like to know all the sites in Azure that are currently associated to our Azure Tenant includes full URL,azure web apps,azure SQL,Storage accounts,Datalake,Cosmosdb,container registries
Tried Get-AzureADTenantDetail and also az resource list but not able find it
Any Powershell script will help
You can use
Azure CLI
az resource list
Powershell
Get-AzureRmResource
You can use Get-AzureRmResource to get the list of resources in an Azure Subscription. By default this Cmdlet will list all resources in an Azure Subscription. To get a list of certain resource types, you can specify an OData filter query.
For example, the Cmdlet below will list all storage accounts and webapps in an Azure Subscription:
Get-AzureRmResource -ODataQuery "ResourceType eq 'Microsoft.Storage/storageAccounts' or ResourceType eq 'Microsoft.Web/sites'" | ft
You will need to find the proper resource type values for each kind of resource that you want to find.
Another thing to notice is that this Cmdlet is scoped to a single Azure Subscription. If your Azure Tenant serves as authentication/authorization source for multiple subscriptions, you would need to run this Cmdlet for each subscription separately.
If you have multiple tenants, you can switch between tenants and get resources within them (subscription by subscription) via
connect-azaccount -Tenant [different tenant id]
$context = Get-AzSubscription [subscriptionid in different tenant id]
set-azcontext $context
get-azresource > resources.tenantname.subcription.txt
where tenantname and subscription are the names of the tenant and subscription in english form (instead of id's).
you should probably not use those azurerm commands anymore, they will stop working sometime in 2024. use the az equivalents (basically replace azurerm with az (yeah, i could delete urerm but that seems weirder!))
Related
If there any way can deploy the resources to different subscription from one centralized deployment console?
I'm planning create the resource monitoring dashboards in different subscription, as of now manually I'm importing the JSON configuration file into different subscription and changing the resource values.
Looking for the solution kind of centralized deployment.
You can do this using Azure Powershell or the Azure CLI. In order to change subscriptions, an Azure PowerShell Context object first needs to be retrieved with Get-AzSubscription and then the current context changed with Set-AzContext.
$context = Get-AzSubscription -SubscriptionId ...
Set-AzContext $context
For Azure CLI you can do:
az account set --subscription "My Demos"
CLI also lets you scope deployments to Subscriptions or Management Group. An example would be:
az deployment sub create --location <location> --template-file <path-to-template>
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli
I'm trying to create an Application Insights resource following the directions provided here: https://learn.microsoft.com/en-us/azure/azure-monitor/app/powershell
However, when I execute the command from the docs:
New-AzResourceGroupDeployment -ResourceGroupName Fabrikam -TemplateFile .\template1.json -appName myNewApp
Replacing Fabrikam my Resource Group Name, it throws ResourceGroupNotFound. If I list the Resource Groups with:
az group list
I can clearly see the Resource Group in the list, so I know I'm in the right subscription context.
Any thing obvious that I'm missing?
I've uploaded my version of template1.json already to the CLI storage.
I can clearly see the Resource Group in the list, so I know I'm in the right subscription context.
No, if you can use az group list to see the group, it just means the azure CLI context is in the right subscription. The New-AzResourceGroupDeployment is azure powershell, they are different, you need to use Get-AzResourceGroup to list groups.
To check if you are in the correct subscription, just use Get-AzContext. If you want to set the subscription for the powershell context, just use Set-AzContext -Subscription "<subscription-id>".
I've uploaded my version of template1.json already to the CLI storage.
I suppose you mean you upload the template to the azure storage. If so, you could not use this parameter -TemplateFile, you need to use -TemplateUri and -TemplateParameterUri, you need to generate the SAS urls for your template files(if your container is not public), then specify the two parameters, see this link.
Actually, you can use New-AzResource to create the app insight directly, no need to use the template in the doc.
Sample:
New-AzResource -ResourceName "<appinsight-name>" -ResourceGroupName <resourcegroup-name> -ResourceType "Microsoft.Insights/components" -Location "East US" -PropertyObject #{"Application_Type"="web"}
I am trying the available Microsoft gallery script [https://gallery.technet.microsoft.com/scriptcenter/Export-Azure-Resource-092b9c2a#content] but it's running on subscription level and it's hanging in the middle. Looking for the solution from PowerShell or Microsoft Graph API to pull the required RBAC roles from Subscription, resource groups and each resource level.
Because the command in the script lists all role assignments in the selected Azure subscription by default. You just need to use the parameters e.g.-ResourceGroupName, -Scope in the command, then you will be able to do what you want.
Besides, in your script, it uses old AzureRm command Get-AzureRmRoleAssignment, it was deprecated. I recommend you to use Get-AzRoleAssignment.
For more details, see this link: Get-AzRoleAssignment.
to achieve that you just need to use Get-AzRoleAssignment together with a filter:
Get-AzRoleAssignment | Where-Object { $_.Scope -match 'resource_group_name' }
I am trying to move some Azure resources from one subscription to another one. I have one Microsoft Account which is co-administrator in both source and target subscriptions.
I run Powershell and log in using the following commandlet:
Add-AzureRmAccount -TenantId "source tenant GUID"
Then I use
Move-AzureRmResource -ResourceId "id of the resource" -DestinationResourceGroupName "xxx" -SubscriptionId "target subscription GUID"
I am getting this error:
Move-AzureRmResource : LinkedAuthorizationFailed : The client has permission to perform
action 'Microsoft.Resources/subscriptions/resourceGroups/write' on scope '/subscriptions/
xxx/resourceGroups/dotnetportal', however the linked subscription 'target subscription GUID' is not in
current tenant 'source tenant GUID'.
Can't reproduce your question and no official material found, but according to the error message however the linked subscription 'target subscription GUID' is not in
current tenant 'source tenant GUID', I think resources moving between subscriptions belong to different tenant is not allowed. Microsoft Azure should have limited the function within identical tenant.
The Azure PowerShell module Move-AzureRmResource cmdlet allows you to move a resource to a different resource group or subscription, but it requires the subscriptions to be in the same tenant.
The best way to check if you have linked subscription is using UI, first.
Login to your source azure subscription.
Browse > Resource groups and select the resource group that contains the VM.
In the Resource group blade, select Move from the menu.
Check if you can see the linked subscription.
A good workaround to copy or move a resource group from one subscription to another see: https://blogs.msdn.microsoft.com/azuregov/2016/12/09/copying-azure-resource-groups-between-different-azure-subscriptions-or-environments/
Share you some code as referenceļ¼
Get-AzureRMResource -ResourceName **** -ResourceGroupName **** |
Move-AzureRMResource -DestinationResourceGroupName *** -DestinationSubscriptionId **** -Force
In Azure Classic / Service Management, Get-AzureSubscription would give a list of subscriptions in the Tenant with an indicator of which was current.
There was also a Get-AzureSubscription -Current flag that would give you just the current subscription.
Is there a way to find the current subscription in AzureRM.Profile?
Get-AzureRmContext gives you info about the selected subscription, default storage account, etc.
(Get-AzureRmContext).Subscription gives you the current subscription.
Now you can use the new Az commands
Get-AzContext
You can also use Get-AzureRmSubscription
$sub = Get-AzureRmSubscription
$sub.SubscriptionId
This will give you the SubscriptionId