Forum Discussion

Dodge-1350's avatar
Dodge-1350
Brass Contributor
Apr 13, 2021

Azure Automation - Hybrid Worker - Connect-Azure AD

Is there a way to use Connect-AzureAD in Azure Automation when integrating a hybrid worker?  I have tried multiple ways to try to get it to work and have had zero success.  What is best practice for ...
Automation & Control
hspinto's avatar
hspinto
Icon for Microsoft rankMicrosoft
Apr 14, 2021

Dodge-1350, when using a Hybrid Worker to connect to Azure resources, the easiest way is to use the Run As Account certificate associated with the Automation Account. You must install first the certificate in the Hybrid Worker, by following the steps detailed here. Then you call Connect-AzureAD by using the certificate thumbprint, like this:

 

Connect-AzureAD -Tenant <TenantID> -ApplicationId <ApplicationID> -CertificateThumbprint <CertificateThumbprint>

 

Don't forget to install the AzureADPreview module in the Hybrid Worker.

 

Hope this helps.

  • Dodge-1350's avatar
    Dodge-1350
    Brass Contributor
    Apr 14, 2021

    hspinto - I tried that along with many other methods known to work in Azure Automation.  For your information, this is what I receive when I attempt to run that:

     

    Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

     

    So, based upon your comments and the error, maybe I do need to install the AzureADPreview module on the hybrid worker.  Do you have any information on how that is done?  A reference to the documentation that explains the steps necessary to get it done right and efficiently?  Google is good, but 100 links to pour over to find a solution to a Microsoft installation issue is a bit much to have to pour over and determine efficacy.  Any help with the documentation to get that done would be appreciated.

    • hspinto's avatar
      hspinto
      Icon for Microsoft rankMicrosoft
      Apr 14, 2021

      Dodge-1350, yes, the error you're getting means you don't have the required module installed. You just have to run Install-Module -Name AzureADPreview from an elevated PowerShell in your Hybrid Worker. You can find instructions here.

      • Dodge-1350's avatar
        Dodge-1350
        Brass Contributor
        Apr 15, 2021
        That registration of the module in the hybrid runbook worker appears to have worked properly and we are past that error, which then lead us to the next error:

        Connect-AzureAD : CertificateNotFoundInStore At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], ArgumentException + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

        Apparently the hybrid runbook worker can't see the certificate associated with the service principal? Do we have to register the certificate too on the hybrid runbook worker?

        Failing line: Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –ApplicationId $servicePrincipalConnection.ApplicationId –CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint

        This code works perfectly well if run within the Azure Automation side of things, but running it in the hybrid runbook worker generates that error.

Resources