none
Create Client-Secret - User Not Found RRS feed

  • Question

  • Using the below to create the new registered app...

    $subId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    $tenantId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    $appDisplayName = 'myappnamehere'
    $dataLakeStoreName =  'datalakestorenamehere.azuredatalakestore.net'
    $startDate = Get-Date
    $endDate = $startDate.AddYears(3)
    $credentials = New-Object Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property @{ StartDate=Get-Date; EndDate=Get-Date -Year 2099; Password='passw0rd'}
    $app = New-AzADApplication -DisplayName $appDisplayName -IdentifierUris "https://localhost/$appDisplayName" -PasswordCredentials $credentials
    $objId = $app.ObjectId
    #Connect-AzureAD -Credential $psCred
    $aadAppsecret01 = New-AzureADApplicationPasswordCredential -ObjectId $objId -CustomKeyIdentifier "secret01" -StartDate $startDate -EndDate $endDate
    The last line fails with an error:
    New-AzureADApplicationPasswordCredential : Error occurred while executing GetApplication
    Code: Authentication_Unauthorized
    Message: User was not found.
    RequestId: e13fd953-6655-44c5-b10c-1731421def65
    DateTimeStamp: Wed, 12 Jun 2019 14:42:34 GMT
    HttpStatusCode: Forbidden
    HttpStatusDescription: Forbidden
    HttpResponseStatus: Completed
    At line:1 char:19
    + ... psecret01 = New-AzureADApplicationPasswordCredential -ObjectId $objId ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException
        + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADApplicationPasswordCredential

    Wednesday, June 12, 2019 2:51 PM

Answers

All replies

  • I believe you are not connecting to the correct tenant. Can you make sure that you are connecting to the correct tenant by using Connect-AzureAD -TenantId "Your Tenant Id".
    Wednesday, June 12, 2019 6:47 PM
    Moderator
  • Thanks that did work, unfortunately the below failed when I tried to access a file stored in azure data lake.

    $userId = (Get-AzADApplication -DisplayName $appDisplayName).ApplicationId

    Set-AzDataLakeStoreItemAclEntry -AccountName $dataLakeStoreName -Path / -AceType User -Id $userId -Permissions WriteExecute

    ###

    It seems I need to create a Service Principal for my Registered app, Why do I need to create a Service Principal in order to access my data lake store?

    $sp = New-AzureADServicePrincipal -AppId $appId -DisplayName $appDisplayName

    Set-AzDataLakeStoreItemAclEntry -AccountName $dataLakeStoreName -Path / -AceType User -Id (Get-AzADServicePrincipal -ServicePrincipalName $appId).Id -Permissions WriteExecute

    • Proposed as answer by CW73KY Tuesday, June 18, 2019 8:01 AM
    Thursday, June 13, 2019 10:32 AM
  • Great to hear that i worked. Yes, you need to create a service principal to access resources secured by Azure AD tenant and the entity which requires access must be represented by security principal (both for users and applications).

    Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.

    • Proposed as answer by CW73KY Tuesday, June 18, 2019 8:01 AM
    Monday, June 17, 2019 10:38 PM
    Moderator
  • Can you please use "Mark as Answer" link to mark the answer.
    • Proposed as answer by CW73KY Thursday, June 20, 2019 8:04 AM
    Wednesday, June 19, 2019 6:54 AM
    Moderator
  • I don't see an option to "Mark as Answer" only Propose as answer.
    Thursday, June 20, 2019 8:05 AM