A better way to create a principal for VSTS
Switch branches/tags
Nothing to show
Clone or download
olandese Merge pull request #1 from pascalnaber/master
Updates to creation of service principal and resourcegroups
Latest commit ab5f373 Feb 14, 2018

README.md

vsts-azure-principal

See my blog post

NOTE: If the principal (application name) already exists then the password will not be updated.

Parameters Sets examples

CreateVSTSPrincipalOnly

Create only an Azure AD Application/Principal without any role grant:

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force)

CreateVSTSPrincipalWithExistingResourceGroups

Create an Azure AD Application/Principal and grants the Role on the specified existing Resource Groups (if the Resource Groups do not exists no error will be thrown, they will just be ignored):

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force) -resourceGroupNames "ResourceGroupName1","ResourceGroupName2","etc"

CreateVSTSPrincipalAndResourceGroups

Create an Azure AD Application/Principal and the specified Resource Groups at the provided location, grants the Role to the Resource Groups:

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force) -resourceGroupNames "ResourceGroupName1","ResourceGroupName2","etc" -createResourceGroups -location "West Europe"

CreateVSTSPrincipalAndResourceGroups with Active Directory Groups

Create an Azure AD Application/Principal and the specified Resource Groups at the provided location, grants the Role to the Resource Groups. Also grants the AD groups to the Resource Groups:

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force) -resourceGroupNames "ResourceGroupName1","ResourceGroupName2","etc" -adGroupNames "AdGroupName1", "AdGroupName2", "etc" -createResourceGroups -location "West Europe"

CreateVSTSPrincipalSubscriptionLevel

Create an Azure AD Application/Principal and grants the Role at subscription level:

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force) -grantRoleOnSubscriptionLevel

Password expiration

The default value for the password expiration is 1/1/2099 1:00 AM, you can provide another value like this (in the following example I'm using the CreateVSTSPrincipalOnly paramter set, you can use it with all the calls) :

.\createservicesprincipal.ps1 -subscriptionName "The Subscription Name" -applicationName "TheApplicationName" -password (ConvertTo-SecureString –String "ThePassword" -AsPlainText -Force) -passwordExpirationDateTime (Get-Date "1/1/2020 1:00 AM")