Get-AzAutomationCredential can't read the password by calling GetNetworkCredential().Password

[COPM42]

Description

Script/Steps for Reproduction

The following script should get the password from an Automation Account but returns an error
Method invocation failed because [Microsoft.Azure.Commands.Automation.Model.CredentialInfo] does not contain a method named 'GetNetworkCredential'.

Note: Get-AzureRmAutomationCredential is working without any issues.

$SMTPCredential = Get-AzAutomationCredential -Name 'SMTP Relay - Azure SendGrid' -ResourceGroupName $automationAccountRG -AutomationAccountName $automationAccountName
$SMTPUsername = $SMTPCredential.UserName
$SMTPPassword = $SMTPCredential.GetNetworkCredential().Password

Module Version

Get-Module Az.Automation -ListAvailable

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Script     1.0.0      Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Get-AzAutomationJobOutputRecor...

Environment Data

Name                           Value
----                           -----
PSVersion                      6.1.2
PSEdition                      Core
GitCommitId                    6.1.2
OS                             Microsoft Windows 10.0.17134
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Debug Output

Sensitive data removed:

DEBUG: 12:28:37 - GetAzureAutomationCredential begin processing with ParameterSet 'ByName'.
DEBUG: 12:28:37 - using account id 'user@contoso.com'...
DEBUG: [Common.Authentication]: Authenticating using Account: 'user@contoso.com', environment: 'AzureCloud', tenant: 'xxxx'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/xxxxx/resourceGroups/xxxxxx/providers/Microsoft.Automation/automationAccounts/xxxxxxx/credentials/SMTP Relay - Azure SendGrid?api-version=2015-10-31

Headers:
x-ms-client-request-id        : a5fe31b9-8560-4fa4-a80c-b325f8988335
Accept-Language               : en-US

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-request-id               : 6c7d448c-4781-4a25-9f19-4b3048ce5121
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-ratelimit-remaining-subscription-reads: 11993
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-correlation-request-id   : 1a12b214-3fc1-4743-96b5-fa569b0b7a70
x-ms-routing-request-id       : FRANCESOUTH:20190206T112752Z:1a12b214-3fc1-4743-96b5-fa569b0b7a70
X-Content-Type-Options        : nosniff
Date                          : Wed, 06 Feb 2019 11:27:52 GMT

Body:
{
  "id": "/subscriptions/xxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.Automation/automationAccounts/xxxxxxx/credentials/SMTP Relay - Azure SendGrid",
  "name": "SMTP Relay - Azure SendGrid",
  "type": "Microsoft.Automation/AutomationAccounts/Credentials",
  "properties": {
    "userName": "xxxxxxx",
    "description": "",
    "creationTime": "2017-03-24T11:22:54.63+01:00",
    "lastModifiedTime": "2017-03-24T11:22:54.63+01:00"
  }
}


DEBUG: AzureQoSEvent: CommandName - Get-AzAutomationCredential; IsSuccess - True; Duration - 00:00:01.0415193; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 12:28:39 - GetAzureAutomationCredential end processing.
DEBUG: 12:28:39 - GetAzureAutomationCredential end processing.
Method invocation failed because [Microsoft.Azure.Commands.Automation.Model.CredentialInfo] does not contain a method named 'GetNetworkCredential'.
At line:3 char:1
+ $SMTPPassword = $SMTPCredential.GetNetworkCredential().Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound

[maddieclayton]

@vrdmr Can you take a look at this issue?

[jstexasdba]

Is there going to be an update on this one? I just used the most recent release and this failure is still occurring.

[andyw248]

By design. Runbooks should retrieve passwords from a credential shared resource by using Get-AutomationCredential.

[jusnitlive]

I don't understand why this issue was closed.
Get-AzureAutomationCredential is being deprecated and none of the RM and Az commandlets return a credential object. How are you planning to handle this before 1/23?

"This PowerShell command for Azure Automation will no longer be supported on 01/23/2020. The Azure Service Management model is deprecated for Azure Automation, and will be disabled on that date. Please use the commands which support the Azure Resource Management model in Az.Automation."

https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure/get-azureautomationcredential?view=azuresmps-4.0.0

[zjalexander]

Get-AutomationPsCredential is not the same as Get-AzureAutomationCredential. https://docs.microsoft.com/en-us/azure/automation/shared-resources/credentials#activities
(edit: changing the name to be correct as @rkyttle points out below)/

[rkyttle]

I think a lot of the confusion here comes from the fact that there are multiple cmdlets with very similar names. I am not finding a cmdlet called Get-AutomationCredential as Zachary is mentioning above, but I do see Get-AutomationPSCredential which is listed in the article that he linked to.

Here is a really simple example that I put together that uses an Azure AD Service Principal as the identity to login with. I created the Service Principal in my Azure AD and assigned it a key to allow it to sign in. I then created a Credential resource inside my Automation Account and stored the Service Principal's app id and its key as a username and password.

I also created a Variable resource to store my Azure AD Tenant ID. I am using Get-AutomationPSCredential and Get-AutomationVariable to pull these values into my PowerShell script and then using them to login to Azure.

$pscred = Get-AutomationPSCredential -Name "AzureCredential"
$tenant = Get-AutomationVariable -Name 'AzureTenantId'
Connect-AzAccount -ServicePrincipal -Credential $pscred -TenantId $tenant
Get-AzResourceGroup

[zjalexander]

Yes, I should I have said Get-AutomationPSCredential , thanks!

[csanghavi]

I still need password. Think about requiring a password in the connection string to connect to SQL Server database.