I have been battling with an issue for day now, Anytime i try to deploy from azure pipeline, i get this error:
Failed to create an app in Azure Active Directory. Error: The directory object quota limit for the Principal has been exceeded. Please ask your administrator to increase the quota limit or delete objects to reduce the used quota.
came across a resource on stackoverflow from:
Can't create new Service Principals in Azure despite being under quota
and followed the guide in the resource, but still didnt work.
Get-AzureADDeletedApplication -all 1 | ForEach-Object { Remove-AzureADdeletedApplication -ObjectId $_.ObjectId }
this is the error i get running the above command :
Get-AzureADDeletedApplication: The term 'Get-AzureADDeletedApplication' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Please note the command was run in powershell knowing it is a powershell command. Also, if there is a cli command to use to clear this, that would be really appreciated.
I would be gad if anyone can help cause this is frustrating and i am behind time.
Thanks guys
I tried in my environment and got similar error when I run the same commands:
Get-AzureADDeletedApplication
This error occurs due to that you have not install azureAD or install azureADPreview
Install the module
install-module AzureAD or install-module AzureADPreview
Connect with your azure active directory by following commands with your credentials.
Connect-AzureAD
When I connected with azure ad i can list all the DeletedazureADApplication.
First I tried to delete the particular AD application it is successfully deleted.
Remove-AzureADdeletedApplication -ObjectId 00000000-0000-0000-0000-000000000000
Later I tried to delete all the application with following commands and got successfully deleted the azureADdeletedapplication.
Get-AzureADDeletedApplication -all 1 | ForEach-Object { Remove-AzureADdeletedApplication -ObjectId $_.ObjectId }
Reference:
https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureaddeletedapplication?view=azureadps-2.0
Related
I tried different ways to deploy my local logic app from VS Community using powershell but none of them are working.
Any solutions for this?
Logic App deployment successful from Visual Studio (local) through PowerShell Command
The following command worked for me
New-AzResourceGroupDeployment -ResourceGroupName <Azure-resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.logic/logic-app-create/azuredeploy.json
and here is the output:
Here is the process that I followed before running the above command.
Process Flow:
I have found that there are 2 ways of deploying logic app through PowerShell i.e., Azure RM Template Commands and AZ Modules Commands
To work with any of the following commands, we are required to install related package files:
To deploy using Azure RM Template Commands - Run this code on PowerShell:
Install-Module -Name AzureRM -AllowClobber
To deploy using AZ module commands - Run this code on PowerShell:
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Checkout the following links to play with versions (uninstalling old and installing new), setting up the policies, connecting of Azure Accounts, etc in these:
Azure RM PowerShell Commands and Azure Az Module PowerShell Commands
Following is the process of which I have tried deploying the Local Visual Studio Logic App to Azure in PowerShell using Azure RM PowerShell Script commands:
Before deploying:
Create a Logic App in Visual Studio (File > New Project > Select 'Azure Resource Group' > Logic App)
Your solution will be ready in a few seconds, you will be able to see two json files. As you select prameters.json file you will be able to see json schema for logic app deployment.
To Connect your logic with your Azure Account, right click on LogicApp.json and select 'Open with logic app designer'. If you don't find this option, then install this extension in your project:
Right click on project and click on validate
Select your resource group, subscription and click on edit parameters - give custom name to your logic app. Otherwise, it will throw you error of null in logicAppName and shows template is invalid.
After validation, it shows the template is valid. It can be automatically validate during deployment process also, but it's good way to validate to get rid out of errors.
PowerShell Commands to deploy your logic App from visual studio (local):
Install this Power Shell provided by Microsoft Cloud.
Run in Administrator Mode > Login with Connect-AzureRmAccount command (it takes you to browser and connect with Azure account) > after that it imports your subscription and resource group details in the shell like below:
Use the following command to deploy your logic app
New-AzResourceGroupDeployment -ResourceGroupName "AzureAccountMail" -Templatefile "C:\LogicAppTemplats\template.json" -TemplateParameterFile "C:\LogicAppTemplats\parameters.json"
Check this following documentation for this command overview.
Done! Deployment Succeeded.
Now Check out in the azure portal:
Note:
Here you can find the template file and parameters.json file under your project:
Make Sure you given your logic app name value here in the parameters.json file:
And Provide the logic app name, deployment location values in the template.json file (LogicApp.json)
I want to elevate a Azure Resource thru PIM Elevation. And after long search, i found that ... AzureADPreview is the module that helps me do that!
But, I am not able to move forward, as I keep facing this error of Gateway Timeout! when I try the below command!!
Get-AzureADMSPrivilegedResource –ProviderId AzureResources
I have ensured trying all below to ensure that I have logged into Azure Account...
Connect-AzAccount
Connect-AzureAD
Connect-pimservice
Connect-MgGraph
Connect-Graph
Also, had set the subscription in context, but NO Luck!
Below are the links I referred...
Try my method:
Run PowerShell as an administrator.
Download the AzureADPreview module Install-module AzureADPreview. Please note that you must uninstall all AzureAD modules before downloading the AzureADPreview module UnInstall-Module AzureAD, because too many conflicting commands will cause errors.
Run the Connect-AzureAD command and log in with the Azure AD global administrator account.
Run the command.
Some context: I have a PowerShell script that gets information about users and their licenses on Azure, and then saves that information to CSV file. It works locally. My goal is to have this script automatically run on Azure (I'm trying to do it in an Azure Function App) once a month, and then have the created CSV file be emailed to a specified email. However all I want to figure out right now is how to get the list of users so that the script can at least just run without errors.
I have very little experience with PowerShell and Azure Function Apps, so I'm stuck on a few errors I'm getting. I have spent the last few days troubleshooting to no luck.
Here is the beginning of the script that I can run from my local PowerShell:
Function main()
{
#Clean up session
Get-PSSession | Remove-PSSession
#Connect AzureAD from PowerShell
Connect-MsolService
#Set output file
$ExportCSV=".\DetailedO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$ExportSimpleCSV=".\SimpleO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
#FriendlyName list for license plan and service - txt file on local computer
$FriendlyNameHash=Get-Content -Raw -Path .\LicenseFriendlyName.txt -ErrorAction Stop | ConvertFrom-StringData
#txt file on local computer
$ServiceArray=Get-Content -Path .\ServiceFriendlyName.txt -ErrorAction Stop
#Hash table declaration
$Result=""
$Results=#()
$output=""
$outputs=#()
$LicensedUserCount=0
#Get all licensed users
Get-MsolUser -All | where{$_.islicensed -eq "true"} | Foreach{
#this is another function that handles grabbing the user info and writing it to the CSV file
Get_UsersLicenseInfo
$LicensedUserCount++
}
. main
With this script above, it requires some user input for entering credentials. I want this script to be able to run automatically in Azure without any user input, so I've been trying to modify it to do that. I found out that any commands with 'Msol' in the name don't work in Azure Function Apps/Powershell Core, so I found a different module that apparently does work.
This is where I'm currently at with the script to be run in my Azure Function App:
Import-Module AzureAD
Function main()
{
#Clean up session
Get-PSSession | Remove-PSSession
$password = ConvertTo-SecureString "{my password here}" -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("myusernamehere", $password)
Connect-AzureAD -Credential $UserCredential
#Set output file
$ExportCSV=".\DetailedO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$ExportSimpleCSV=".\SimpleO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
#FriendlyName list for license plan and service - hash table here
$FriendlyNameHash= #{AAD_BASIC = "Azure Active Directory Basic"; AAD_PREMIUM= "Azure Active Directory Premium"; AAD_PREMIUM_P1= "Azure Active Directory Premium P1"; AAD_PREMIUM_P2= "Azure Active Directory Premium P2" }
#array of strings, used when getting user info
$ServiceArray= "MCOEV", "Cloud PBX", "MCOPSTN2", "PSTN International", "mcomeetadv"
#Hash table declaration
$Result=""
$Results=#()
$output=""
$outputs=#()
$LicensedUserCount=0
Get-AzureADUser -All | where{$_.islicensed -eq "true"} | Foreach{
Get_UsersLicenseInfo
$LicensedUserCount++}
}
. main
First of all I'm not sure if I even need to authenticate if this script is running from within my Azure account. Second of all, and my main issue, is that when I try to run this script in my Azure Function App, I get this error:
snippet of the azure error
If the picture doesn't work, it says:
The Function app may be missing a module containing the 'Connect-AzureAD' command definition. If this command belongs to a module available on the PowerShell Gallery, add a reference to this module to requirements.psd1. Make sure this module is compatible with PowerShell 7. For more details, see https://aka.ms/functions-powershell-managed-dependency. If the module is installed but you are still getting this error, try to import the module explicitly by invoking Import-Module just before the command that produces the error: this will not fix the issue but will expose the root cause.
2021-06-08T16:48:00.377 [Error] ERROR: The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program.Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Exception
I get that same error for the line with 'Get-AzureADUser' as well. I followed this guide: https://tech.nicolonsky.ch/azure-functions-powershell-modules/ to add the AzureAD module to my managed dependencies, but I still get that same error.
If anything needs clarification, let me know. Any help is appreciated!
Actually, AzureAD needs to be imported a bit differently - it's been a problem for a while per this github issue. This seemed to work for most people:
Setting the application to run as x64 bit: Function App>
Configuration > General Settings > Platform > 64 Bit
Setting the app to run on Powershell 7 instead of 6 on this thread
Use: Import-Module AzureAD -UseWindowsPowerShell
I have an Azure runbook that runs on schedule. Its in powershell and this runbook starts a VM and executes a script on the VM started. How I achieve this is
1) Store the script to be run on the VM in a storage account
2) Run powershell runbook
3) Powershell runbook uses wget command to copy the script from step 1
4) Invoke-AzureRmVMRunCommand in the Azure automation powershell commands as shown below
wget "https://utilitystorageaccnt.blob.core.windows.net/utilitycontainer/token" -outfile ((Get-Location).path + "\Reporting Copy.ps1") -UseBasicParsing
Invoke-AzureRmVMRunCommand -ResourceGroupName $ResourceGroupName -VMName $VmName -CommandId 'RunPowerShellScript' -ScriptPath ((Get-Location).path + '\Reporting Copy.ps1') -ErrorVariable result
Please not that the above two commands are in the powershell runbook script and not the actual script that is run on the VM.
Facing two issues
1) When this script Reporting Copy.ps1 runs standalone on the VM, then it works properly and it has no issues. When it is run using the runbook, I get these errors in the log file on the target vm.
"New-AzStorageContext : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again."
2) Even after this error occurs, it doesnt terminate and runs in loops. This script does a copy operation and it keeps looping until all the copy is complete. I can handle code to terminate but I would like to know how to force terminate a runbook. I tried to stop the VM for even a hour and it resumes the copy operation. The runbook status in Azure shows as completed. There are two python processes that show in explorer and terminating them doesn't work either.
Any help or hint is appreciated.
Thanks.
Look like you did not imported Az PowerShell module into our Automation Account.
Please, follow this tutorial : Az module support in Azure Automation
Try to use only Az module and not AzureRM
The issue was because I had not installed the AZ module for all users like this.
Install-Module -Name Az -AllowClobber -Scope AllUsers
Instead I had used
Install-Module -Name Az -AllowClobber -Scope CurrentUser
and since the automation runs on a different user, the issue occurred. Thanks for your help.
I am trying to automate the process of an Azure Active Directory (AAD) app registration using Azure DevOps release pipeline but it fails to do so. (Please note that the same command (powershell commands as well as azure commands) works perfectly fine if I am running the same commands from my laptop) and for that I created an azure powershell task in the release pipeline and used the following line of code in the "inline script section":
I tried creating the AAD app registration using the following 2 methods:
1. "Azure Powershell script task"
2. Azure commands
Following is inline script that I used in case of azure powershell task:
Import-Module AzureRM
Import-Module AzureAD
# Register an AAD app
$appURI = "https://knaabdapp123.azurewebsites.net"
$appHomePageUrl = "https://knaabdapp123.knandan.in"
$appReplyURLs = #($appURI, $appHomePageURL, "https://localhost:12345")
New-AzureADApplication -DisplayName knaabdapp123 -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs
I get the following error when I do so:
2019-08-09T11:27:31.1039145Z ##[section]Starting: Azure PowerShell script: Register an AAD app and generate credential for the same
2019-08-09T11:27:31.1162119Z ==============================================================================
2019-08-09T11:27:31.1162226Z Task : Azure PowerShell
2019-08-09T11:27:31.1162310Z Description : Run a PowerShell script within an Azure environment
2019-08-09T11:27:31.1162378Z Version : 2.153.1
2019-08-09T11:27:31.1162446Z Author : Microsoft Corporation
2019-08-09T11:27:31.1162520Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
2019-08-09T11:27:31.1162620Z ==============================================================================
2019-08-09T11:27:37.0179906Z ##[command]Import-Module -Name C:\Modules\AzureRm_5.1.1\AzureRM\5.1.1\AzureRM.psd1 -Global
2019-08-09T11:28:10.7554409Z ##[command]Clear-AzureRmContext -Scope Process
2019-08-09T11:28:11.2755157Z ##[command]Disable-AzureRmContextAutosave -ErrorAction Stop
2019-08-09T11:28:15.0230853Z ##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud #processScope
2019-08-09T11:28:16.5226685Z ##[command] Select-AzureRMSubscription -SubscriptionId a*******-ae1c-****-****-********** -TenantId ***
2019-08-09T11:28:16.8648715Z ##[command]& 'C:\Users\VssAdministrator\AppData\Local\Temp\2a55****-67c6-****-8f80-**********.ps1'
2019-08-09T11:28:17.0308219Z ##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.
2019-08-09T11:28:19.0607544Z ##[command]Remove-AzureRmAccount -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.4371114Z ##[command]Clear-AzureRmContext -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.8885329Z ##[error]The term 'New-AzureADApplication' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I also used the Azure CLI task and used the following script, but that fails too:
az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
I get the following error in this case:
>az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
2019-08-09T11:47:46.5676945Z ERROR: Insufficient privileges to complete the operation.
2019-08-09T11:47:46.6721317Z ##[error]Script failed with error: Error: d:\a\_temp\azureclitaskscript1565351201021.bat failed with return code: 1
So, I have 2 questions:
Is it possible to create an AAD app registration using "Azure powershell" task script or "Azure CLI" task in Azure DevOps?
If yes, then what may I be doing wrong?
Is it possible to create an AAD app registration using "Azure
powershell" task script or "Azure CLI" task in Azure DevOps?
For this question, the answer is Yes, of course you can.
The cause of the error you received in Azure Powershell task is as default, the AzureAD powershell cmdlets will not be installed in agent.So, if you try to using this module directly, you will receive the message like "##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory."
If yes, then what may I be doing wrong?
To solve this error message, please try with replacing your script Import-Module AzureAD as the follow script to use a correct way to get the AzureAD module.
$AzureADModulePath = $PSScriptRoot + "\AzureAD\2.0.1.16\AzureAD.psd1"
Import-Module $azureAdModulePath
This is the detailed info about AzureAD module in Powershell Gallery. And also, here has a blog you can refer.
Updated:
You must install AzureAD cmdlets module from the PowerShell gallery with the below script first:
Install-Module -Name AzureAD -RequiredVersion 2.0.1.16
Note: If get error like Install-Module : Administrator rights are required to install modules while you install with this script, please add -scope CurrentUser to the install script. It will running the script as administrator role.
And then, import the module from the installed path afterwards.