Executing Select-AzureRmSubscription works from one of my (client) machines but not in an other

3
votes

Context

I have a Microsoft account, an I have and Azure subscription for it. I've got access rights (added as user: owner) to other Microsoft account's other subscriptions.

All works OK, when I log with my one and only credential in to the Azure portal, I can see the directories (tenants?) listed in the top right menu, so I can switch. After switching to a directory I can see the subscription(s) for that directory.

I would like to use this credential similarly in PowerShell. So far I used Select-AzureRmSubscription with success, and interestingly I experienced, that I can omit -TenanttId parameter even the subscription is under other tenant as my default directory. (I suppose Select-AzureRmSubscription iterates though all the tenant's all subscriptions to find the guid I providing in -SubscrptionId parameter. (or was this only a "bug"?). Anyway now I've switched to an other client computer, and freshly installed AzureRM PowerShell modules, and the very same Select-AzureRmSubscription does not work there. So I thought this "bug" was "fixed" and now I must use the -TenantId parameter too. However I still got error.

NOTE: All works from my older developer machine: I can switch between subscriptions of different tenants just by using Select-AzureRmSubscription (even not using -TenantId parameter)

What I've tried:

$subscriptionId = "42940206-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
$tenantId = "ce8a477c-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Login-AzureRmAccount
Select-AzureRmSubscription -SubscriptionId $subscriptionId -TenantId $tenanId

I've got the following error message:

Set-AzureRmContext : Cannot validate argument on parameter 'SubscriptionId'. The argument "42940206-xxxx-xxxx-xxxx-xxxxxxxxxxxx" does not belong to the set "0692a8b8-xxxx-xxxx-xxxx-xxxxxxxxxxxx" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.

What is this 0692a8b8-xxxx-xxxx-xxxx-xxxxxxxxxxxx" specified by the ValidateSet attribute. It is neither any of my subscription ids, neither any my tenantIds...

Differences between the two client machines

  • Working: Poweshell 5, approx half year old AzureRM modules, installed by PowerShellGet's Install-Module

  • Not Working: Poweshell 4, latest AzureRM modules, installed by PowerShellGet's Install-Module

The trivial next step would be to install PowerShell 5 on the new machine, but it is a production machine many of stabilized and day by day running PowerShell scripts, so I would not like to risk to break the production processes...

1
powershellazureazure-powershell

1 Answers

5
votes

I ran into similar issue. I was only experiencing the issue if the subscriptions were in different tenants.

The cure, for me, was to get the subscription object, then select it. So, using your example above, where you have $subscriptionId setup with your subscription ID value you want, you'd do:

Get-AzureRmSubscription -SubscriptionId $subscriptionId  | Select-AzureRmSubscription