search

Azure / CloudShell

Container Image for Azure Cloud Shell (https://azure.microsoft.com/en-us/features/cloud-shell/)
https://shell.azure.com
MIT License
251 stars 103 forks source link

[BUG] Connect-AzureAD not returning a working connection #281

Open timatlee opened 1 year ago

timatlee commented 1 year ago

To Reproduce

Deleted existing cloud shell storage account

Created new storage account.

Logged into Azure Cloud shell

Run: 

import-module AzureAD.Standard.Preview
AzureAD.Standard.Preview\Connect-AzureAD -Identity -TenantID $env:ACC_TID

Account   Environment TenantId                             TenantDomain AccountType
-------   ----------- --------                             ------------ -----------
MSI@xxxxx AzureCloud  cc4eac7c-a9a3-47b4-b014-4a177c229a74              ManagedService

get-azureaddomain 
Get-AzureADDomain: Error occurred while executing GetDomains 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

Observed Behavior

After connecting, the get-azuread* set of cmdlets do not work.

PS /home/tim> get-azureaddomain 
Get-AzureADDomain: Error occurred while executing GetDomains 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

PS /home/tim> get-azureaduser   
Get-AzureADUser: Error occurred while executing GetUsers 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

Expected behavior

Get-AzureADDomain should return connected domains.

Get-AzureADUser should return users in the tenant.

Etc.

Is this specific to Cloud Shell?

It seems to be specific to Cloud Shell. However, when testing connectivity from my desktop, I observe that the AccountType is User, not ManagedService:

# Connect-AzureAD on my dekstop does not support the `-identity` parameter.
> connect-azuread

Account                       Environment TenantId                             TenantDomain AccountType
-------                       ----------- --------                             ------------ -----------
timatlee@tenant.onmicrosoft.com AzureCloud  110c8ae9-30a5-431f-a1d8-827e3b7077d6 domain.com User

Please verify if the same issue can be reproduced by running the same tool outside Cloud Shell - for example, by installing it on your own computer. If so, it is likely to be a bug in that tool or in the Azure service it communicates with, not in Cloud Shell. Please file the issue with the appropriate project.

Interface information

https://admin.microsoft.com/Adminportal/Home?#/homepage in Edge on Windows 10.

Additional context

Add any other context about the problem here.

MichaelLaMontagne commented 1 year ago

Looks to be the same bug I reported in 2021... https://github.com/Azure/CloudShell/issues/80