1

Having a problem with creating an azure automation runbook that will copy a database on demand; I've created a credential and stored the u/p of the account I use to log into the portal in it. Password was written in notepad and pasted in to ensure correct.

$Cred = Get-AutomationPSCredential -Name 'automationCredential'

Write-Output "UN: $($Cred.Username)"
Write-Output "PW: $($Cred.Password.Length)"

Add-AzureRmAccount -Credential $Cred

Write-Output "Deleting the old $TargetDatabaseName"

Remove-AzureRMSqlDatabase -ResourceGroupName "Default-SQL-NorthEurope" -ServerName $SourceServerName -DatabaseName $TargetDatabaseName -Force

Write-Output "Creating new $TargetDatabaseName with data at time $PointInTime"

New-AzureRmSqlDatabaseCopy `
    -CopyDatabaseName $TargetDatabaseName `
    -DatabaseName $SourceDatabaseName `
    -ResourceGroupName "Default-SQL-NorthEurope" `
    -ServerName $SourceServerName

The debug prints seem to indicate the credentials are correct, but when the add-azurermaccount is carried out, it seems to log in but no subscriptions are returned

Soon after the call to remove the old test db fails with:

Remove-AzureRMSqlDatabase : No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Login-AzureRMAccount to login.

If I do the actions in the command line powershell (the only difference being I call login without parameters; it prompts for creds) then things work out just fine

I found some resources that indicate if the creds are wrong, it authenticates but returns no subscriptions - i've double checked the creds tho and they're accurate

Caius Jard
  • 72,509
  • 5
  • 49
  • 80

2 Answers2

2

In Azure, Microsoft account does not support non-interactive login.
If you want to use script to login Azure in runbook, we can create a service principal to login Azure.

We can use powershell to create Azure service principal, more information about service principal, please refer to this link.

We can use service principal to login Azure powershell, like this:

$subscriptionId="5384xxxx-xxxx-xxxx-xxxx-xxxxe29axxxx"
$tenantid="1fcf418e-66ed-4c99-9449-d8e18bf8737a"
$appid="1498b171-e1ca-451f-9d7a-8ef56a178b89" 
$password="7db814b1-xxxx-4654-xxxx-1d210cb546f9"
$userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword
Add-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential

enter image description hereenter image description here

About create service principal, we can use CLI 2.0 to create it, like this:

az login

az account set --subscription "mySubscriptionID"

az group create -n "myResourceGroupName" -l "westus"

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID/resourceGroups/myResourceGroupName"

enter image description here

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • Thanks Jason. Could you feed that back to whatever team is responsible for maintaining this stuff, that an error message like "Using a Microsoft Account with Azure does not support non-interactive login. Create a Service Principal instead", would be more helpful than returning an object that looks like auth succeeded, but is devoid of any useful purpose? – Caius Jard Jul 11 '17 at 09:13
  • @CaiusJard thanks for your feedback. Have you try to use service principal to login Azure, does this work now? – Jason Ye Jul 11 '17 at 09:19
  • I've created a service principal, but there's clearly still a part of the process missing, because I now see `Add-AzureRmAccount : AADSTS70001: Application with identifier 'serviceproviders' was not found in the directory Trace ID: 7dfa8201-ba29-4ad8-98fb-8aba3f172900`. – Caius Jard Jul 11 '17 at 10:50
  • Walter-MSFT has given some good advice here: https://stackoverflow.com/questions/45015557, that enabled me to get a login that worked out – Caius Jard Jul 11 '17 at 11:14
  • @CaiusJard yes, that is a easy way to login azure, also we can use powershell to login it, I have update my answer, please check it. – Jason Ye Jul 12 '17 at 03:14
0

Try this command:

Connect-AzAccount -Tenant b0b9849f-09b0-4cf8-b157-4662860ccb4c
Zoe
  • 27,060
  • 21
  • 118
  • 148
Prasad Marineni
  • 1