[BUG] Add-PnPAzureADServicePrincipalAppRole not working in azure government #4420
Labels
bug
Something isn't working
Comments
|
I don't have access to such an environment myself, which makes it really hard to troubleshoot. As far as I can judge from the code, the cmdlet you use implements the logic properly to deal with sovereign clouds. Can you check and confirm that if you run: That for you it returns the property AzureEnivronment with the proper value? I.e. USGovernment, USGovernmentDoD or USGovernmentHigh? |
|
Yes, this works.
Get-PnPConnection
ConnectionMethod : AzureADAppOnly
ConnectionType : TenantAdmin
InitializationType : Unknown
Scopes :
PSCredential :
ClientId : removed
ClientSecret :
ApplicationInsights :
PnP.PowerShell.ALC.ApplicationInsights
Url : https://removed.sharepoint.us/
TenantAdminUrl :
Certificate : [Subject]
CN=JRDEV-PNP
[Issuer]
CN=JRDEV-PNP
[Serial Number]
00932F2004E613344A
[Not Before]
2/6/2024 12:00:00 AM
[Not After]
2/6/2034 12:00:00 AM
[Thumbprint]
A7018A5D573BFC2D6B8BBD342A1D
DeleteCertificateFromCacheOnDisconnect : False
Context : PnP.Framework.PnPClientContext
Tenant : removed.onmicrosoft.com
UserAssignedManagedIdentityObjectId :
UserAssignedManagedIdentityClientId :
UserAssignedManagedIdentityAzureResourceId :
AzureEnvironment : USGovernmentHigh
Get-PnPAzureADServicePrincipal -BuiltInType MicrosoftGraph |
Get-PnPAzureADServicePrincipalAvailableAppRole
Get-PnPAzureADServicePrincipal: Service principal not found
Does not work.
…On Fri, Oct 11, 2024 at 10:51 AM Koen Zomers ***@***.***> wrote:
I don't have access to such an environment myself, which makes it really
hard to troubleshoot. As far as I can judge from the code, the cmdlet you
use implements the logic properly to deal with sovereign clouds. Can you
check and confirm that if you run:
Get-PnPConnection
That for you it returns the property AzureEnivronment with the proper
value? I.e. USGovernment, USGovernmentDoD or USGovernmentHigh?
—
Reply to this email directly, view it on GitHub
<#4420 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOYIS27UJZ7XBCYPUPL2WDZ27XYVAVCNFSM6AAAAABPZCOVW6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBXGY4TAOJWG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I ended up switching back to an client id and cert. I manually created the managed identity permissions and had too many issues. |
|
Add-PnPAzureADServicePrincipalAppRole: Verification code expired before contacting the server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reporting an Issue or Missing Feature
Add-PnPAzureADServicePrincipalAppRole -Principal "id" -AppRole "Group.Read.All" -BuiltInType MicrosoftGraph
Get-PnPAzureADServicePrincipal: Service principal not found
Expected behavior
it adds the app role
Actual behavior
Get-PnPAzureADServicePrincipal: Service principal not found
Steps to reproduce behavior
create azure function
enable managed identity
run Add-PnPAzureADServicePrincipalAppRole -Principal "id" -AppRole "Group.Read.All" -BuiltInType MicrosoftGraph
What is the version of the Cmdlet module you are running?
(you can retrieve this by executing
Get-Module -Name "PnP.PowerShell" -ListAvailable)2.12.0
Which operating system/environment are you running PnP PowerShell on?
The text was updated successfully, but these errors were encountered: