I am trying to automate the process of an Azure Active Directory (AAD) app registration using Azure DevOps release pipeline but it fails to do so. (Please note that the same command (powershell commands as well as azure commands) works perfectly fine if I am running the same commands from my laptop) and for that I created an azure powershell task in the release pipeline and used the following line of code in the "inline script section":
I tried creating the AAD app registration using the following 2 methods:
1. "Azure Powershell script task"
2. Azure commands
Following is inline script that I used in case of azure powershell task:
Import-Module AzureRM
Import-Module AzureAD
# Register an AAD app
$appURI = "https://knaabdapp123.azurewebsites.net"
$appHomePageUrl = "https://knaabdapp123.knandan.in"
$appReplyURLs = #($appURI, $appHomePageURL, "https://localhost:12345")
New-AzureADApplication -DisplayName knaabdapp123 -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs
I get the following error when I do so:
2019-08-09T11:27:31.1039145Z ##[section]Starting: Azure PowerShell script: Register an AAD app and generate credential for the same
2019-08-09T11:27:31.1162119Z ==============================================================================
2019-08-09T11:27:31.1162226Z Task : Azure PowerShell
2019-08-09T11:27:31.1162310Z Description : Run a PowerShell script within an Azure environment
2019-08-09T11:27:31.1162378Z Version : 2.153.1
2019-08-09T11:27:31.1162446Z Author : Microsoft Corporation
2019-08-09T11:27:31.1162520Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
2019-08-09T11:27:31.1162620Z ==============================================================================
2019-08-09T11:27:37.0179906Z ##[command]Import-Module -Name C:\Modules\AzureRm_5.1.1\AzureRM\5.1.1\AzureRM.psd1 -Global
2019-08-09T11:28:10.7554409Z ##[command]Clear-AzureRmContext -Scope Process
2019-08-09T11:28:11.2755157Z ##[command]Disable-AzureRmContextAutosave -ErrorAction Stop
2019-08-09T11:28:15.0230853Z ##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud #processScope
2019-08-09T11:28:16.5226685Z ##[command] Select-AzureRMSubscription -SubscriptionId a*******-ae1c-****-****-********** -TenantId ***
2019-08-09T11:28:16.8648715Z ##[command]& 'C:\Users\VssAdministrator\AppData\Local\Temp\2a55****-67c6-****-8f80-**********.ps1'
2019-08-09T11:28:17.0308219Z ##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.
2019-08-09T11:28:19.0607544Z ##[command]Remove-AzureRmAccount -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.4371114Z ##[command]Clear-AzureRmContext -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.8885329Z ##[error]The term 'New-AzureADApplication' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I also used the Azure CLI task and used the following script, but that fails too:
az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
I get the following error in this case:
>az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
2019-08-09T11:47:46.5676945Z ERROR: Insufficient privileges to complete the operation.
2019-08-09T11:47:46.6721317Z ##[error]Script failed with error: Error: d:\a\_temp\azureclitaskscript1565351201021.bat failed with return code: 1
So, I have 2 questions:
Is it possible to create an AAD app registration using "Azure powershell" task script or "Azure CLI" task in Azure DevOps?
If yes, then what may I be doing wrong?
Is it possible to create an AAD app registration using "Azure
powershell" task script or "Azure CLI" task in Azure DevOps?
For this question, the answer is Yes, of course you can.
The cause of the error you received in Azure Powershell task is as default, the AzureAD powershell cmdlets will not be installed in agent.So, if you try to using this module directly, you will receive the message like "##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory."
If yes, then what may I be doing wrong?
To solve this error message, please try with replacing your script Import-Module AzureAD as the follow script to use a correct way to get the AzureAD module.
$AzureADModulePath = $PSScriptRoot + "\AzureAD\2.0.1.16\AzureAD.psd1"
Import-Module $azureAdModulePath
This is the detailed info about AzureAD module in Powershell Gallery. And also, here has a blog you can refer.
Updated:
You must install AzureAD cmdlets module from the PowerShell gallery with the below script first:
Install-Module -Name AzureAD -RequiredVersion 2.0.1.16
Note: If get error like Install-Module : Administrator rights are required to install modules while you install with this script, please add -scope CurrentUser to the install script. It will running the script as administrator role.
And then, import the module from the installed path afterwards.
Related
I am trying to create one resource group via PowerShell.
I am using below command to achieve that:
New-AzResourceGroup -Name "RG01" -Location "Central US"
I am following this Microsoft document: https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroup?view=azps-7.5.0
I have Az module installed in my PowerShell. Still I'm getting below error:
What am I doing wrong? I am very new to Azure and PowerShell.
Change the execution policy of RemoteSigned for current user scope (Administrator Privileges).
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Import Az Resources Module
Import-Module Az.Resources
Execute Az Module Command for Resource Group creation.
New-AzResourceGroup -Name "RG01" -Location "Central US"
Execution Policy Type
Restricted (Default) - No Script either local, remote or downloaded can be executed on the system.
AllSigned - All script that are ran require to be digitally signed.
RemoteSigned - All remote scripts (UNC) or downloaded need to be signed.
Unrestricted - No signature for any type of script is required.
Scope of new Change
LocalMachine (Default) - The execution policy affects all users of the computer.
CurrentUser - The execution policy affects only the current user.
Process - The execution policy affects only the current Windows PowerShell process.
Hi I am trying to teach myself Azure and I'm following this guide: https://learn.microsoft.com/en-us/learn/modules/intro-to-governance/2-azure-policy. I'm on a windows 10 with $PSVersionTable.PSEdition = Desktop I messaged Microsoft support, but no one has responded. When I try to run
# Register the resource provider if it's not already registered
Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
I get
Register-AzResourceProvider : The term 'Register-AzResourceProvider' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that
the path is correct and try again.
I've checked off having Azure powershell installed
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
'Az modules installed at the same time is not supported.')
} else {
Install-Module -Name Az -AllowClobber -Scope CurrentUser
}
Any help with this would be greatly appreciated.
To solve the issue, try to follow the steps below.
1.Open a new powershell session via Run as administrator, then run the command below.
Install-Module -Name Az -AllowClobber -Scope AllUsers -Force
2.After installing the module, close the administrator session and open a new normal powershell session, then login your user account which has the permission to register the provider, e.g. Owner of the subscription.
Connect-AzAccount
3.Then register the provider.
Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
Note: If the issue is still existing, use Get-Module to check if the Az.Resources module was imported in this powershell session(normally it will be imported automatiocally), if not, you could use Import-Module -Name Az.Resources -Force to import it manually.
The command you are trying to use is not a PowerShell command. The command you are looking for should begin with either a Get- or Set- prefix.
I've imported PSPKI modules in to azure automation account, when using the cmdlets of PSPKI I always get command not recognized. I could see the module is installed successfully and could see the cmdlets in my runbook, but somehow the cmdlets are not recognized.
for example Test-WebServerSSL -URL login.live.com
I can reproduce your issue, to fix the issue, run Import-Module -Name PSPKI first.
Import-Module -Name PSPKI
Test-WebServerSSL -URL login.live.com
I have an Azure runbook that runs on schedule. Its in powershell and this runbook starts a VM and executes a script on the VM started. How I achieve this is
1) Store the script to be run on the VM in a storage account
2) Run powershell runbook
3) Powershell runbook uses wget command to copy the script from step 1
4) Invoke-AzureRmVMRunCommand in the Azure automation powershell commands as shown below
wget "https://utilitystorageaccnt.blob.core.windows.net/utilitycontainer/token" -outfile ((Get-Location).path + "\Reporting Copy.ps1") -UseBasicParsing
Invoke-AzureRmVMRunCommand -ResourceGroupName $ResourceGroupName -VMName $VmName -CommandId 'RunPowerShellScript' -ScriptPath ((Get-Location).path + '\Reporting Copy.ps1') -ErrorVariable result
Please not that the above two commands are in the powershell runbook script and not the actual script that is run on the VM.
Facing two issues
1) When this script Reporting Copy.ps1 runs standalone on the VM, then it works properly and it has no issues. When it is run using the runbook, I get these errors in the log file on the target vm.
"New-AzStorageContext : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again."
2) Even after this error occurs, it doesnt terminate and runs in loops. This script does a copy operation and it keeps looping until all the copy is complete. I can handle code to terminate but I would like to know how to force terminate a runbook. I tried to stop the VM for even a hour and it resumes the copy operation. The runbook status in Azure shows as completed. There are two python processes that show in explorer and terminating them doesn't work either.
Any help or hint is appreciated.
Thanks.
Look like you did not imported Az PowerShell module into our Automation Account.
Please, follow this tutorial : Az module support in Azure Automation
Try to use only Az module and not AzureRM
The issue was because I had not installed the AZ module for all users like this.
Install-Module -Name Az -AllowClobber -Scope AllUsers
Instead I had used
Install-Module -Name Az -AllowClobber -Scope CurrentUser
and since the automation runs on a different user, the issue occurred. Thanks for your help.
I am deploying an ARM template from azure DevOps using Azure PowerShell as shown below.
This is subscription level deployment. I am getting below error.
The term 'Get-AzSubscription' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling
of the name, or if a path was included, verify that the path is
correct and try again.
Install-Module -Name Az -AllowClobber -Scope CurrentUser
Import-Module Az
$context = Get-AzSubscription -SubscriptionId xxxxxxxx
Set-AzContext $context
New-azdeployment -Name "SKL" -Location westeurope -TemplateFile .\delegatedResourceManagement.json -TemplateParameterFile .\delegatedResourceManagement.parameters.json
Logs:
##[section]Starting: Azure PowerShell script: InlineScript
==============================================================================
Task : Azure PowerShell
Description : Run a PowerShell script within an Azure environment
Version : 3.153.0
Author : Microsoft Corporation
Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
==============================================================================
##[command]Import-Module -Name C:\Modules\azurerm_6.7.0\AzureRM\6.7.0\AzureRM.psd1 -Global
##[command]Clear-AzureRmContext -Scope Process
##[command]Disable-AzureRmContextAutosave -ErrorAction Stop
##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud #processScope
##[command] Select-AzureRMSubscription -SubscriptionId xxxxxxx -TenantId ***
##[command]& 'd:\a\_temp\xxxxxxd.ps1'
##[warning]User declined to install module (Az).
##[error]The specified module 'Az' was not loaded because no valid module file was found in any module directory.
##[command]Disconnect-AzureRmAccount -Scope Process -ErrorAction Stop
##[command]Clear-AzureRmContext -Scope Process -ErrorAction Stop
##[error]The term 'Get-AzSubscription' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
##[section]Finishing: Azure PowerShell script: InlineScript
You need to specify the task version: 4.* (Preview) or higher to use the Az powershell module:
Also there is an Azure resource group deployment to deploy ARM template easily:
looks like too much confusion among all az modules, MSFT have messed up az new/old modules and are conflicting with each other. az account show will list all modules with AZ CLI
az account show
Search apps and Features - Uninstall the old April 2018 Azure
Follow something like this link https://blog.atwork.at/post/The-new-Azure-PowerShell-Az-module
Then you won't have issue with
Get-AzSubscription ( after using Connect)