New-AzADSpCredential
Syntax
New-AzADSpCredential
-ObjectId <String>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]New-AzADSpCredential
-ObjectId <String>
-CertValue <String>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]New-AzADSpCredential
-ServicePrincipalName <String>
-CertValue <String>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]New-AzADSpCredential
-ServicePrincipalName <String>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]New-AzADSpCredential
-ServicePrincipalObject <PSADServicePrincipal>
-CertValue <String>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]New-AzADSpCredential
-ServicePrincipalObject <PSADServicePrincipal>
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Description
The New-AzADSpCredential cmdlet can be used to add a new credential or to roll credentials for a service principal. The service principal is identified by supplying either the object id or service principal name.
Examples
Example 1 - Create a new service principal credential using a generated password
PS C:\> New-AzADSpCredential -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476
Secret : System.Security.SecureString
StartDate : 11/12/2018 9:36:05 PM
EndDate : 11/12/2019 9:36:05 PM
KeyId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type : PasswordA new password credential is added to the existing service principal with object id '1f99cf81-0146-4f4e-beae-2007d0668476'.
Example 2 - Create a new service principal credential using a certificate
PS C:\> $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
PS C:\> $cer.Import("C:\myapp.cer")
PS C:\> $binCert = $cer.GetRawCertData()
PS C:\> $credValue = [System.Convert]::ToBase64String($binCert)
PS C:\> New-AzADSpCredential -ServicePrincipalName "http://test123" -CertValue $credValue -StartDate $cer.NotBefore -EndDate $cer.NotAfterThe supplied base64 encoded public X509 certificate ("myapp.cer") is added to the existing service principal using its SPN.
Example 3 - Create a new service principal credential using piping
PS C:\> Get-AzADServicePrincipal -ObjectId 1f99cf81-0146-4f4e-beae-2007d0668476 | New-AzADSpCredential
Secret : System.Security.SecureString
StartDate : 11/12/2018 9:36:05 PM
EndDate : 11/12/2019 9:36:05 PM
KeyId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type : PasswordGets the service principal with object id '1f99cf81-0146-4f4e-beae-2007d0668476' and pipes that to the New-AzADSpCredential to create a new service principal credential for that service principal with a generated password.
Parameters
The value of the "asymmetric" credential type. It represents the base 64 encoded certificate.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with azure
| Type: | Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The effective end date of the credential usage. The default end date value is one year from today. For an "asymmetric" type credential, this must be set to on or before the date that the X509 certificate is valid.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
The object id of the service principal to add the credentials to.
| Type: | String |
| Aliases: | ServicePrincipalObjectId |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
The name (SPN) of the service principal to add the credentials to.
| Type: | String |
| Aliases: | SPN |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
The service principal object to add the credentials to.
| Type: | Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByValue) |
| Accept wildcard characters: | False |
The effective start date of the credential usage. The default start date value is today. For an "asymmetric" type credential, this must be set to on or after the date that the X509 certificate is valid from.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
Outputs
Microsoft.Azure.Commands.ActiveDirectory.PSADCredential
Microsoft.Azure.Commands.Resources.Models.Authorization.PSADCredentialWrapper