Azure的PowerShell脚本时不改变工作到不同的Azure订阅(Azure PowerShe

2019-09-25 17:26发布

站内文章 / 前沿技术
63 0 0

我遇到一个很奇怪的问题。 我最近更换Azure订阅,从free trialpay-as-you-go 。 在PowerShell脚本我写信给创建Azure Resource GroupAzure Data FactoryAzure Active Directory App Azure SQL ServerAzure SQL Database无法正常工作。 下面是从脚本和错误消息的代码示例 

New-AzResourceGroup Test2ResourceGroupName2 -location 'westeurope'

$AzADAppName = "TestADApp1"
$AzADAppUri = "https://test.com/active-directory-app"
$AzADAppSecret = "TestSecret"
$AzADApp = Get-AzADApplication -DisplayName $AzADAppName

if (-not $AzADApp) {
    if ($AzADApp.IdentifierUris -ne $AzADAppUri) {

        $AzADApp = New-AzADApplication -DisplayName $AzADAppName -HomePage $AzADAppUri -IdentifierUris $AzADAppUri -Password $(ConvertTo-SecureString -String $AzADAppSecret -AsPlainText -Force)
        }
 }


New-AzResourceGroup : Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
At line:1 char:1
+ New-AzResourceGroup Test2ResourceGroupName2 -location 'westeurope'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzResourceGroup], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupCmdlet

Get-AzADApplication : User was not found.
At line:6 char:12
+ $AzADApp = Get-AzADApplication -DisplayName $AzADAppName
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Get-AzADApplication], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADApplicationCommand

New-AzADApplication : User was not found.
At line:11 char:20
+ ...  $AzADApp = New-AzADApplication -DisplayName $AzADAppName -HomePage $ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzADApplication], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADApplicationCommand

但是如果我执行这个命令在Azure Cloud Shell它的工作原理。 

New-AzResourceGroup Test2ResourceGroupName -location 'westeurope'

我也能够创造Resource Group在Azure的门户网站和其他资源。 我们不能用门户,我们不得不使用由于公司政策的PowerShell。 任何人都可以帮忙,为什么PowerShell不工作

下面是完整的脚本,在意见中的要求

Connect-AzAccount -TenantID xxxxx-xxx-xxx-xxxxx-xxxxx

# Creating Azure Active Directory App

$AzADAppName = "xxxxx-active-directory-app"
$AzADAppUri = "https://xxxxx.com/xxxxx-app"
$AzADAppSecret = "xxxxx"
$AzADApp = Get-AzADApplication -DisplayName $AzADAppName

if (-not $AzADApp) {
    if ($AzADApp.IdentifierUris -ne $AzADAppUri) {

        $AzADApp = New-AzADApplication -DisplayName $AzADAppName -HomePage $AzADAppUri -IdentifierUris $AzADAppUri -Password $(ConvertTo-SecureString -String $AzADAppSecret -AsPlainText -Force)
        $AzADServicePrincipal = New-AzADServicePrincipal -ApplicationId $AzADApp.ApplicationId

        # Assign the Contributor RBAC role to the service principal
        # If you get a PrincipalNotFound error: wait 15 seconds, then rerun the following until successful

        $Retries = 0; While ($NewRole -eq $null -and $Retries -le 6) {
            # Sleep here for a few seconds to allow the service principal application to become active (usually, it will take only a couple of seconds)
            Sleep 15
            New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $AzADApp.ApplicationId -ErrorAction SilentlyContinue
            $NewRole = Get-AzRoleAssignment -ServicePrincipalName $AzADServicePrincipal.ApplicationId -ErrorAction SilentlyContinue
            $Retries++;
        }

        "Application {0} Created Successfully" -f $AzADApp.DisplayName


        # Display the values for your application 
        "Save these values for using them in your application"
        "Subscription ID: {0}" -f (Get-AzContext).Subscription.SubscriptionId
        "Tenant ID:{0}" -f (Get-AzContext).Tenant.TenantId
        "Application ID:{0}" -f $AzADApp.ApplicationId
        "Application AzADAppSecret :{0}" -f $AzADAppSecret
    }
}
else {
    "Application{0} Already Exists" -f $AzADApp.DisplayName
}


# Creating Azure Resource Group

$DataFactoryName = "xxxxx-DataFactory"
$ResourceGroupName = "xxxxx-ResourceGroup"
$ResourceGroup = Get-AzResourceGroup -Name $ResourceGroupName
$Location = 'westeurope'

if (-not $ResourceGroup) {
    $ResourceGroup = New-AzResourceGroup $ResourceGroupName -location 'westeurope'
    if ($ResourceGroup) {
        "Resource Group {0} Created Successfully" -f $ResourceGroup.ResourceGroupName
    }
    else {
        "ERROR: Resource Group Creation UNSUCCESSFUL"
    }
}
else {

    "Resource Group {0} Exists" -f $ResourceGroup.ResourceGroupName 
}

# Creating Azure Data Factory

$DataFactory = Get-AzDataFactoryV2 -Name $DataFactoryName -ResourceGroupName $ResourceGroup.ResourceGroupName

if (-not $DataFactory) {
    $DataFactory = Set-AzDataFactoryV2 -ResourceGroupName $ResourceGroup.ResourceGroupName -Location $ResourceGroup.Location -Name $DataFactoryName
    if ($DataFactory) {
        "Data Factory {0} Created Successfully" -f $DataFactory.DataFactoryName
    }
    else {
        "ERROR: Data Factory Creation UNSUCCESSFUL"
    }
}
else {
    "Data Factory {0} Already Exists" -f $DataFactory.DataFactoryName 
}


# Creating Azure SQL Server and  Database
$ServerName = "xxxxx"
$DatabaseName = "xxxxx"
$AzSQLServer = Get-AzSqlServer -ServerName $ServerName

$Subscription = Get-AzSubscription

"Subscription Data" -f $Subscription.Id

if (-not $AzSQLServer) {
    "Creating New Azure SQL Server"

    $AdminSqlLogin = "xxxxx"
    $Password = "xxxxx"
    $StartIp = "xxxxx.xxxxx.xxxxx.xxxxx"
    $EndIp = "xxxxx.xxxxx.xxxxx.xxxxx"

    $AzSQLServer = New-AzSqlServer -ResourceGroupName $ResourceGroupName `
        -ServerName $ServerName `
        -Location $Location `
        -SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AdminSqlLogin, $(ConvertTo-SecureString -String $Password -AsPlainText -Force))
    if ($AzSQLServer) {  
        $FireWallRule = New-AzSqlServerFirewallRule -ResourceGroupName $ResourceGroupName `
            -ServerName $ServerName `
            -FirewallRuleName "AllowedIPs" -StartIpAddress $StartIp -EndIpAddress $EndIp
        if ($FireWallRule) {
            "Server Created Successfully {0} with firewall Rule Setup" -f $AzSQLServer.ServerName
        }
        else {
            "Server Created Successfully {0} No FireWall Setup" -f $AzSQLServer.ServerName
        }
    }
    else {
        "ERROR: Server Creation UNSUCCESSFUL"
    }

}
else {
    "Server Exists {0}" -f $AzSQLServer.ServerName
}

$AzSQLDatabase = Get-AzSqlDatabase -DatabaseName $DatabaseName -ServerName $ServerName -ResourceGroupName $ResourceGroup.ResourceGroupName

if (-not $AzSQLDatabase) {
    "Creating New Azure SQL Database" 
    $Parameters = @{
        ResourceGroupName             = $ResourceGroupName
        ServerName                    = $ServerName
        DatabaseName                  = $DatabaseName
        RequestedServiceObjectiveName = 'S0'
    }
    $AzSQLDatabase = New-AzSqlDatabase @Parameters
    if ($AzSQLDatabase) {
        "Azure SQL Database {0} Created Successfully " -f $AzSQLDatabase.DatabaseName
    }
    else {
        "ERROR: Azure SQL Database Creation UNSUCCESSFUL"
    }
}
else {
    "Database {0} Exists " -f $AzSQLDatabase.DatabaseName
}

Answer 1:

您可以使用Clear-AzContext删除所有Azure的凭证,账户,和订阅信息。 然后用Connect-AzAccount -Tenant xxxxx -Subscription xxxxx ,它应该工作。



文章来源: Azure PowerShell script does not work when change to a different Azure Subscription
标签: azure powershell azure-active-directory azure-sql-database azure-powershell
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~