Forum Discussion

Dodge-1350's avatar
Dodge-1350
Brass Contributor
Apr 13, 2021

Azure Automation - Hybrid Worker - Connect-Azure AD

Is there a way to use Connect-AzureAD in Azure Automation when integrating a hybrid worker?  I have tried multiple ways to try to get it to work and have had zero success.  What is best practice for ...
Automation & Control
Dodge-1350's avatar
Dodge-1350
Brass Contributor
Apr 14, 2021

hspinto - I tried that along with many other methods known to work in Azure Automation.  For your information, this is what I receive when I attempt to run that:

 

Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

 

So, based upon your comments and the error, maybe I do need to install the AzureADPreview module on the hybrid worker.  Do you have any information on how that is done?  A reference to the documentation that explains the steps necessary to get it done right and efficiently?  Google is good, but 100 links to pour over to find a solution to a Microsoft installation issue is a bit much to have to pour over and determine efficacy.  Any help with the documentation to get that done would be appreciated.

hspinto's avatar
hspinto
Icon for Microsoft rankMicrosoft
Apr 14, 2021

Dodge-1350, yes, the error you're getting means you don't have the required module installed. You just have to run Install-Module -Name AzureADPreview from an elevated PowerShell in your Hybrid Worker. You can find instructions here.

  • Dodge-1350's avatar
    Dodge-1350
    Brass Contributor
    Apr 15, 2021
    That registration of the module in the hybrid runbook worker appears to have worked properly and we are past that error, which then lead us to the next error:

    Connect-AzureAD : CertificateNotFoundInStore At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], ArgumentException + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

    Apparently the hybrid runbook worker can't see the certificate associated with the service principal? Do we have to register the certificate too on the hybrid runbook worker?

    Failing line: Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –ApplicationId $servicePrincipalConnection.ApplicationId –CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint

    This code works perfectly well if run within the Azure Automation side of things, but running it in the hybrid runbook worker generates that error.
    • Dodge-1350's avatar
      Dodge-1350
      Brass Contributor
      Apr 15, 2021
      Pretty sure this is the reference to get the AzureRunAsConnection involved in the action:

      https://docs.microsoft.com/en-us/azure/automation/automation-hrw-run-runbooks

      Please let me know if you know of other references for it or any additional issues that could result from missing modules in the hybrid runbook worker.
      • Dodge-1350's avatar
        Dodge-1350
        Brass Contributor
        Apr 16, 2021

        Dodge-1350 - Yeah, the link to register the certificate on the hybrid runbook worker was the key, once you install the certificate, the call to Connect-AzureADPreview works as expected.

  • Dodge-1350's avatar
    Dodge-1350
    Brass Contributor
    Apr 15, 2021

    hspinto - perfect, thank you very much for your help and experience.  Much appreciated!

Resources