-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Add-PnPAzureADServicePrincipalAppRole not working in azure government #4420
Comments
I don't have access to such an environment myself, which makes it really hard to troubleshoot. As far as I can judge from the code, the cmdlet you use implements the logic properly to deal with sovereign clouds. Can you check and confirm that if you run: That for you it returns the property AzureEnivronment with the proper value? I.e. USGovernment, USGovernmentDoD or USGovernmentHigh? |
Yes, this works.
Get-PnPConnection
ConnectionMethod : AzureADAppOnly
ConnectionType : TenantAdmin
InitializationType : Unknown
Scopes :
PSCredential :
ClientId : removed
ClientSecret :
ApplicationInsights :
PnP.PowerShell.ALC.ApplicationInsights
Url : https://removed.sharepoint.us/
TenantAdminUrl :
Certificate : [Subject]
CN=JRDEV-PNP
[Issuer]
CN=JRDEV-PNP
[Serial Number]
00932F2004E613344A
[Not Before]
2/6/2024 12:00:00 AM
[Not After]
2/6/2034 12:00:00 AM
[Thumbprint]
A7018A5D573BFC2D6B8BBD342A1D
DeleteCertificateFromCacheOnDisconnect : False
Context : PnP.Framework.PnPClientContext
Tenant : removed.onmicrosoft.com
UserAssignedManagedIdentityObjectId :
UserAssignedManagedIdentityClientId :
UserAssignedManagedIdentityAzureResourceId :
AzureEnvironment : USGovernmentHigh
Get-PnPAzureADServicePrincipal -BuiltInType MicrosoftGraph |
Get-PnPAzureADServicePrincipalAvailableAppRole
Get-PnPAzureADServicePrincipal: Service principal not found
Does not work.
…On Fri, Oct 11, 2024 at 10:51 AM Koen Zomers ***@***.***> wrote:
I don't have access to such an environment myself, which makes it really
hard to troubleshoot. As far as I can judge from the code, the cmdlet you
use implements the logic properly to deal with sovereign clouds. Can you
check and confirm that if you run:
Get-PnPConnection
That for you it returns the property AzureEnivronment with the proper
value? I.e. USGovernment, USGovernmentDoD or USGovernmentHigh?
—
Reply to this email directly, view it on GitHub
<#4420 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOYIS27UJZ7XBCYPUPL2WDZ27XYVAVCNFSM6AAAAABPZCOVW6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBXGY4TAOJWG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I ended up switching back to an client id and cert. I manually created the managed identity permissions and had too many issues. |
Add-PnPAzureADServicePrincipalAppRole: Verification code expired before contacting the server |
Reporting an Issue or Missing Feature
Add-PnPAzureADServicePrincipalAppRole -Principal "id" -AppRole "Group.Read.All" -BuiltInType MicrosoftGraph
Get-PnPAzureADServicePrincipal: Service principal not found
Expected behavior
it adds the app role
Actual behavior
Get-PnPAzureADServicePrincipal: Service principal not found
Steps to reproduce behavior
create azure function
enable managed identity
run Add-PnPAzureADServicePrincipalAppRole -Principal "id" -AppRole "Group.Read.All" -BuiltInType MicrosoftGraph
What is the version of the Cmdlet module you are running?
(you can retrieve this by executing
Get-Module -Name "PnP.PowerShell" -ListAvailable
)2.12.0
Which operating system/environment are you running PnP PowerShell on?
The text was updated successfully, but these errors were encountered: