你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzStorageAccount
创建存储帐户。
语法
New-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-SkuName] <String>
[-Location] <String>
[-Kind <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-IdentityType <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-KeyName <String>]
[-KeyVersion <String>]
[-KeyVaultUri <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-EnableHierarchicalNamespace <Boolean>]
[-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
[-AsJob]
[-EncryptionKeyTypeForTable <String>]
[-EncryptionKeyTypeForQueue <String>]
[-RequireInfrastructureEncryption]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-EnableNfsV3 <Boolean>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-EdgeZone <String>]
[-PublicNetworkAccess <String>]
[-EnableAccountLevelImmutability]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-AllowedCopyScope <String>]
[-DnsEndpointType <String>]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[<CommonParameters>] New-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-SkuName] <String>
[-Location] <String>
[-Kind <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-IdentityType <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-KeyName <String>]
[-KeyVersion <String>]
[-KeyVaultUri <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-EnableHierarchicalNamespace <Boolean>]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
-EnableAzureActiveDirectoryKerberosForFile <Boolean>
[-ActiveDirectoryDomainName <String>]
[-ActiveDirectoryDomainGuid <String>]
[-AsJob]
[-EncryptionKeyTypeForTable <String>]
[-EncryptionKeyTypeForQueue <String>]
[-RequireInfrastructureEncryption]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-EnableNfsV3 <Boolean>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-EdgeZone <String>]
[-PublicNetworkAccess <String>]
[-EnableAccountLevelImmutability]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-AllowedCopyScope <String>]
[-DnsEndpointType <String>]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[<CommonParameters>] New-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-SkuName] <String>
[-Location] <String>
[-Kind <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-IdentityType <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-KeyName <String>]
[-KeyVersion <String>]
[-KeyVaultUri <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-EnableHierarchicalNamespace <Boolean>]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
[-EnableActiveDirectoryDomainServicesForFile <Boolean>]
[-ActiveDirectoryDomainName <String>]
[-ActiveDirectoryNetBiosDomainName <String>]
[-ActiveDirectoryForestName <String>]
[-ActiveDirectoryDomainGuid <String>]
[-ActiveDirectoryDomainSid <String>]
[-ActiveDirectoryAzureStorageSid <String>]
[-ActiveDirectorySamAccountName <String>]
[-ActiveDirectoryAccountType <String>]
[-AsJob]
[-EncryptionKeyTypeForTable <String>]
[-EncryptionKeyTypeForQueue <String>]
[-RequireInfrastructureEncryption]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-EnableNfsV3 <Boolean>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-EdgeZone <String>]
[-PublicNetworkAccess <String>]
[-EnableAccountLevelImmutability]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-AllowedCopyScope <String>]
[-DnsEndpointType <String>]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[<CommonParameters>] 说明
New-Az存储Account cmdlet 创建Azure 存储帐户。
示例
示例 1:创建存储帐户
New-AzStorageAccount -ResourceGroupName MyResourceGroup -Name mystorageaccount -Location westus -SkuName Standard_GRS此命令为资源组名称 MyResourceGroup 创建存储帐户。
示例 2:使用 Blob 创建 Blob 存储帐户存储类型和热 AccessTier
New-AzStorageAccount -ResourceGroupName MyResourceGroup -Name mystorageaccount -Location westus -SkuName Standard_GRS -Kind BlobStorage -AccessTier Hot此命令创建一个 Blob 存储帐户,该帐户具有 Blob存储 Kind 和 hot AccessTier
示例 3:使用 Kind 存储V2 创建存储帐户,并为 Azure KeyVault 生成和分配标识。
New-AzStorageAccount -ResourceGroupName MyResourceGroup -Name mystorageaccount -Location westus -SkuName Standard_GRS -Kind StorageV2 -AssignIdentity此命令使用 Kind 存储V2 创建存储帐户。 它还生成并分配一个标识,该标识可用于通过 Azure KeyVault 管理帐户密钥。
示例 4:使用来自 JSON 的 NetworkRuleSet 创建存储帐户
New-AzStorageAccount -ResourceGroupName MyResourceGroup -Name mystorageaccount -Location westus -Type Standard_LRS -NetworkRuleSet (@{bypass="Logging,Metrics";
ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
@{IPAddressOrRange="10.0.0.0/7";Action="allow"});
virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
defaultAction="Deny"})此命令创建一个存储帐户,该帐户具有来自 JSON 的 NetworkRuleSet 属性
示例 5:创建启用了分层命名空间、启用 Sftp 和 localuser 的存储帐户。
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "US West" -SkuName "Standard_GRS" -Kind StorageV2 -EnableHierarchicalNamespace $true -EnableSftp $true -EnableLocalUser $true此命令创建启用了分层命名空间、已启用 Sftp 和 localuser 的存储帐户。
示例 6:使用 Azure 文件存储 Microsoft Entra 域服务身份验证创建存储帐户,并启用大型文件共享。
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -EnableAzureActiveDirectoryDomainServicesForFile $true -EnableLargeFileShare此命令创建一个存储帐户,其中包含Azure 文件存储 Microsoft Entra 域服务身份验证,并启用大型文件共享。
示例 7:使用启用文件Active Directory 域服务身份验证和 DefaultSharePermission 创建存储帐户。
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -EnableActiveDirectoryDomainServicesForFile $true `
-ActiveDirectoryDomainName "mydomain.com" `
-ActiveDirectoryNetBiosDomainName "mydomain.com" `
-ActiveDirectoryForestName "mydomain.com" `
-ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
-ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
-ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234" `
-ActiveDirectorySamAccountName "samaccountname" `
-ActiveDirectoryAccountType User `
-DefaultSharePermission StorageFileDataSmbShareElevatedContributor此命令创建一个存储帐户,其中包含可启用的文件Active Directory 域服务身份验证和 DefaultSharePermission。
示例 8:使用队列和表服务创建具有队列和表服务的存储帐户,并使用帐户范围的加密密钥,并要求基础结构加密。
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -EncryptionKeyTypeForTable Account -EncryptionKeyTypeForQueue Account -RequireInfrastructureEncryption
$account = Get-AzStorageAccount -ResourceGroupName $rgname -Name $accountName
$account.Encryption.Services.Queue
Enabled LastEnabledTime KeyType
------- --------------- -------
True 1/9/2020 6:09:11 AM Account
$account.Encryption.Services.Table
Enabled LastEnabledTime KeyType
------- --------------- -------
True 1/9/2020 6:09:11 AM Account
$account.Encryption.RequireInfrastructureEncryption
True此命令创建具有队列和表服务存储帐户使用帐户范围的加密密钥和需要基础结构加密,因此队列和表将使用相同的加密密钥与 Blob 和文件服务,并且该服务将使用平台托管密钥的辅助加密层用于静态数据。 然后获取存储帐户属性,并查看队列和表服务的加密密钥类型以及 RequireInfrastructureEncryption 值。
示例 9:创建帐户 MinimumTlsVersion 和 AllowBlobPublicAccess,并禁用 SharedKey 访问
$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false -AllowSharedKeyAccess $false
$account.MinimumTlsVersion
TLS1_1
$account.AllowBlobPublicAccess
False
$a.AllowSharedKeyAccess
False该命令使用 MinimumTlsVersion、AllowBlobPublicAccess 和禁用对帐户的 SharedKey 访问,然后显示创建的帐户的 3 个属性
示例 10:使用 RoutingPreference 设置创建存储帐户
$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -PublishMicrosoftEndpoint $true -PublishInternetEndpoint $true -RoutingChoice MicrosoftRouting
$account.RoutingPreference
RoutingChoice PublishMicrosoftEndpoints PublishInternetEndpoints
------------- ------------------------- ------------------------
MicrosoftRouting True True
$account.PrimaryEndpoints
Blob : https://mystorageaccount.blob.core.windows.net/
Queue : https://mystorageaccount.queue.core.windows.net/
Table : https://mystorageaccount.table.core.windows.net/
File : https://mystorageaccount.file.core.windows.net/
Web : https://mystorageaccount.z2.web.core.windows.net/
Dfs : https://mystorageaccount.dfs.core.windows.net/
MicrosoftEndpoints : {"Blob":"https://mystorageaccount-microsoftrouting.blob.core.windows.net/","Queue":"https://mystorageaccount-microsoftrouting.queue.core.windows.net/","Table":"https://mystorageaccount-microsoftrouting.table.core.windows.net/","File":"ht
tps://mystorageaccount-microsoftrouting.file.core.windows.net/","Web":"https://mystorageaccount-microsoftrouting.z2.web.core.windows.net/","Dfs":"https://mystorageaccount-microsoftrouting.dfs.core.windows.net/"}
InternetEndpoints : {"Blob":"https://mystorageaccount-internetrouting.blob.core.windows.net/","File":"https://mystorageaccount-internetrouting.file.core.windows.net/","Web":"https://mystorageaccount-internetrouting.z2.web.core.windows.net/","Dfs":"https://w
eirp3-internetrouting.dfs.core.windows.net/"}此命令创建具有 RoutingPreference 设置的 存储 帐户:PublishMicrosoftEndpoint 和 PublishInternetEndpoint 为 true,以及 RoutingChoice 作为 MicrosoftRouting。
示例 11:使用 EdgeZone 和 AllowCrossTenantReplication 创建存储帐户
$account = New-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -SkuName Premium_LRS -Location westus -EdgeZone "microsoftlosangeles1" -AllowCrossTenantReplication $false
$account.ExtendedLocation
Name Type
---- ----
microsoftlosangeles1 EdgeZone
$account.AllowCrossTenantReplication
False此命令创建一个存储帐户,EdgeZone 为“microsoftlosangeles1”,AllowCrossTenantReplication 为 false,然后显示创建的帐户相关属性。
示例 12:使用 KeyExpirationPeriod 和 SasExpirationPeriod 创建存储帐户
$account = New-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -SkuName Premium_LRS -Location eastus -KeyExpirationPeriodInDay 5 -SasExpirationPeriod "1.12:05:06"
$account.KeyPolicy.KeyExpirationPeriodInDays
5
$account.SasPolicy.SasExpirationPeriod
1.12:05:06此命令使用 KeyExpirationPeriod 和 SasExpirationPeriod 创建存储帐户,然后显示创建的帐户相关属性。
示例 12:使用 Keyvault 加密创建存储帐户(使用用户分配的标识访问 Keyvault)
# Create KeyVault (no need if using exist keyvault)
$keyVault = New-AzKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location eastus2euap -EnablePurgeProtection
$key = Add-AzKeyVaultKey -VaultName $keyvaultName -Name $keyname -Destination 'Software'
# create user assigned identity and grant access to keyvault (no need if using exist user assigned identity)
$userId = New-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $userIdName
Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $userId.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation
$useridentityId= $userId.Id
# create Storage account with Keyvault encryption (access Keyvault with user assigned identity), then show properties
$account = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -Kind StorageV2 -SkuName Standard_LRS -Location eastus2euap `
-IdentityType SystemAssignedUserAssigned -UserAssignedIdentityId $useridentityId `
-KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId
$account.Encryption.EncryptionIdentity
EncryptionUserAssignedIdentity
------------------------------
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid
$account.Encryption.KeyVaultProperties
KeyName : wrappingKey
KeyVersion :
KeyVaultUri : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp : 4/12/2021 8:17:57 AM此命令首先创建 keyvault 和用户分配的标识,然后创建具有 keyvault 加密的存储帐户(具有用户分配标识的存储访问密钥保管库)。
示例 13:使用 EnableNfsV3 创建帐户
$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -SkuName Standard_LRS -Location centraluseuap -Kind StorageV2 -EnableNfsV3 $true -EnableHierarchicalNamespace $true -EnableHttpsTrafficOnly $false -NetworkRuleSet (@{bypass="Logging,Metrics";
virtualNetworkRules=(@{VirtualNetworkResourceId="$vnet1";Action="allow"});
defaultAction="deny"})
$account.EnableNfsV3
True命令使用 EnableNfsV3 作为 true 创建帐户,然后显示已创建的帐户的 EnableNfsV3 属性
示例 14:创建禁用 PublicNetworkAccess 的帐户
$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -SkuName Standard_LRS -Location centraluseuap -Kind StorageV2 -PublicNetworkAccess Disabled
$account.PublicNetworkAccess
Disabled该命令创建帐户,并禁用该帐户的 PublicNetworkAccess。
示例 15:使用帐户级别 mmutability 策略创建帐户
$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -SkuName Standard_LRS -Location centraluseuap -Kind StorageV2 -EnableAccountLevelImmutability -ImmutabilityPeriod 1 -ImmutabilityPolicyState Unlocked
$account.ImmutableStorageWithVersioning.Enabled
True
$account.ImmutableStorageWithVersioning.ImmutabilityPolicy
ImmutabilityPeriodSinceCreationInDays State
------------------------------------- -----
1 Unlocked该命令创建一个帐户,并通过“-EnableAccountLevelImmutability”版本控制启用帐户级别不可变性,然后此帐户下的所有容器默认启用对象级不可变性。 该帐户还使用默认帐户级不可变性策略创建,该策略继承并应用于对象级别不具有显式不可变性策略的对象。
示例 16:创建启用了Azure 文件存储 Active Directory 域服务 Kerberos 身份验证的存储帐户。
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -EnableAzureActiveDirectoryKerberosForFile $true `
-ActiveDirectoryDomainName "mydomain.com" `
-ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012"此命令创建一个存储帐户,该帐户启用了Azure 文件存储 Active Directory 域服务 Kerberos 身份验证。
示例 17:从另一个租户创建具有 Keyvault 的 存储 帐户(使用 FederatedClientId 访问 Keyvault)
# create Storage account with Keyvault encryption (access Keyvault with FederatedClientId), then show properties
$account = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -Kind StorageV2 -SkuName Standard_LRS -Location eastus2euap `
-IdentityType SystemAssignedUserAssigned -UserAssignedIdentityId $useridentityId `
-KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId -KeyVaultFederatedClientId $federatedClientId
$account.Encryption.EncryptionIdentity
EncryptionUserAssignedIdentity EncryptionFederatedIdentityClientId
------------------------------ -----------------------------------
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid ********-****-****-****-************
$account.Encryption.KeyVaultProperties
KeyName : wrappingKey
KeyVersion :
KeyVaultUri : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp : 3/3/2022 2:07:34 AM此命令从另一个租户创建具有 Keyvault 的存储帐户(使用 FederatedClientId 访问 Keyvault)。
示例 18:创建使用 DnsEndpointType 作为 AzureDnsZone 的帐户
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -SkuName Standard_LRS -Location centraluseuap -Kind StorageV2 -DnsEndpointType AzureDnsZone该命令使用 DnsEndpointType 作为 AzureDnsZone 创建存储帐户,以在单个订阅中创建大量帐户,该帐户在 Azure DNS 区域中创建帐户,终结点 URL 将具有字母数字 DNS 区域标识符。
参数
-AccessTier
指定此 cmdlet 创建的存储帐户的访问层。 此参数的可接受值为:热值和冷值。 如果为 Kind 参数指定 Blob 值存储,则必须为 AccessTier 参数指定值。 如果为此 Kind 参数指定存储值,请不要指定 AccessTier 参数。
| Type: | String |
| Accepted values: | Hot, Cool |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryAccountType
指定Azure 存储的 Active Directory 帐户类型。 可能的值包括:“User”、“Computer”。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryAzureStorageSid
指定Azure 存储的安全标识符(SID)。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryDomainGuid
指定域 GUID。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryDomainName
指定 AD DNS 服务器权威的主域。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryDomainSid
指定安全标识符(SID)。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryForestName
指定要获取的 Active Directory 林。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectoryNetBiosDomainName
指定 NetBIOS 域名。 当 -EnableActiveDirectoryDomainServicesForFile 设置为 true 时,必须设置此参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ActiveDirectorySamAccountName
为 Azure 存储 指定 Active Directory SAMAccountName。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowBlobPublicAccess
允许匿名访问存储帐户中的所有 Blob 或容器。 此属性的默认解释为 false。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowCrossTenantReplication
获取或设置允许或禁止跨 Microsoft Entra 租户对象副本 (replica)。 此属性的默认解释为 false。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowedCopyScope
设置对 Microsoft Entra 租户中存储帐户或专用链接到同一 VNet 的复制和从中复制。 可能的值包括:“PrivateLink”、“AAD”
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowSharedKeyAccess
指示存储帐户是否允许通过共享密钥通过帐户访问密钥授权请求。 如果为 false,则必须使用 Microsoft Entra ID 授权所有请求(包括共享访问签名)。 默认值为 null,等效于 true。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AsJob
在后台运行 cmdlet
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AssignIdentity
为此存储帐户生成并分配新的存储帐户标识,以用于 Azure KeyVault 等密钥管理服务。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CustomDomainName
指定存储帐户的自定义域的名称。 默认值为存储。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultSharePermission
如果未分配 RBAC 角色,则使用 Kerberos 身份验证的用户的默认共享权限。
| Type: | String |
| Accepted values: | None, StorageFileDataSmbShareContributor, StorageFileDataSmbShareReader, StorageFileDataSmbShareElevatedContributor |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DnsEndpointType
指定终结点的类型。 将此设置为 AzureDNSZone 以在单个订阅中创建大量帐户,该订阅在 Azure DNS 区域中创建帐户,终结点 URL 将具有字母数字 DNS 区域标识符。 可能的值包括:“Standard”、“AzureDnsZone”。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EdgeZone
设置 EdgeZone 的扩展位置名称。 如果未设置,将在 Azure 主区域中创建存储帐户。 否则,它将在指定的扩展位置创建
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableAccountLevelImmutability
启用帐户级不可变性,默认情况下,此帐户下的所有容器都将启用对象级不可变性。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableActiveDirectoryDomainServicesForFile
为存储帐户启用Azure 文件存储 Active Directory 域服务身份验证。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableAzureActiveDirectoryDomainServicesForFile
为存储帐户启用Azure 文件存储 Microsoft Entra 域服务身份验证。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableAzureActiveDirectoryKerberosForFile
为存储帐户启用Azure 文件存储 Active Directory 域服务 Kerberos 身份验证。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableHierarchicalNamespace
指示存储帐户是否启用分层命名空间。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableHttpsTrafficOnly
指示存储帐户是否仅启用 HTTPS 流量。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableLargeFileShare
指示存储帐户是否可以支持容量超过 5 TiB 的大型文件共享。 启用帐户后,无法禁用该功能。 目前仅支持 LRS 和 ZRS 副本 (replica) 类型,因此无法将帐户转换为异地冗余帐户。 若要了解详细信息,请访问 https://go.microsoft.com/fwlink/?linkid=2086047
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableLocalUser
为存储帐户启用本地用户功能。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableNfsV3
如果设置为 true,则启用 NFS 3.0 协议支持
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableSftp
为存储帐户启用安全文件传输协议。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EncryptionKeyTypeForQueue
设置 Queue 的 Encryption KeyType。 默认值为 Service。 -Account:将使用帐户范围的加密密钥对队列进行加密。 -Service:队列将始终使用服务管理的密钥进行加密。
| Type: | String |
| Accepted values: | Service, Account |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EncryptionKeyTypeForTable
设置表的 Encryption KeyType。 默认值为 Service。
- 帐户:表将使用帐户范围的加密密钥进行加密。
- 服务:表将始终使用服务管理的密钥进行加密。
| Type: | String |
| Accepted values: | Service, Account |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityType
设置新的存储帐户标识类型,idenetity 用于 Azure KeyVault 等密钥管理服务。
| Type: | String |
| Accepted values: | SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ImmutabilityPeriod
自创建策略以来容器中 Blob 的不可变性时间段。 只能使用“-EnableAccountLevelImmutability”指定此属性。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ImmutabilityPolicyState
策略的模式。 可能的值包括:“Unlocked”、“Disabled”。 禁用状态会禁用策略。 解锁状态允许增加和减少不可变保留时间,还允许切换 allowProtectedAppendWrites 属性。 策略只能在“已禁用”或“已解锁”状态下创建,并且可以在两种状态之间切换。 只能使用“-EnableAccountLevelImmutability”指定此属性。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyExpirationPeriodInDay
此帐户的密钥到期期限,准确到天数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyName
存储帐户加密密钥来源 KeyVault KeyName
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyVaultFederatedClientId
将多租户应用程序的 ClientId 与用户分配的标识一起使用,以便在存储帐户上进行跨租户客户管理的密钥服务器端加密。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyVaultUri
存储帐户加密密钥来源 KeyVault KeyVaultUri
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyVaultUserAssignedIdentityId
为用于访问 存储 帐户加密的 Azure KeyVault 的用户分配标识设置资源 ID,该 ID 必须在 UserAssignIdentityId 中。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyVersion
存储帐户加密密钥来源 KeyVault KeyVersion
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Kind
指定此 cmdlet 创建的存储帐户的类型。 此参数的可接受值为:
- 存储。 常规用途存储帐户,该帐户支持存储 Blob、表、队列、文件和磁盘。
- 存储V2。 常规用途版本 2 (GPv2) 存储支持 Blob、表、队列、文件和磁盘的帐户,以及数据分层等高级功能。
- BlobStorage。 仅支持存储 Blob 的 Blob 存储帐户。
- BlockBlobStorage。 块 Blob 存储帐户,该帐户仅支持存储块 Blob。
- FileStorage。 仅支持存储文件的文件存储帐户。 默认值为 存储V2。
| Type: | String |
| Accepted values: | Storage, StorageV2, BlobStorage, BlockBlobStorage, FileStorage |
| Position: | Named |
| Default value: | StorageV2 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Location
指定要创建的存储帐户的位置。
| Type: | String |
| Position: | 3 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-MinimumTlsVersion
请求存储时允许的最低 TLS 版本。 对于此属性,默认解释为 TLS 1.0。
| Type: | String |
| Accepted values: | TLS1_0, TLS1_1, TLS1_2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
指定要创建的存储帐户的名称。
| Type: | String |
| Aliases: | StorageAccountName, AccountName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-NetworkRuleSet
NetworkRuleSet 用于为防火墙和虚拟网络定义一组配置规则,以及为允许绕过规则的服务等网络属性设置值,以及如何处理与任何已定义规则不匹配的请求。
| Type: | PSNetworkRuleSet |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublicNetworkAccess
允许或禁止公共网络访问 存储 Account.Possible 值包括:“Enabled”、“Disabled”。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublishInternetEndpoint
指示是否发布 Internet 路由存储终结点
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublishMicrosoftEndpoint
指示是否发布 Microsoft 路由存储终结点
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RequireInfrastructureEncryption
该服务将使用平台托管密钥对静态数据应用辅助加密层。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
指定要在其中添加存储帐户的资源组的名称。
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RoutingChoice
路由选择定义用户选择的网络路由类型。 可能的值包括:“MicrosoftRouting”、“InternetRouting”
| Type: | String |
| Accepted values: | MicrosoftRouting, InternetRouting |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SasExpirationPeriod
此帐户的 SAS 到期期限,是时间跨度和精确到秒。
| Type: | TimeSpan |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SkuName
指定此 cmdlet 创建的存储帐户的 SKU 名称。 此参数的可接受值为:
- Standard_LRS。 本地冗余存储。
- Standard_ZRS。 区域冗余存储。
- Standard_GRS。 异地冗余存储。
- Standard_RAGRS。 读取访问异地冗余存储。
- 高级版_LRS。 高级版本地冗余存储。
- 高级版_ZRS。 高级版区域冗余存储。
- Standard_GZRS - 异地冗余区域冗余存储。
- Standard_RAGZRS - 读取访问异地冗余区域冗余存储。
| Type: | String |
| Aliases: | StorageAccountType, AccountType, Type |
| Accepted values: | Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Tag
以哈希表的形式设置为服务器上的标记的键值对。 例如:@{key0=“value0”;key1=$null;key2=“value2”}
| Type: | Hashtable |
| Aliases: | Tags |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserAssignedIdentityId
为新的存储帐户用户分配的标识设置资源 ID,该标识将用于 Azure KeyVault 等密钥管理服务。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseSubDomain
指示是否启用间接 CName 验证。
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
输出
相关链接
反馈
即将推出:在整个 2024 年,我们将逐步取消以“GitHub 问题”作为内容的反馈机制,并将其替换为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈