以使用者的身分使用 PowerShell 連線到 Azure Stack HubConnect to Azure Stack Hub with PowerShell as a user

您可以使用 PowerShell 連線到 Azure Stack Hub,以管理 Azure Stack Hub 資源。You can connect to Azure Stack Hub with PowerShell to manage Azure Stack Hub resources. 例如,您可以使用 PowerShell 來訂閱供應項目、建立虛擬機器 (VM) 及部署 Azure Resource Manager 範本。For example, you can use PowerShell to subscribe to offers, create virtual machines (VMs), and deploy Azure Resource Manager templates.

若要進行設定:To get setup:

  • 確定您具有必要項目。Make sure you have the requirements.
  • 與 Azure Active Directory (Azure AD) 或「Active Directory 同盟服務」(AD FS) 連線。Connect with Azure Active Directory (Azure AD) or Active Directory Federation Services (AD FS).
  • 註冊資源提供者。Register resource providers.
  • 測試連線能力。Test your connectivity.

使用 PowerShell 連線的必要條件Prerequisites to connecting with PowerShell

開發套件,或從 Windows 型外部用戶端 (如果您透過 VPN 連線),設定下列必要條件:Configure these prerequisites from the development kit, or from a Windows-based external client if you're connected through VPN:

務必使用 Azure Stack Hub 組態中的值取代下列指令碼變數:Make sure you replace the following script variables with values from your Azure Stack Hub configuration:

  • Azure AD 租用戶名稱Azure AD tenant name
    用來管理 Azure Stack Hub 的 Azure AD 租用戶名稱。The name of your Azure AD tenant used to manage Azure Stack Hub. 例如 yourdirectory.onmicrosoft.com。For example, yourdirectory.onmicrosoft.com.
  • Azure Resource Manager 端點Azure Resource Manager endpoint
    針對 Azure Stack 開發套件,此值會設定為 https://management.local.azurestack.externalFor Azure Stack Development kit, this value is set to https://management.local.azurestack.external. 若要取得 Azure Stack Hub 整合式系統的這個值,請與您的服務提供者連絡。To get this value for Azure Stack Hub integrated systems, contact your service provider.

使用 Azure AD 來連線到 Azure Stack HubConnect to Azure Stack Hub with Azure AD

    Add-AzEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"
    # Set your tenant name
    $AuthEndpoint = (Get-AzEnvironment -Name "AzureStackUser").ActiveDirectoryAuthority.TrimEnd('/')
    $AADTenantName = "<myDirectoryTenantName>.onmicrosoft.com"
    $TenantId = (invoke-restmethod "$($AuthEndpoint)/$($AADTenantName)/.well-known/openid-configuration").issuer.TrimEnd('/').Split('/')[-1]

    # After signing in to your environment, Azure Stack Hub cmdlets
    # can be easily targeted at your Azure Stack Hub instance.
    Connect-AzAccount -EnvironmentName "AzureStackUser" -TenantId $TenantId

使用 AD FS 來連線到 Azure Stack HubConnect to Azure Stack Hub with AD FS

# Register an Azure Resource Manager environment that targets your Azure Stack Hub instance
Add-AzEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"

# Sign in to your environment
Connect-AzAccount -EnvironmentName "AzureStackUser"

註冊資源提供者Register resource providers

沒有透過入口網站部署任何資源的新使用者訂用帳戶,並不會自動註冊資源提供者。Resource providers aren't automatically registered for new user subscriptions that don't have any resources deployed through the portal. 執行下列指令碼,即可明確註冊資源提供者:You can explicitly register a resource provider by running the following script:

foreach($s in (Get-AzSubscription)) {
        Select-AzSubscription -SubscriptionId $s.SubscriptionId | Out-Null
        Write-Progress $($s.SubscriptionId + " : " + $s.SubscriptionName)
Get-AzResourceProvider -ListAvailable | Register-AzResourceProvider
    }

注意

AD FS 僅支援利用使用者身分識別的互動式驗證。AD FS only supports interactive authentication with user identities. 如果需要認證物件,您必須使用服務主體 (SPN)。If a credential object is required, you must use a service principal (SPN). 如需使用 Azure Stack Hub 和 AD FS 將服務主體設定為身分識別管理服務的詳細資訊,請參閱管理 AD FS 應用程式身分識別For more information on setting up a service principal with Azure Stack Hub and AD FS as your identity management service, see Manage an AD FS app identity.

測試連線Test the connectivity

當您將一切設定妥當時,請使用 PowerShell 在 Azure Stack Hub 中建立資源,以測試連線能力。When you've got everything setup, test connectivity by using PowerShell to create resources in Azure Stack Hub. 在測試時,請建立應用程式的資源群組,並新增 VM。As a test, create a resource group for an application and add a VM. 若要建立名為 "MyResourceGroup" 的資源群組,請執行下列命令:Run the following command to create a resource group named "MyResourceGroup":

New-AzResourceGroup -Name "MyResourceGroup" -Location "Local"

下一步Next steps