Jaa


Get-MsolServicePrincipalCredential

Updated: July 30, 2015

Applies To: Azure, Office 365, Windows Intune

Note



  • The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Get-MsolServicePrincipalCredential cmdlet can be used to retrieve a list of credentials associated with a service principal.

Syntax

Get-MsolServicePrincipalCredential -ObjectId <Guid> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]

Get-MsolServicePrincipalCredential -ServicePrincipalName <string> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]

Parameters

    -AppPrincipalId <Guid>
        The application ID associated with the service principal credentials 
        to retrieve.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -ObjectId <Guid>
        The object ID associated with the service principal credentials to 
        retrieve.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ServicePrincipalName <string>
        The unique name of the service principal to retrieve credentials from.
        An SPN must use one of the following formats "appName" or 
        "appName/hostname" or be a valid URL.  AppName represents the name of 
        the application and hostname represents the URI authority for the 
        application.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer, PipelineVariable, and OutVariable. For more information, 
    see 
        about_CommonParameters 
    (https://go.microsoft.com/fwlink/?LinkID=113216).

Examples

Output is provided by Microsoft.Online.Administration.ServicePrincipalCredential. The output retrieves the list of credentials associated with a service principal. Each service principal contains the following information:

  • Type - The type of service principal credential (Asymmetric/Symmetric/Password)

  • Value - The value of the credential. If the credential type is certificate, this represents the base 64 encoded certificate. If credential type is symmetric, it represents an AES key

  • KeyGroupId - The identifier reserved for internal use

  • KeyId - The unique identifier of the key

  • StartDate - The effective start date of the credential usage

  • EndDate - The effective end date of the credential usage

  • Usage - Specifies if the credential is used to "sign" or "verify" a token

Example 1

The following command will retrieve all of the credential properties (but not the credential value) associated with the service principal name (SPN) "MyApp/Contoso.com". An SPN must follow the format appClass/hostname, where appClass represents the application class ("MyApp") and hostname represents the hostname for the application (Contoso.com).

Get-MsolServicePrincipalCredential -ServicePrincipalName "MyApp/Contoso.com"

Additional Resources

There are several other places you can get more information and help. These include:

  1. Azure Active Directory Forum

  2. Azure AD Community Information Center

  3. Azure Active Directory Community scripts

See Also

Other Resources

Manage Azure Active Directory by using Windows PowerShell