New-AzADSpCredential

Reference

Module:: Az.Resources

Adds a credential to an existing service principal.

Warning

There are upcoming breaking changes in this cmdlet. These changes are currently in preview with Az.Resources version 5.0.0-preview. They will become generally available with our next major release of the Az PowerShell module, version 7.x in December of 2021. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

New-AzADSpCredential
   -ObjectId <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADSpCredential
   -ObjectId <String>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADSpCredential
   -ServicePrincipalName <String>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADSpCredential
   -ServicePrincipalName <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADSpCredential
   -ServicePrincipalObject <PSADServicePrincipal>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADSpCredential
   -ServicePrincipalObject <PSADServicePrincipal>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzADSpCredential cmdlet can be used to add a new credential or to roll credentials for a service principal. The service principal is identified by supplying either the object id or service principal name.

Examples

Example 1: Create a new service principal credential using a generated password

PS C:\> New-AzADSpCredential -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476

Secret    : System.Security.SecureString
StartDate : 11/12/2018 9:36:05 PM
EndDate   : 11/12/2019 9:36:05 PM
KeyId     : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type      : Password

A new password credential is added to the existing service principal with object id '1f99cf81-0146-4f4e-beae-2007d0668476'.

Example 2: Create a new service principal credential using a certificate

PS C:\> $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
PS C:\> $cer.Import("C:\myapp.cer")
PS C:\> $binCert = $cer.GetRawCertData()
PS C:\> $credValue = [System.Convert]::ToBase64String($binCert)
PS C:\> New-AzADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue -StartDate $cer.NotBefore -EndDate $cer.NotAfter

The supplied base64 encoded public X509 certificate ("myapp.cer") is added to the existing service principal using its SPN.

Example 3: Create a new service principal credential using piping

PS C:\> Get-AzADServicePrincipal -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476 | New-AzADSpCredential

Secret    : System.Security.SecureString
StartDate : 11/12/2018 9:36:05 PM
EndDate   : 11/12/2019 9:36:05 PM
KeyId     : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type      : Password

Gets the service principal with object id '1f99cf81-0146-4f4e-beae-2007d0668476' and pipes that to the New-AzADSpCredential to create a new service principal credential for that service principal with a generated password.

Parameters

-CertValue

The value of the "asymmetric" credential type. It represents the base 64 encoded certificate.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-EndDate

The effective end date of the credential usage. The default end date value is one year from today. For an "asymmetric" type credential, this must be set to on or before the date that the X509 certificate is valid.

Type:	DateTime
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ObjectId

The object id of the service principal to add the credentials to.

Type:	String
Aliases:	ServicePrincipalObjectId
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ServicePrincipalName

The name (SPN) of the service principal to add the credentials to.

Type:	String
Aliases:	SPN
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ServicePrincipalObject

The service principal object to add the credentials to.

Type:	PSADServicePrincipal
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-StartDate

The effective start date of the credential usage. The default start date value is today. For an "asymmetric" type credential, this must be set to on or after the date that the X509 certificate is valid from.