Authenticating with Azure Active Directory on powershell

匿名 (未验证) 提交于 2019-12-03 09:02:45

问题:

I am attempting to explore the features of the Azure Active Directory V2 PowerShell Module

I have an Azure Account, and I have set up an Active Directory with multiple users.

My first goal is simple: show me the list of users.

So I type:

Connect-AzureAD 

I am presented with a dialog and type in my user account and password. It returns on object of type Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext.

I then type

Get-AzureADUser 

And the error is:

Get-AzureADUser : Error occurred while executing GetUsers

Code: Authentication_Unauthorized

Message: User was not found

HttpStatusCode: Forbidden

I am still able to list the users using the Azure RM Powershell module. The following code works:

Add-AzureRmAccount Get-AzureRmADUser 

What do I do to get Get-AzureADUser to work?

回答1:

The cmdlet Connect-AzureAD establishes connection to ADD domian, after we login successed a confirmation will display:

PS C:\windows\system32> connect-azuread  Account                                Environment Tenant -------                                ----------- ------ jasontest1@xxxxxx.onmicrosoft.com AzureCloud  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 

The connection can be vaildated with this cmdlet Get-AzureADDomain, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:

PS C:\windows\system32> get-azureaddomain  Name                                        AvailabilityStatus AuthenticationType ----                                        ------------------ ------------------ hcl.com                                                        Managed msgamestudios.com                                              Managed foobar.local                                                   Managed multimap.com                                                   Managed skypestaytogether.com                                          Managed insightsquarterly.com.au                                       Managed calanit.onmicrosoft.com                                        Federated msft.ccsctp.net                                                Managed ruffiangames.com                                               Managed xn--m1bg0b0byewac1j8b.com                                      Managed VoicesforInnovation.org                                        Managed shaanximic.com                                                 Managed www.yunnanmic.com                                              Managed wsmbela.pss.com                                                Managed fornax.off                                                     Managed api.staging.yammer.com                                         Managed codenauts.net                                                  Managed acompli.com                                                    Managed testdomains.co                                                 Managed microsoft.hr                                                   Managed Bayportali.mmdservice.com                                      Managed contoso.com                                                    Managed api.swrepository.com                                           Managed Equivio.com                                                    Managed sunshine.am                                                    Managed microsoftaffiliates.com                                        Managed 

If user has no admin privileges, we will get the error same as you.

Get-AzureADDomain : Error occurred while executing GetDomains Code: Authentication_Unauthorized Message: User was not found HttpStatusCode: Forbidden 

The reason is that, the cmdlet GetAzureADDomian has no tenant specified, so the connection was established to a domian, where user has no admin privileges.

To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD cmdlet.

PS C:\windows\system32> Connect-AzureAD -TenantId 


易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!