Open Wopienkaatwork opened 6 months ago
@Wopienkaatwork The certificate you are using must be imported in the certificate store of the local machine, e.g. using certutil
. Below you find an example how I do it on an Azure Runbook Hybrid Worker in System context.
$certPath = "C:\certificate.pfx"
$certificate = Get-PfxCertificate -FilePath $certPath
$thumbPrint = $certificate.Thumbprint
$null = "" | certutil -f -importpfx $certPath NoRoot
Export-M365DSCConfiguration...
The certutil
command imports the pfx without the Root certificate in its chain and overwrites any previously existing certificate with that name. You could do this with Import-PfxCertificate
as well, but in my case that didn't quite work out. But that's another story.
Description of the issue
I wanted to run an export from a tenant with the help of a runbook but when i use a service principal I get the following error message:
pulling DSC from Tenant 2024-Apr-11-2004PM Exporting Microsoft 365 configuration for Workloads: AAD Finding all resources for workload {AAD} and Mode {Default} Authentication methods specified:
The code I used:
`$creds = Get-AutomationPSCredential -Name "DemoTenant" $path = "$env:TEMP" $Date = $(Get-Date -f yyyy-MMM-dd-HHMMtt)
$ApplicationId = "xxxxxx" $CertificateThumbprint = "xxxxxxx" $TenantId = 'xxxxxxxxxxx.onmicrosoft.com'
write-output "Pulling DSC from Tenant $Date"
Export-M365DSCConfiguration -Workload @("AAD") -path $path -filename "runbook_$date.ps1" *>&1 -ApplicationId $ApplicationId -CertificateThumbprint $CertificateThumbprint -TenantId $TenantId -generateinfo $true
I already installed all modules (Version 5.1) Is there an option to use runbooks and with SP with thumbprints?
Microsoft 365 DSC Version
1.24.403.1
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
No response
Verbose logs showing the problem
No response
Environment Information + PowerShell Version
No response