Remove-MsolServicePrincipalCredential
Updated: July 30, 2015
Applies To: Azure, Office 365, Windows Intune
Note
- The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.
The Remove-MsolServicePrincipalCredential cmdlet can be used to remove a credential key from a service principal in the case of a compromise or as part of credential key rollover expiration. The service principal is identified by supplying either the object ID, application ID, or service principal name (SPN). The credential to be removed is identified by its key ID.
Syntax
Remove-MsolServicePrincipalCredential -KeyIds <Guid[]> [-TenantId <Guid>] [<CommonParameters>]
Remove-MsolServicePrincipalCredential -ObjectId <Guid> [-TenantId <Guid>] [<CommonParameters>]
Remove-MsolServicePrincipalCredential -AppPrincipalId <GUID> [-TenantId <Guid>] [<CommonParameters>]
Remove-MsolServicePrincipalCredential -ServicePrincipalName <string> [-TenantId <Guid>] [<CommonParameters>]
Parameters
-AppPrincipalId <GUID>
The application ID associated with the service principal to remove the
credential from.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-KeyIds <Guid[]>
Specifies the list of credential keys to be removed. The list of key
IDs for a service principal can be obtained using the
Get-MsolServicePrincipalCredential cmdlet.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ObjectId <Guid>
The object ID of the service principal to remove the credential from.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <string>
The unique name of the service principal to add the credential to.
An SPN must use one of the following formats "appName" or
"appName/hostname" or be a valid URL. AppName represents the name of
the application and hostname represents the URI authority for the
application.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-TenantId <Guid>
The unique ID of the tenant to perform the operation on. If this is
not provided, then the value will default to the tenant of the current
user. This parameter is only applicable to partner users.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information,
see
about_CommonParameters
(https://go.microsoft.com/fwlink/?LinkID=113216).
Examples
The following command removes a credential key from a service principal. In this example, the key ID "19805a93-e9dd-4c63-8afd-88ed91f33546" will be removed from the service principal associated with the service principal name "MyApp2/Contoso.com". To show a list of key IDs associated with a service principal, use the Get-MsolServicePrincipalCredential cmdlet.
Remove-MsolServicePrincipalCredential -KeyIds @("19805a93-e9dd-4c63-8afd-88ed91f33546") -ServicePrincipalName "MyApp2/Contoso.com"
Additional Resources
There are several other places you can get more information and help. These include: