I am trying to get a user to run a powershell script through an Azure function. This script is supposed to create a site on SharePoint with some info provided by users.
I created an Azure Function App to run some PowerShell scripts. When I tried to run my code, it returned an error http 502 at Connect-PnPOnline
If I remove Connect-PnPOnline, I get a 200 response. So I am sure that it has to do with Connect-PnPOnline in my script.
I followed the post by #Lee_MSFT Get PowerShell Script to Run SharePoint Commands on Azure
and able to import modules.
using namespace System.Net
param (
[string]$projectnumber,
[string]$projectname
)
$site = "https://xxxxx.sharepoint.com/sites/projects"
$projectsite = -join($site, "/", $projectnumber)
$projecttitle = -join($projectnumber, " ", $projectname)
Connect-PnPOnline -url $site
...
I got 500 from Connect-PnPOnline -url $site and a 502 from Connect-PnPOnline -url $site -UseWebLogin
Anyone know that why I have 5xx errors while using Connect-PnPOnline?
Thanks a lot!
Make sure you have upload the PnP PowerShell module for your Azure Function, then use the PowerShell below to connect the SharePoint.
$siteURL = "https://tenant.sharepoint.com/sites/projects"
$userId = "abc#tenant.onmicrosoft.com"
$plainText= "*****"
$pwd = ConvertTo-SecureString $plainText -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential($userId,$pwd)
Connect-PnPOnline -Url $siteURL -Credentials $creds
Or use this:
Connect-PnPOnline -AppId $env:SPO_AppId -AppSecret $env:SPO_AppSecret -Url "https://tenant.sharepoint.com/sites/projects"
SPO_AppId - Set the value to the Client ID you copied in the first step when you created your app on your tenant.
SPO_AppSecret - Set the value to the Client Secret that you copied in the first step when you created your app on your tenant.
I suggest you check the steps in the article below.
Azure Functions For SharePoint Operations Using PnP PowerShell
Related
I manually do these now. Is there a way to automate the above steps via PowerShell script?
You need site owner permissions to be able to add apps to SharePoint Online Site.
Refer to my PnP Powershell script:
#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Legal"
$AppName = "Modern Script Editor web part by Puzzlepart"
#Connect to SharePoint Online App Catalog site
Connect-PnPOnline -Url $SiteURL -UseWebLogin
#Get the App from App Catalog
$App = Get-PnPApp -Scope Tenant | Where {$_.Title -eq $AppName}
#Install App to the Site
Install-PnPApp -Identity $App.Id
I would like to run a Azure Automation Runbook (PowerShell) and run
connect-PnPOnline or connect-MicrosoftExchange
clientid & clientsecret will be deprecating
User is MFA enabled
Can't I connect trough managed identity or keyvault or something else?
Who can point me in the right direction?
Run connect-PnPOnline or connect-MicrosoftExchange trough managed identity:
I tried authenticating to the required conections using Azure PowerShell as well as Azure Automation runbook as follow:
SystemAssigned Managed Identity:
Connect-PnPOnline -Url "https://microsoftapc.sharepoint.com/teams/<Site_Name>"-ManagedIdentity
UserAssigned Managed Identity:
Connect-PnPOnline -Url ""-ManagedIdentity -UserAssignedManagedIdentityObjectId <ObjectId of UserAssigned Managed Identity>
Client_ID & Client_secret:
Install-Module -Name PnP.PowerShell
connect-pnponline -url "https://microsoftapc.sharepoint.com/teams/<Site_Name>"-ClientId "48b4f657-904f-496d-b02a-49cc492b3ee3" -ClientSecret "Tis8Q~Pxn3F2t8kllVCV5pCC2u2SMkxcSEeOrds2" -WarningAction Ignore
Output(AZ Powershell):
Azure runbook:
First of all, Add the required modules by going to Automation Account -> Shared Resources -> Modules -> Add a Module
To check whether modules are successfully imported, Give
Install-Module -Name ExchangeOnlineManagement -Scope AllUsers
Get-command -Module ExchangeOnlineManagement
Azure PowerShell:
Connect-ExchangeOnline -ManagedIdentity -Organization "xxxxx" -ManagedIdentityAccountId "<UserManagedIdentityID>"
References:
Check here for other possible ways to Connect-PnPOnline &
connect-ExchangeOnline.
I have been banging my head against the wall trying to get this to work.
Just to be clear, I am not running this locally. This runs fine when I run it locally in powershell cli.
I am running this as an Azure Function App. The weird thing is that a few lines above this I have similar code to connect to PnPOnline - that works fine.
Goal: I need to be able to pass an email address to AD and retrieve the ObjectID of that user. Again, works fine locally.
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $UserName,
$(convertto-securestring $Password -asplaintext -force)
Import-Module AzureAD
Connect-AzureAD -Credentials $cred
The error:
The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program.
Any help would be GREATLY appreciated.
The term 'Connect-AzureAD' is not recognized as the name of a cmdlet,
function, script file, or operable program.
The error occurs because AzureAD module is not installed.
You can install AzureAD module using the below command:
Install-Module -Name AzureAD
Once the AzureAD module is installed, you can import the AzureAD module in your powershell script using below command:
Import-Module AzureAD
Now you can connect to the Azure AD and get the user object id using the below script:
Import-Module AzureAD
$secpasswd = $Password | ConvertTo-SecureString -AsPlainText -Force;$cred = New-Object Management.Automation.PSCredential ($UserName, $secpasswd);
Connect-AzureAD -Credential $cred;
$ADUser = Get-AzureADUser -Filter "EmailAddress -eq 'someEmail#something.com'"
I'm trying to create Azure VM using powershell.I have also the script to create it.
First I need to login into Azure account :
Login-AzureRMAccount
This gives a pop-up to enter the credentials.
Second I need to run the below script:
$UserName = "username"
$Password = ConvertTo-SecureString "password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)
New-AzureRmVm `
-ResourceGroupName "RG1" `
-Name "VM1" `
-ImageName "Image1" `
-Location "West US" `
-Credential $psCred
This is creating the VM successfully.
But now , I need to make these scripts run automatically, when ever there is requirement. The problem I'm facing is, the login step gives a popup to enter the credentials which I do not want. So I have tried something like this, but didn't work.
$username = "loginname#organization.com"
$SecurePassword = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $SecurePassword)
Login-AzureRmAccount -Credential $cred
The error message it is giving is :
Login-AzureRmAccount : accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unexpected error occurred on a send.
At line:4 char:1
+ Login-AzureRmAccount -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand
Can anyone tell me what this means and how to rectify this? Thanks!
If you are planning to automate any services into Azure using PowerShell, then I'd recommend connecting azure using Service Principal rather than your own credentials, it will be a secure way to connect.
What is Service principal?
An Azure service principal is a security identity used by user-created
apps, services, and automation tools to access specific Azure
resources. Think of it as a 'user identity' (username and password or
certificate) with a specific role, and tightly controlled permissions.
It only needs to be able to do specific things, unlike a general user
identity. It improves security if you only grant it the minimum
permissions level needed to perform its management tasks.
Follow this tutorial to create a service principal
I also have published a sample PowerShell workflow into Microsoft gallery for creating Service Principal you can also follow that.
Once you created your service principal, you can use the below PowerShell commands to login into azure without any popup's
$applicationId = "<service prinicple application id>";
$securePassword = "<service prinicple password>" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $securePassword
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -TenantId "<your tenantid>"
Update1:
For some reason/bug the above will get fails. Refer this github issue
To solve this
Add the two lines before the script
Import-Module -Name AzureRM.Profile
Remove-AzureRmAccount
Update 2:
AzureRM will no longer receive new cmdlets or features. However, the AzureRM module is still officially maintained and will get bug fixes through December 2020.
You have to use the new Azure PowerShell Az module
Basically you can achieve this for all of your PowerShell sessions by adding the Logging in part as part of the $PSProfile. I use this trick to skip the login popup, so whenever i open powershell my account is automatically logged in.
Open Windows PowerShell as an administrator
Type Notepad $profile
A notepad file will be opened and here you can paste the below code to
log in automatically whenever it is opened.
$username = “”
$password = “”
$securepasswd = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($username, $ securepasswd)
Connect-AzureRmAccount -Credential $cred
When I try to login to Azure RM from VS Code terminal it just hangs. No prompt with login / password is shown.
Is there any way to get logged in from that terminal? Otherwise running / debugging Azure PS scripts becomes more complicated than it should be :)
The login window pops-up in the background... if you minimize all your windows you'll eventually find it.
You need to wait for a moment, then you could see the login page.
According to your description, I suggest you could select Non-interactive login. You could create a service principal that can access resource. Please refer to this link:Use portal to create an Azure Active Directory application and service principal that can access resources. You will get clientid and client secret. You could use the following code to login your Azure account.
$subscriptionId=""
$tenantid=""
$clientid=""
$password=""
$userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword
Login-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential