Skip to content

Instantly share code, notes, and snippets.

@nmackenzie
Created May 31, 2015 01:48
Show Gist options
  • Save nmackenzie/cf86b136559d921bc6be to your computer and use it in GitHub Desktop.
Save nmackenzie/cf86b136559d921bc6be to your computer and use it in GitHub Desktop.
Create an AAD service principal and configure it for AAD authentication for the Azure PowerShell cmdlets
#
# Sign-in as a user in the Owner role
#
Add-AzureAccount
#
# Sign-in to MSOL
#
Connect-MsolService
$servicePrincipalName = "http://UniqueName"
$displayName = "UniqueDisplayName"
$addressName = "http://UniqueName"
$strongPassword = "StrongPassword"
#
# Create a service principal
#
$address = New-MsolServicePrincipalAddresses -Address $addressName -AddressType Reply
New-MsolServicePrincipal -ServicePrincipalNames $servicePrincipalName -DisplayName $displayName -Type Password -Value $strongPassword -Addresses $address
Get-MsolServicePrincipal -ServicePrincipalName $servicePrincipalName
#
# Add the service principal to a role
#
New-AzureRoleAssignment -ServicePrincipalName $servicePrincipalName -RoleDefinitionName "Reader"
Get-AzureRoleAssignment | Select DisplayName, ServicePrincipalName
#
# Configure the service principal as a PowerShell account
#
$appPrincipalId = (Get-MsolServicePrincipal -ServicePrincipalName $servicePrincipalName).AppPrincipalId
$securePassword = ConvertTo-SecureString $strongPassword -AsPlainText -Force
$secureCredential = New-Object System.Management.Automation.PSCredential($appPrincipalId, $securePassword)
Add-AzureAccount -ServicePrincipal -Tenant $tenantId -Credential $secureCredential
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment