I'm trying to use Azure Automation Account to run some jobs, but I'm struggling with the AzureRM Module installed. I manually installed some Az Modules but PowerShell ISE still using the AzureRM, like in trying to establish RunAs connectio below,
$RunAsConnection = Get-AutomationConnection -Name AzureRunAsConnection;try {$Login=Add-AzureRmAccount -ServicePrincipal
-TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint -ErrorAction Stop}catch{Sleep 10;$Login=Add-AzureRmAccount -ServicePrincipal -TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint};Set-AzureRmContext
-SubscriptionId $RunAsConnection.SubscriptionID
Then, I have to modify it manually to below code and it works.
$RunAsConnection = Get-AutomationConnection -Name AzureRunAsConnection;try {$Login=Add-AzureRmAccount -ServicePrincipal -TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint -ErrorAction Stop}catch{Sleep 10;$Login=Add-AzAccount -ServicePrincipal -TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint};Set-AzContext -SubscriptionId $RunAsConnection.SubscriptionID
How to fix this and how to force the automation account to use Az instead of Azure RM ?
Thanks!
After import Az module, you can use Connect-AzAccount for authentication, then use other Az cmdlet directly.
An example is using Get-AzWebApp(need to import Az.Websites modules as mentioned before) to get azure web app details, in automation runbook:
$connection = Get-AutomationConnection -Name AzureRunAsConnection
$connectionResult = Connect-AzAccount -ServicePrincipal -Tenant $connection.TenantID -ApplicationId $connection.ApplicationID -CertificateThumbprint $connection.CertificateThumbprint
#the cmdlet to get azure web app details
Get-AzWebApp -ResourceGroupName xxx
Related
Working on this as below - Using a power-shell script inside the Automation Account for run-book. The power-shell script will help in adding a rule inside the resource of the function-app of the networking rule. But somehow the following happens -
Not able to login the azure account
And it says Subscription ID doesn't exists. (Login is done via Service principle)
Code for reference
$azureAplicationId="XXXX"
$azureTenantId="XXXXX"
$azurePassword=ConvertToSecureString "XXXXXX" -AsPlainText -Force
$psCred=New-Object System.Management.Automation.PSCredential($azureAplicationId ,$azurePassword)
Login-AzureRmAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
Select-AzureSubscription -SubscriptionId "XXXXXX"
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "XXXXX" -WebAppName "XXXXX" -Name "iprule" -Priority 100 -Action Allow -IpAddress x.x.x.x/x –
hi all where can i find CertificateThumbprint and ApplicationId ??
I have tenant Id but i dont know the rest .
Thanks.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
ApplicationId
To get this ApplicationId, you need to register one Application in AAD:
After the application registered successfully in AAD, you will be redirected into the page which display the details about this application. Then you can see its ApplicationId:
CertificateThumbprint
Just go left bar, open Certificates & secrets tab. Then Upload a Certificates for this application. After the upload succeed, its CertificateThumbprint will appear under the column of THUMBPRINT.
I am trying to run a powershell script against all VMs in an azure subscription. I used AzureRunAsConnection to connect to the service principal. Using Get-AzureVM gives an error that I haven't set the default Subscription. When I try to set it using Select-AzureSubscription I am given an error message stating the subscription doesn't exist. Here's what I am using in the runbook.
'''
$conn = Get-AutomationConnection -Name 'AzureRunAsConnection'
Add-AzureRmAccount -ServicePrincipal -TenantId $conn.TenantID -ApplicationID $conn.ApplicationID -CertificateThumbprint $conn.CertificateThumbprint
Select-AzureSubscription -SubscriptionName *********
'''
The exact error message is:
'''
Select-AzureSubscription : The subscription name ***** doesn't exist.
Parameter name: id
At line:3 char:1
+ Select-AzureSubscription -Current -SubscriptionName "******** ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Select-AzureSubscription], ArgumentException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.SelectAzureSubscriptionCommand
'''
What am I doing wrong to keep getting this error?
There are three generations of Azure powershell modules, "Azure", "AzureRM", and "AZ". Looks like you've got multiple installed. Try
Select-AzureRmSubscription
instead.
#david is right you are confusing the commands, Classic (Azure) vs AzureRM.
If the goal is to get VM in subscripts below are sample code for Calssic and AzureRM
Classic
$ConnectionAssetName = "AzureClassicRunAsConnection"
$connection = Get-AutomationConnection -Name $connectionAssetName
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
$CertificateAssetName = $Conn.CertificateAssetName
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID
Get-AzureVM
AzureRM
$connectionName = "AzureRunAsConnection"
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
Add-AzureRmAccount -ServicePrincipal -TenantId $servicePrincipalConnection.TenantId -ApplicationId $servicePrincipalConnection.ApplicationId -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
Get-AzureRMVM
Also keep in mind that connections are tied to a subscription so for AzureRM you do not needed to select a subscription. If you want to select one (Select-AzureRmSubscription) it should be the same as the one in the connection properties.
When I'm trying to run the command New-AzureRmSqlDatabaseExport in an PowerShell Runbook it fails with the error message:
New-AzureRmSqlDatabaseExport : Object reference not set to an instance of an object.
I have verified that all modules are updated, AzureRM.Sql has version 4.12.1 when I'm writing this. New-AzureRmSqlDatabaseExport is a part of AzureRM.Sql and is also available in the runbook editor.
What I'm missing?
Update: The code I'm trying to run looks something like this:
$exportRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName "MyResourceGroup" -ServerName "MyServerName" -DatabaseName "MyDatabaseName" -StorageKeytype StorageAccessKey -StorageKey "MyStorageKey" -StorageUri "https://mystorage.blob.core.windows.net/backupdb/db.bacpac" -AdministratorLogin "userName" -AdministratorLoginPassword (ConvertTo-SecureString "mypassword" -AsPlainText -Force)
It does work Azure Cloud Shell.
Before the command is executed, make sure that you are authenticated. Adding these lines before the command will solve this problem:
$connection = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzureRmAccount -ServicePrincipal -Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID -CertificateThumbprint $connection.CertificateThumbprint
You find more information here:
https://learn.microsoft.com/en-us/azure/automation/automation-first-runbook-textual-powershell
Simply, I'm running Connect-AzureRmAccount using runbook automation in Azure, it gives me the error below:
Unable to find an entry point named 'GetPerAdapterInfo' in DLL
'iphlpapi.dll'.
I already imported the Azureprofile module and I can not figure out what is the issue.
If you want to connect to the Azure account with the PowerShell command Connect-AzureRmAccount in your Runbook, then it is really unnecessary. Just as I said in the comment, when you use the Runbook, you are already in an exact subscription of the tenant with an account. So just run your script without connecting the account.
If you really want to connect with the PowerShell, you can use the service principal like this:
Disable-AzureRmContextAutosave –Scope Process
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzureRmAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationID $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
But I really suggest you can just run the PowerShell script in your Runbook directly.
Update
When you create the Runbook, there will be a connection for you to run the PowerShell script. Or you can create the connection as your requirement. See Connection assets in Azure Automation. You could just use the default connection use the code like this:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
I had the same problem, in my case I was trying to simply use the Azure Cmdlet Get-AzVm.
I previously used code similar to what Charles posted above, the problem is that doesn't work with the Az Cmdlets as you can't use both the AzureRM and the new Azure modules at the same time.
I replaced all of that with the following and now it works:
Disable-AzContextAutosave –Scope Process
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzAccount -ServicePrincipal -Tenant $Conn.TenantID `
-ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
$AzureContext = Select-AzSubscription -SubscriptionId $Conn.SubscriptionID
I found this in the following article: https://learn.microsoft.com/en-us/azure/automation/automation-first-runbook-textual