Azure Active Directory/PowerShell in SMA

Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭
edited June 2016 in SMA
How (if at all) is anyone getting around using the MSOL based cmd-lets in SMA? It appears that they aren't a fan of being called remotely/without an actual host. But I'm really hoping someone can prove me wrong here!

The basis for this question stems entirely around syncing Office 365 license information into Asset Management. Generally speaking, I have the script/runbook written but it won't execute unless I'm the one actually doing it. It probably goes without saying, but if this could be accomplished the reporting around this area becomes much richer by virtue of being in SCSM's CMDB.

Best Answer

Answers

  • pzergerpzerger Partner Adept IT Monkey ✭✭
    Last I recall, the MSOL cmdlets were updated and renamed to the Azure AD cmdlets. Have you tried those instead? https://msdn.microsoft.com/en-us/library/jj151815.aspx 

    I do remember MSOL cmdlets having a funky prereq of some sort.
  • Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭
    Yeah those are the ones I'm using but they still have a dependency on the "Microsoft Online Service Sign In Assistant"
  • pzergerpzerger Partner Adept IT Monkey ✭✭
    Figured. That Sign In Assistant you can deal with using a PSCredential object in SMA if you run from a host with that component installed...should be doable with an credential that has rights in your O365 sub. Doable in Azure Automation from a Hybrid Worker. Just not possible from Azure-based workers to my knowledge. 
  • Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭
    PSCredential is exactly how I've been attacking this but still no luck. Always throws an error.
  • pzergerpzerger Partner Adept IT Monkey ✭✭
    Hey Adam, did you include the error and I just missed it?
  • Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭
    Nope, I missed that part. Here is the code (example) run along with its output:

    workflow mySMARunbook{
        inlinescript{
            
            $365user = "[email protected]"
            $365userPassword = ConvertTo-SecureString "passwordGoesHere" -AsPlainText -Force
            $365credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $365user, $365userPassword

            Import-Module MSOnline
            Connect-MsolService -credential $365credential
            
            get-msoluser -userprincipalname "[email protected]"
               
        } -PSComputerName $computerWithAzurePSComponents -PSCredential $storedSMAAsset
    }

    Error: Connect-MsolService : Exception of type 'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was 
    thrown.

    Needless to say the "get-msoluser" line fails instantly since connect-msolservice doesn't work with the above error. And again - this works as expected on the $computerWithAzurePSComponents if I'm the one doing it by hand.
Sign In or Register to comment.