Reputation: 52952
Adding employee id to claims in azure AD, Add-AzureADServicePrincipalPolicy is giving does not exist error for service principal id
I'm following this tutorial
I've reached these instructions:
Assign the policy to your service principal. You also need to get the ObjectId of your service principal.
To see all your organization's service principals, you can query the Microsoft Graph API. Or, in Microsoft Graph Explorer, sign in to your Azure AD account.
When you have the ObjectId of your service principal, run the following command: PowerShell
Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
So, getting the service principal ID is very unclear, I went to my Azure AD, clicked App Registrations, clicked my Application, this has Application ID, Object ID and Tenant ID, but according some instructions online I should click the "Managed application in..." on the right, which takes me to the Application | Overview page, then the Object Id there is the one I need.
However it does not work. I tried several IDs actually from various pages, but all presented me with this error:
C:\temp> Add-AzureADServicePrincipalPolicy -Id guid -RefObjectId otherguid
Add-AzureADServicePrincipalPolicy : Error occurred while executing AddServicePrincipalPolicy
Code: Request_ResourceNotFound
Message: Resource 'guid' does not exist or one of its queried reference-property
objects are not present.
InnerError:
RequestId: yetanotherguid
DateTimeStamp: Fri, 16 Sep 2022 09:45:14 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:1 char:1
+ Add-AzureADServicePrincipalPolicy -Id guid ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-AzureADServicePrincipalPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.Add
ServicePrincipalPolicy
Can anyone advise what to do? I thought perhaps I'd be able to get the ID from a powershell command, I tried Get-AzureADServicePrincipal which gave me a giant list but I couldn't see anything on there that looked like my application.
Upvotes: 0
Views: 1379
Answers (1)
Reputation: 16054
I tried to reproduce the same in my environment and got the same error as below:
The error usually occurs if you are giving Azure AD Application Object_ID.
To resolve the error, include the Object_ID of the Azure Enterprise Application (Service Principal).
Please note that, Enterprise Applications are list of Service Principals.
You can find your Service Principal Object ID like below:
Go to Enterprise Application -> Find your App Name -> Object_ID
From the PowerShell, you can get the Service Principal Object ID like below:
Get-AzureADServicePrincipal -All:$true -SearchString test_app
I am able to add policy to the Service Principal by providing its Object_ID successfully like below:
Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
Get-AzureADServicePrincipalPolicy -Id PolicyID
Response:
Please note that, If you are creating Azure AD Application via Azure PowerShell/CLI Service Principal won't be created.
You have to create Application in Azure Portal manually to get the Service Principal created automatically.
Upvotes: 1
Related Questions
- azure App registration using powershell does not create a service principal
- Why do I get the error 'The provided information does not map to an AD object id.' when executing New-AzRoleAssignment using a Service Principal?
- Create service principal from azure cli
- AzureAD PowerShell New-AzureRmRoleAssignment keeps failing
- "Add-AzureAccount" Got an error: Returned by service does not match user 'XXX' in the request
- Azure AD - create a new Service Principal programmatically
- Could not create a service principal with the right permissions
- Service principal credentials, set custom identifier?
- Unable to add Credential to a Service Principal in Azure AD
- AzureAD powershell New Service Principal