CloudShell icon indicating copy to clipboard operation
CloudShell copied to clipboard

Published 20 hours ago verified publisher icon Azure

[BUG] Connect-AzureAD not returning a working connection

Open timatlee opened this issue 2 years ago • 1 comments

To Reproduce

Deleted existing cloud shell storage account

Created new storage account.

Logged into Azure Cloud shell

Run:

import-module AzureAD.Standard.Preview
AzureAD.Standard.Preview\Connect-AzureAD -Identity -TenantID $env:ACC_TID

Account   Environment TenantId                             TenantDomain AccountType
-------   ----------- --------                             ------------ -----------
MSI@xxxxx AzureCloud  cc4eac7c-a9a3-47b4-b014-4a177c229a74              ManagedService

get-azureaddomain 
Get-AzureADDomain: Error occurred while executing GetDomains 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

Observed Behavior

After connecting, the get-azuread* set of cmdlets do not work.

PS /home/tim> get-azureaddomain 
Get-AzureADDomain: Error occurred while executing GetDomains 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

PS /home/tim> get-azureaduser   
Get-AzureADUser: Error occurred while executing GetUsers 
Code: Authentication_MissingOrMalformed
Message: Access Token missing or malformed.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed

Expected behavior

Get-AzureADDomain should return connected domains.

Get-AzureADUser should return users in the tenant.

Etc.

Is this specific to Cloud Shell?

It seems to be specific to Cloud Shell. However, when testing connectivity from my desktop, I observe that the AccountType is User, not ManagedService:

# Connect-AzureAD on my dekstop does not support the `-identity` parameter.
> connect-azuread


Account                       Environment TenantId                             TenantDomain AccountType
-------                       ----------- --------                             ------------ -----------
[email protected] AzureCloud  110c8ae9-30a5-431f-a1d8-827e3b7077d6 domain.com User

Please verify if the same issue can be reproduced by running the same tool outside Cloud Shell - for example, by installing it on your own computer. If so, it is likely to be a bug in that tool or in the Azure service it communicates with, not in Cloud Shell. Please file the issue with the appropriate project.

Interface information

https://admin.microsoft.com/Adminportal/Home?#/homepage in Edge on Windows 10.

Additional context

Add any other context about the problem here.

timatlee avatar Feb 02 '23 18:02 timatlee