0

I am trying to connect to Azure non-interactively via on-prem Azure DevOps to apply SQL migrations. I created an App Registration in Azure AD, with a corresponding client secret.

When I run

$appId = {Guid}
$clientSecret = {secret value}
$securePassword = ConvertTo-SecureString -String $clientSecret -AsPlainText -Force
$tenantId = {Guid}
$credential = New-Object -TypeName System.Management.Automation.PSCredential @{ UserName = $appId; Password = $securePassword }
Connect-AzAccount -ServicePrincipal -TenantId $tenantId -Credential $credential

in accordance with the documentation at https://learn.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount?view=azps-10.2.0 (see Example 3), I get an unexpected error message:

No certificate thumbprint or secret provided for the given service principal ''. Could not find tenant id for provided tenant domain '{Guid}'. Please ensure that the provided service principal '' is found in the provided tenant domain.

I cannot find any information on this error message, and it seems inconsistent with my parameters/arguments.

How can I fix this to get a working connection? (I can confirm that I'm running Az version 10.2.0, and PowerShell 7.3.5.)

David
  • 2,782
  • 4
  • 31
  • 47

1 Answers1

1

Your $credential variable is blank, because you're incorrectly supplying the username and password as a hash table.

PSCredential is expecting 2 string values (username and password), which can be passed as space-separated values, or as an array.

$credential = New-Object -TypeName System.Management.Automation.PSCredential $appId, $securePassword

$credential = New-Object -TypeName System.Management.Automation.PSCredential @($appId, $securePassword)
scottwtang
  • 1,740
  • 2
  • 3
  • 13
  • What do you mean? OP's code: `New-Object -TypeName System.Management.Automation.PSCredential @{ UserName = $appId; Password = $securePassword }` positional binding to `-ArgumentList` – Santiago Squarzon Aug 25 '23 at 21:09
  • I tried using the `ArgumentList` param previously. At the time, it resulted in an error about being unable to find a matching constructor. But I just realized that I was probably using `$clientSecret` instead of `$securePassword` (which I didn't learn about until later). Using this with `$securePassword` instead worked! Thanks for helping me double-check it! – David Aug 25 '23 at 21:38
  • @SantiagoSquarzon You're right, the correct explanation would be OP incorrectly passing the parameters as a hash table – scottwtang Aug 25 '23 at 23:07