< Back
New-AzureRmADSpCredential
Post
NAME New-AzureRmADSpCredential
SYNOPSIS
Adds a credential to an existing service principal.
SYNTAX
New-AzureRmADSpCredential -CertValue <String> [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ObjectId <String> [-StartDate
<DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential -CertValue <String> [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ServicePrincipalName <String>
[-StartDate <DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ObjectId <String> -Password <SecureString> [-StartDate
<DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -Password <SecureString> -ServicePrincipalName <String>
[-StartDate <DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmADSpCredential cmdlet can be used to add a new credential or to roll credentials for a service principal. The service principal is
identified by supplying either the object id or service principal name.
PARAMETERS
-CertValue <String>
The value of the "asymmetric" credential type. It represents the base 64 encoded certificate.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EndDate <DateTime>
The effective end date of the credential usage. The default end date value is one year from today. For an "asymmetric" type credential, this
must be set to on or before the date that the X509 certificate is valid.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ObjectId <String>
The object id of the service principal to add the credentials to.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Password <SecureString>
The password to be associated with the application.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <String>
The name (SPN) of the service principal to add the credentials to.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StartDate <DateTime>
The effective start date of the credential usage. The default start date value is today. For an "asymmetric" type credential, this must be
set to on or after the date that the X509 certificate is valid from.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADCredential
NOTES
Example 1
PS E:\\> $SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
PS E:\\> New-AzureRmADSpCredential -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476 -Password $SecureStringPassword
A new password credential is added to an existing service principal. In this example, the supplied password value is added to the service
principal using the objectId.
Example 2
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cer.Import("C:\\myapp.cer")
$binCert = $cer.GetRawCertData()
$credValue = [System.Convert]::ToBase64String($binCert)
PS E:\\> New-AzureRmADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue -StartDate $cer.GetEffectiveDateString() -EndDate
$cer.GetExpirationDateString()
A new key credential is added to an existing service principal. In this example, the supplied base64 encoded public X509 certificate ("myapp.cer")
is added to the service principal using its SPN.
Example 3
PS E:\\> New-AzureRmADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... credential
Get-AzureRmADSpCredential
Remove-AzureRmADSpCredential
Get-AzureRmADServicePrincipal
SYNOPSIS
Adds a credential to an existing service principal.
SYNTAX
New-AzureRmADSpCredential -CertValue <String> [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ObjectId <String> [-StartDate
<DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential -CertValue <String> [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ServicePrincipalName <String>
[-StartDate <DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -ObjectId <String> -Password <SecureString> [-StartDate
<DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmADSpCredential [-DefaultProfile <IAzureContextContainer>] [-EndDate <DateTime>] -Password <SecureString> -ServicePrincipalName <String>
[-StartDate <DateTime>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmADSpCredential cmdlet can be used to add a new credential or to roll credentials for a service principal. The service principal is
identified by supplying either the object id or service principal name.
PARAMETERS
-CertValue <String>
The value of the "asymmetric" credential type. It represents the base 64 encoded certificate.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EndDate <DateTime>
The effective end date of the credential usage. The default end date value is one year from today. For an "asymmetric" type credential, this
must be set to on or before the date that the X509 certificate is valid.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ObjectId <String>
The object id of the service principal to add the credentials to.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Password <SecureString>
The password to be associated with the application.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <String>
The name (SPN) of the service principal to add the credentials to.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StartDate <DateTime>
The effective start date of the credential usage. The default start date value is today. For an "asymmetric" type credential, this must be
set to on or after the date that the X509 certificate is valid from.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADCredential
NOTES
Example 1
PS E:\\> $SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
PS E:\\> New-AzureRmADSpCredential -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476 -Password $SecureStringPassword
A new password credential is added to an existing service principal. In this example, the supplied password value is added to the service
principal using the objectId.
Example 2
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cer.Import("C:\\myapp.cer")
$binCert = $cer.GetRawCertData()
$credValue = [System.Convert]::ToBase64String($binCert)
PS E:\\> New-AzureRmADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue -StartDate $cer.GetEffectiveDateString() -EndDate
$cer.GetExpirationDateString()
A new key credential is added to an existing service principal. In this example, the supplied base64 encoded public X509 certificate ("myapp.cer")
is added to the service principal using its SPN.
Example 3
PS E:\\> New-AzureRmADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... credential
Get-AzureRmADSpCredential
Remove-AzureRmADSpCredential
Get-AzureRmADServicePrincipal