Reset the client secret of Azure Service Principal using powershell

0
votes

Using powershell commands i want to reset the Service Principal client secret.

I followed the below steps from the article https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-5.8.0 but it didnot reset the password

Remove-AzADSpCredential -DisplayName ServicePrincipalName
$newCredential = New-AzADSpCredential -ServicePrincipalName ServicePrincipalName

can you tell what i am doing wrong. I just want to reset the secret and have new one

I executed the above command and then i went to the app registration of that service principal and there i went to certificates & secrets i see it has not createed new secret.

Using bash i am able to reset the password by executing the below command but i want it to be done using powershell command

az ad sp credential reset --name
1
azureazure-powershellservice-principalazure-service-principal
SharePoint? Stored Procedure? What does SP mean ? Don't make people guess.Panagiotis Kanavos
SP - Service Principal in Azure AD 😁.Gaurav Mantri
@PanagiotisKanavos Service Principal in azure adashish
What you mean but it did not reset the password, how did you know that?Joy Wang-MSFT
@JoyWang I wento the app registration of that service principal and there i went to certificates & secrets i see it has not createed new secret.ashish

1 Answers

2
votes

I went to the app registration of that service principal and there I went to certificates & secrets I see it has not created new secret.

Well, actually the command New-AzADSpCredential did create a new secret for you. Firstly, you need to know the relationship between App Registration(AD App) and Service principal, see Application and service principal objects in Azure Active Directory.

In short, the service principal is the local representation for the AD App in a specific tenant. When you create the secret for the service principal, it will not appear in the Certificates & secrets blade, you can just get it with Get-AzADSpCredential.

If you want to reset the secret that you can find in the portal, you need to reset the sceret for the AD App(i.e. App Registration) via Remove-AzADAppCredential and New-AzADAppCredential.

You could refer to the sample below, it resets a secret with value ce96a0ed-5ae8-4a5a-9b3c-630da9ea3023, it is valid for one year, you can find it in the portal.

$obj = (Get-AzADApplication -DisplayName joyappv2).ObjectId
Remove-AzADAppCredential -ObjectId $obj -Force
$azurePassword = ConvertTo-SecureString "ce96a0ed-5ae8-4a5a-9b3c-630da9ea3023" -AsPlainText -Force
$date = Get-Date
$newCredential = New-AzADAppCredential -ObjectId $obj -Password $azurePassword -StartDate $date -EndDate $date.AddYears(1)

Note: You could not get the secret value again after creating it, so please store it when creating.