There is this msdn document – Creating a local PFX copy of App Service Certificate

When you use this document and run the “Export-AppServiceCertificate” command with all proper parameter values passed , it throws this error:

Set-AzureRmKeyVaultAccessPolicy : Cannot find the Active Directory object ” in tenant ‘cfe3dr3rd4d-dd32dwe-3d3d34c5515e61’. Please make sure that the user or application service principal you are authorizing is registered in the current subscription’s Azure Active
directory. The TenantID displayed by the cmdlet ‘Get-AzureRmContext’ is the current subscription’s Azure Active directory.
At line:49 char:1
+ Set-AzureRmKeyVaultAccessPolicy -ResourceGroupName $keyVaultResourceG …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmKeyVaultAccessPolicy], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultAccessPolicy



The script is passing the $loginId value to UserPrincipalName and we expect it to work but that is not the right one. You can find the right Azure AD user using the below command:

> Get-AzureRmADUser

IF you know your users display name then use this command-
>Get-AzureRmADUser -DisplayName "Subodh Dubey"

It will provide the right UserPrincipalName to be passed into the script.