search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.21k stars 3.82k forks source link

why Get-AzADServicePrincipal command shows nothing? #18179

Closed htzhang2 closed 2 years ago

htzhang2 commented 2 years ago

Description

Get-AzADServicePrincipal command shows nothing:

Get-AzADSpCredential -ObjectId [id]

[Expected] Client secret for the spn [Actual] Nothing

Script or Debug output

DEBUG: 6:25:37 PM - GetAzureADSpCredentialCommand begin processing with ParameterSet 'ObjectIdParameterSet'.
DEBUG: 6:25:37 PM - using account id ...
DEBUG: [Common.Authentication]: Authenticating using Account: ..., environment: 'AzureCloud', tenant:
'...'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://graph.windows.net//.default ] ParentRequestId:
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://graph.windows.net//.default ] ParentRequestId:
ExpiresOn: 2022-05-16T19:03:25.0000000+00:00
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://graph.windows.net//.default ] ParentRequestId:
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://graph.windows.net//.default ] ParentRequestId:
ExpiresOn: 2022-05-16T19:03:25.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '...', UserId:
''
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.windows.net/.../servicePrincipals/.../keyCredenti
als?api-version=1.6

Headers:
x-ms-client-request-id        : d626f0de-eb8a-4780-a2f2-53aeb36af360
accept-language               : en-US

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: YtRUX5lA33QqeKtljiMv6q1mWvJenQk1lTzcmOT9SWo=
request-id                    : c72de75e-f833-4aad-b041-e9213921a13c
client-request-id             : a3b73249-de3b-4f4c-8cac-24213fc75bbe
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           :
BRHb73pSNsKGw9QSYPE6-GWXc9YJIZ9JXQ5D0aLgl58WyXTOFkvG6aka_o7TNKt4T9vlSoTxact5fGcFQU4Ndy7naWvXodTnsyoLacT09kDWytMSExRv7Qrjl6ZrujIq.
BbLzsU_0idc-g594Y4DFJdyouBLwRGlmIrT1YRVepko
Duration                      : 383484
x-ms-resource-unit            : 1
DataServiceVersion            : 3.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Cache-Control                 : no-cache
Date                          : Mon, 16 May 2022 18:25:37 GMT
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET

Body:
{
  "odata.metadata":
"https://graph.windows.net//$metadata#Collection(Microsoft.DirectoryServices.KeyCredential)",

  "value": []
}

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.windows.net//servicePrincipals//passwordCre
dentials?api-version=1.6

Headers:
x-ms-client-request-id        : 9018955a-99b5-4fc9-9287-afcaf7ccadcb
accept-language               : en-US

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: oJzAfJY2WS5ENQRVRoAQ1FnbvpcgzeKgJXMz4H+5Dug=
request-id                    : 5fc338ac-1a77-4ec5-932d-62834057e478
client-request-id             : a3b73249-de3b-4f4c-8cac-24213fc75bbe
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           :
bvP__OmVUFFxt-z-FR6B_ws5Moayj5n2GGVHqugxmudwCiahYuNPHYHPbxaqHteb7m2cShk1KbD0J8Ging-zlaFQZyzypgw0yPm7sSswcuDs0Qw_eznw29GuRmgxEUYR.
nOsOfSId5Msikp0vQejowDygRVyHvsH_7WUBw0glrEo
Duration                      : 296400
x-ms-resource-unit            : 1
DataServiceVersion            : 3.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Cache-Control                 : no-cache
Date                          : Mon, 16 May 2022 18:25:37 GMT
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET

Body:
{
  "odata.metadata":
"https://graph.windows.net//$metadata#Collection(Microsoft.DirectoryServices.PasswordCredenti
al)",
  "value": []
}

DEBUG: AzureQoSEvent: CommandName - Get-AzADSpCredential; IsSuccess - True; Duration - 00:00:00.1942550;
DEBUG: Finish sending metric.
DEBUG: 6:25:38 PM - GetAzureADSpCredentialCommand end processing.

Environment data

Name                           Value
----                           -----
PSVersion                      5.1.19041.1682
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.1682
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.2.3      Az.Accounts                         {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Connect-AzAcco...
Script     2.5.1      Az.Resources                        {Add-AzADGroupMember, Export-AzResourceGroup, Get-AzADAppCredential,...
Binary     2.0.2.106  AzureAD                             {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-...

Error output

DEBUG: 6:27:06 PM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 6:27:06 PM - using account id '...'...
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use
`Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on
breaking changes in Azure PowerShell.

   HistoryId: 32

Message        : Resource '...' does not exist or one of its queried reference-property objects
                 are not present.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzADSpCredential -ObjectId 
Position       : At line:1 char:1
                 + Get-AzADSpCredential -ObjectId 
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 32

   HistoryId: 23

Message        : Resource '... does not exist or one of its queried reference-property objects
                 are not present.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzADSpCredential -ObjectId 
Position       : At line:1 char:1
                 + Get-AzADSpCredential -ObjectId
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 23

   HistoryId: 21

Message        : A parameter cannot be found that matches parameter name 'ApplicationId'.
StackTrace     :    at
                 System.Management.Automation.CmdletParameterBinderController.VerifyArgumentsProcessed(ParameterBindingException
                 originalBindingException)
                    at
                 System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidation(Collection`1
                 arguments)
                    at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1
                 arguments)
                    at System.Management.Automation.CommandProcessor.BindCommandLineParameters()
                    at System.Management.Automation.CommandProcessor.Prepare(IDictionary psDefaultParameterValues)
                    at System.Management.Automation.CommandProcessorBase.DoPrepare(IDictionary psDefaultParameterValues)
                    at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream)
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
                    at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput,
                 CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][]
                 commandRedirections, FunctionContext funcContext)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.ParameterBindingException
InvocationInfo : {Get-AzureADServicePrincipalKeyCredential}
Line           : Get-AzureADServicePrincipalKeyCredential -ApplicationId 6c5f3d7c-b3fb-41e1-94e6-61713473b60f
Position       : At line:1 char:42
                 + Get-AzureADServicePrincipalKeyCredential -ApplicationId 6c5f3d7c-b3fb ...
                 +                                          ~~~~~~~~~~~~~~
HistoryId      : 21

   HistoryId: 19

Message        : Error occurred while executing GetServicePrincipal
                 Code: Request_ResourceNotFound
                 Message: Resource '6c5f3d7c-b3fb-41e1-94e6-61713473b60f' does not exist or one of its queried
                 reference-property objects are not present.
                 RequestId: fb88b253-1e9e-4cc0-b019-2e8d409337b5
                 DateTimeStamp: Mon, 16 May 2022 17:27:48 GMT
                 HttpStatusCode: NotFound
                 HttpStatusDescription: Not Found
                 HttpResponseStatus: Completed

StackTrace     :    at Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse
                 response) in X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188
                    at Microsoft.Open.AzureAD16.Api.ServicePrincipalApi.GetServicePrincipalWithHttpInfo(String tenantId, String
                 objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all,
                 Nullable`1 top, String skiptoken, String filter, String orderby) in
                 X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\ServicePrincipalApi.cs:line 1734
                    at Microsoft.Open.AzureAD.Graph.PowerShell.Custom.GetAzureADServicePrincipalKeyCredential.ProcessRecord() in
                 X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.Graph.Custom\Cmdlet\ServicePrincipalKeyC
                 redentialApi.cs:line 268
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : Microsoft.Open.AzureAD16.Client.ApiException
InvocationInfo : {Get-AzureADServicePrincipalKeyCredential}
Line           : Get-AzureADServicePrincipalKeyCredential -ObjectId 6c5f3d7c-b3fb-41e1-94e6-61713473b60f
Position       : At line:1 char:1
                 + Get-AzureADServicePrincipalKeyCredential -ObjectId 6c5f3d7c-b3fb-41e1 ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 19

   HistoryId: 18

Message        : Error occurred while executing GetServicePrincipal
                 Code: Request_ResourceNotFound
                 Message: Resource '...' does not exist or one of its queried
                 reference-property objects are not present.
                 RequestId: eac4b501-99e4-475d-83cd-194c67bda47e
                 DateTimeStamp: Mon, 16 May 2022 17:27:25 GMT
                 HttpStatusCode: NotFound
                 HttpStatusDescription: Not Found
                 HttpResponseStatus: Completed

StackTrace     :    at Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse
                 response) in X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188
                    at Microsoft.Open.AzureAD16.Api.ServicePrincipalApi.GetServicePrincipalWithHttpInfo(String tenantId, String
                 objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all,
                 Nullable`1 top, String skiptoken, String filter, String orderby) in
                 X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\ServicePrincipalApi.cs:line 1734
                    at Microsoft.Open.AzureAD.Graph.PowerShell.Custom.GetAzureADServicePrincipalKeyCredential.ProcessRecord() in
                 X:\bt\1137570\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.Graph.Custom\Cmdlet\ServicePrincipalKeyC
                 redentialApi.cs:line 268
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : Microsoft.Open.AzureAD16.Client.ApiException
InvocationInfo : {Get-AzureADServicePrincipalKeyCredential}
Line           : Get-AzureADServicePrincipalKeyCredential -ObjectId 
Position       : At line:1 char:1
                 + Get-AzureADServicePrincipalKeyCredential -ObjectId cec88ac3-9136-4db0 ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 18

   HistoryId: 16

Message        : Resource '877bf43c-0c37-4df8-9420-b7f92c2e9fd0' does not exist or one of its queried reference-property objects
                 are not present.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Get-AzADAppCredential}
Line           : Get-AzADAppCredential -ObjectId 877bf43c-0c37-4df8-9420-b7f92c2e9fd0
Position       : At line:1 char:1
                 + Get-AzADAppCredential -ObjectId 877bf43c-0c37-4df8-9420-b7f92c2e9fd0
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 16

   HistoryId: -1

Message        : Unable to find type [Microsoft.PowerShell.Commands.PowerShellGet.Telemetry].
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext,
                 Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.RuntimeException
InvocationInfo : {}
Line           :     $telemetryMethods = ([Microsoft.PowerShell.Commands.PowerShellGet.Telemetry] | Get-Member -Static).Name

Position       : At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:715 char:26
                 + ... yMethods = ([Microsoft.PowerShell.Commands.PowerShellGet.Telemetry] | ...
                 +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : -1

   HistoryId: 13

Message        : Resource '' does not exist or one of its queried reference-property objects
                 are not present.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzADSpCredential -ObjectId 
Position       : At line:1 char:1
                 + Get-AzADSpCredential -ObjectId 
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

   HistoryId: 10

Message        : Resource '' does not exist or one of its queried reference-property objects
                 are not present.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzAdSpCredential -ObjectId
Position       : At line:1 char:1
                 + Get-AzAdSpCredential -ObjectId 
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 10

   HistoryId: 9

Message        : Service principal with SPN 'vwac-VwacClaimsService-int-spn' does not exist.
StackTrace     :    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.HandleException(Exception exception)
                    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.ExecutionBlock(Action execAction)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidOperationException
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzAdSpCredential -ServicePrincipalName vwac-VwacClaimsService-int-spn
Position       : At line:1 char:1
                 + Get-AzAdSpCredential -ServicePrincipalName vwac-VwacClaimsService-int ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 9

   HistoryId: 8

Message        : Service principal with SPN 'vwac-VwacClaimsService-int-spn' does not exist.
StackTrace     :    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.HandleException(Exception exception)
                    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.ExecutionBlock(Action execAction)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidOperationException
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzAdSpCredential -ServicePrincipalName 'vwac-VwacClaimsService-int-spn'
Position       : At line:1 char:1
                 + Get-AzAdSpCredential -ServicePrincipalName 'vwac-VwacClaimsService-in ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 8

   HistoryId: 7

Message        : Service principal with SPN 'vwac-VwacClaimsService-int-spn' does not exist.
StackTrace     :    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.HandleException(Exception exception)
                    at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryBaseCmdlet.ExecutionBlock(Action execAction)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidOperationException
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzAdSpCredential -ServicePrincipalName "vwac-VwacClaimsService-int-spn"
Position       : At line:1 char:1
                 + Get-AzAdSpCredential -ServicePrincipalName "vwac-VwacClaimsService-in ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 7

   HistoryId: 6

Message        : A parameter cannot be found that matches parameter name 'ServicePrincipleName'.
StackTrace     :    at
                 System.Management.Automation.CmdletParameterBinderController.VerifyArgumentsProcessed(ParameterBindingException
                 originalBindingException)
                    at
                 System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidation(Collection`1
                 arguments)
                    at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1
                 arguments)
                    at System.Management.Automation.CommandProcessor.BindCommandLineParameters()
                    at System.Management.Automation.CommandProcessor.Prepare(IDictionary psDefaultParameterValues)
                    at System.Management.Automation.CommandProcessorBase.DoPrepare(IDictionary psDefaultParameterValues)
                    at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream)
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
                    at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput,
                 CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][]
                 commandRedirections, FunctionContext funcContext)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.ParameterBindingException
InvocationInfo : {Get-AzADSpCredential}
Line           : Get-AzAdSpCredential -ServicePrincipleName "vwac-VwacClaimsService-int-spn"
Position       : At line:1 char:22
                 + Get-AzAdSpCredential -ServicePrincipleName "vwac-VwacClaimsService-in ...
                 +                      ~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.

DEBUG: AzureQoSEvent: CommandName - Resolve-AzError; IsSuccess - True; Duration - 00:00:00.4692495;
DEBUG: Finish sending metric.
DEBUG: 6:27:07 PM - ResolveError end processing.
dingmeng-xue commented 2 years ago

@htzhang2 , thanks for contacting us. First, please ensure you have permission to access service principal or its application on Portal. Second, there are 2 id to AzureAD object. One is application(client) id and another one is directory object id. In Azure PowerShell AzAd cmdlets, object id usually refers to directory object id. Please use correct id according to parameter you are using.

ghost commented 2 years ago

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!