I have what I thought was a simple issue - I need to add users in my Azure AD Org to a role (“reader”) in the portal. This has proven to not be very simple… There seems to be something different in the powershell environment when the deploy process (“Run an Azure PowerShell Script”) runs. The service principal being used is a subscription owner in the portal and I have many other scripts in this process that are running just fine.
Here is the snippet from my script:
$PortalEmailArray = “[testemail1]”, “[testemail2]”
$AzureAccessGroup = “Reader”
$SubscriptionScope = “/subscriptions/#{AzureSubscriptionID}”
foreach ($email in $PortalEmailArray)
{
try
{
Write-Host "Adding $AzureAccessGroup access for $email…"
New-AzureRmRoleAssignment -SignInName $email -RoleDefinitionName $AzureAccessGroup -Scope $SubscriptionScope
Write-Host “Added $email to $AzureAccessGroup group in Azure portal…”
}
catch
{
Write-Host $_.Exception | Format-List -Force
}
}
Here is the error I get currently:
System.Collections.Generic.KeyNotFoundException: The provided information does not map to an AD object id.
at Microsoft.Azure.Commands.Resources.Models.ActiveDirectory.ActiveDirectoryClient.GetObjectId(ADObjectFilterOptions options)
at Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
at Microsoft.Azure.Commands.Resources.NewAzureRoleAssignmentCommand.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Here is the version of Powershell on my machine and the:
PSVersion 5.0.10586.494
And I have the Octopus.Action.Azure.UseBundledAzurePowerShellModules variable set to false so that this updated version of Powershell runs on the deploy server as well.
This command works in my powershell console and in the powershell console on the deploy machine when I RDP to it.
Any pointers or tips would be appreciated. Hopefuly, I’m just missing something silly…
David