How to resolve error related to Set-AzureRmKeyVaultAccessPolicy

19 Jan, 2019

There is this msdn document – Creating a local PFX copy of App Service Certificate

When you use this document and run the “Export-AppServiceCertificate” command with all proper parameter values passed , it throws this error:

Set-AzureRmKeyVaultAccessPolicy : Cannot find the Active Directory object ” in tenant ‘cfe3dr3rd4d-dd32dwe-3d3d34c5515e61’. Please make sure that the user or application service principal you are authorizing is registered in the current subscription’s Azure Active
directory. The TenantID displayed by the cmdlet ‘Get-AzureRmContext’ is the current subscription’s Azure Active directory.
At line:49 char:1
+ Set-AzureRmKeyVaultAccessPolicy -ResourceGroupName $keyVaultResourceG …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmKeyVaultAccessPolicy], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultAccessPolicy

Solution:

The script is passing the $loginId value to UserPrincipalName and we expect it to work but that is not the right one. You can find the right Azure AD user using the below command:

> Get-AzureRmADUser

IF you know your users display name then use this command-
>Get-AzureRmADUser -DisplayName "Subodh Dubey"

It will provide the right UserPrincipalName to be passed into the script.

How to resolve error related to Set-AzureRmKeyVaultAccessPolicy

Tools required to install to work with AWS EKS cluster

OAuth 2.0 Client Credentials Grant type flow

Creating custom Terraform providers and extending Terraform’s functionality

An introduction to Terraform and its use cases

Working and investigating issues with AWS ECS containers

What is Docker and how can I use it

Tag to a previous commit in a Git repository that you have cloned locally