "MyApp/Contoso.com". An SPN must follow the format appClass/hostname, where appClass represents the application class ("MyApp") and hostname represents the hostname for the application (Contoso.com).
Get-MsolServicePrincipalCredential -ServicePrincipalName "MyApp/Contoso.com"
Additional Resources
There are several other places you can get more information and help. These include: