Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retrieving list of tenants using Get-AzTenant when using a serviceprincipal #24730

Open
syspro-chrisvogt opened this issue Apr 23, 2024 · 2 comments
Open

Retrieving list of tenants using Get-AzTenant when using a serviceprincipal #24730

syspro-chrisvogt opened this issue Apr 23, 2024 · 2 comments
Labels
customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@syspro-chrisvogt
Copy link

Description

When logging in interactively Get-AzTenant returns a list of tenants to which the respective logon has access (although it may not currently be logged into the other tenants). When doing the same when connected using a service principal with the same permissions and list of tenants to which it is a member it only returns the current tenant connected with. If you connect to a number of tenants using the service principal you still only see a single tenant when calling Get-AzTenant.

I'm not 100% sure if this is a bug, so am asking this as a question as to how you can retrieve the list of tenants?

Script or Debug output

Connect-AzAccount -TenantId aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
Get-AzTenant
{returns list of tenants}

$appId = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
$tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
$secret= ConvertTo-SecureString "cccccccccccccccccccccccccccccccccccccccc" -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential ($appId, $secret)
Connect-AzAccount -Credential $credentials -TenantId $tenantId -ServicePrincipal
Get-AzTenant
{returns single tenant}

Environment data

PS C:\Users\ChrisV> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.2
PSEdition                      Core
GitCommitId                    7.4.2
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

PS C:\Users\ChrisV> Get-Module Az.Accounts

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.17.0                Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzConte

Error output

No error output
@syspro-chrisvogt syspro-chrisvogt added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Apr 23, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team. and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Apr 23, 2024
@Alex-wdy
Copy link
Contributor

@syspro-chrisvogt Do you have any specific scenarios to use this? Or inconvenient when using it. Because currently this is by design.

@syspro-chrisvogt
Copy link
Author

Hi @Alex-wdy

My current use case is that I am trying to return the list of reservations expiring within a certain number of days. Unfortunately, you must connect to each tenant to do this and cannot use Lighthouse. What I have written thus far gets the list of tenants (dynamically) and returns this information from each tenant. This works when logging in interactively, but is a pain as there are dozens of tenants each requiring MFA etc. The next logical step is to use a service principal, but then the behaviour of Get-AzTenant is different and inconsistent compared to connecting interactively.

With Get-AzTenant not returning the list of "available" tenants I will need to hardcode or look this up elsewhere, and this lookup (wherever it is) will now need to be maintained too. By extension, for reporting purposes, because it does not return the tenant name, the output is not in a user-friendly format. Again, this can be looked up elsewhere. This just means that things can be missed (if the lookup itself is not maintained).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@syspro-chrisvogt @Alex-wdy