dgoldman-msft / psserviceprincipal Goto Github PK

Hello could there maybe an option to create an owner (or multiple) for the ServicePrincipal?

BTW I love your work; saves me a ton of hour ;)

In Powershell verion 5.1.22621.963. script generates errors:

[10:03:22][New-ServicePrincipal] Creating SPN with ApplicationID
WARNING: [10:03:22][New-ServicePrincipal] Cannot find type
[Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential]: verify that the assembly containing this type is
loaded.
[10:03:22][] Checking current Role Assignment. Waiting for AD Replication
WARNING: [10:03:23][Add-RoleToSPN] Failed to: Applying role assignment: Adding Contributor role to SPN | Cannot
validate argument on parameter 'ApplicationId'. The argument is null or empty. Provide an argument that is not null or
empty, and then try the command again.
[10:03:23][Add-ExchangePermsToSPN.ps1] Exchange.ManageAsApp roll applied to application ExchangeCBAApp. To complete setup go to your application in the Azure portal and Grant Admin Consent.
WARNING: [10:03:24][Add-ExchangePermsToSPN.ps1] Cannot convert 'System.Object[]' to the type 'System.String' required
by parameter 'ObjectId'. Specified method is not supported.
[10:03:24][New-ServicePrincipalObject] Completed. Log saved to: "C:\Users\user\Documents\PSServiecPrincipal Logging".

[09:51:16][Add-ExchangePermsToSPN.ps1] Exchange.ManageAsApp roll applied to application ExOapponly2021. To complete setup go to your application in the Azure portal and Grant Admin Consent.
WARNING: [09:51:18][Add-ExchangePermsToSPN.ps1] Cannot convert 'System.Object[]' to the type 'System.String' required
by parameter 'ObjectId'. Specified method is not supported.

Thus step 5 "Select 'API Permissions' to verify that 'Exchange.ManageAsApp' has been added successfully." fails for obvious reasons. Should this really be a warning and not an outright error instead?

Additionally, there are a bunch of other warnings/errors eg (there were more):

WARNING: Upcoming breaking changes in the cmdlet 'Get-AzRoleAssignment' :
This cmdlet will use Microsoft Graph in Az 7.x and later.
Visit https://go.microsoft.com/fwlink/?linkid=2174792 for migration guide and breaking changes.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other
information on breaking changes in Azure PowerShell.
WARNING: Upcoming breaking changes in the cmdlet 'New-AzRoleAssignment' :
This cmdlet will use Microsoft Graph in Az 7.x and later.
Visit https://go.microsoft.com/fwlink/?linkid=2174792 for migration guide and breaking changes.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other
information on breaking changes in Azure PowerShell.
WARNING: [09:51:15][Add-RoleToSPN] Failed to: Applying role assignment: Adding Contributor role to SPN | Object
reference not set to an instance of an object.

Because I have a dev tenant this wasn't an issue, but not supporting MFA login also reduces the viability of the PS.

In trying to follow your instructions, I received the follow error: At this time AzureAD PowerShell module does not work on PowerShell Core. Please use PowerShell version 5 or 6 to create Registered Applications.