Export (0) Print
Expand All
Expand Minimize

Get-MsolServicePrincipalCredential

Published: April 18, 2013

Updated: September 17, 2014

Applies To: Azure, Office 365, Windows Intune

noteNote
  • This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Microsoft Azure Active Directory for identity and directory services.

  • The Microsoft Azure Active Directory Module for Windows PowerShell cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Get-MsolServicePrincipalCredential cmdlet can be used to retrieve a list of credentials associated with a service principal.

Get-MsolServicePrincipalCredential -ObjectId <Guid> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]
Get-MsolServicePrincipalCredential -ServicePrincipalName <string> [-AppPrincipalId <Guid>] [-TenantId <Guid>] [<CommonParameters>]

    -AppPrincipalId <Guid>
        The application ID associated with the service principal credentials 
        to retrieve.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -ObjectId <Guid>
        The object ID associated with the service principal credentials to 
        retrieve.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ServicePrincipalName <string>
        The unique name of the service principal to retrieve credentials from.
        An SPN must use one of the following formats "appName" or 
        "appName/hostname" or be a valid URL.  AppName represents the name of 
        the application and hostname represents the URI authority for the 
        application.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer, PipelineVariable, and OutVariable. For more information, 
    see 
        about_CommonParameters 
    (http://go.microsoft.com/fwlink/?LinkID=113216).

Output is provided by Microsoft.Online.Administration.ServicePrincipalCredential. The output retrieves the list of credentials associated with a service principal. Each service principal contains the following information:

  • Type - The type of service principal credential (Asymmetric/Symmetric/Password)

  • Value - The value of the credential. If the credential type is certificate, this represents the base 64 encoded certificate. If credential type is symmetric, it represents an AES key

  • KeyGroupId - The identifier reserved for internal use

  • KeyId - The unique identifier of the key

  • StartDate - The effective start date of the credential usage

  • EndDate - The effective end date of the credential usage

  • Usage - Specifies if the credential is used to "sign" or "verify" a token

The following command will retrieve all of the credential properties (but not the credential value) associated with the service principal name (SPN) "MyApp/Contoso.com". An SPN must follow the format appClass/hostname, where appClass represents the application class ("MyApp") and hostname represents the hostname for the application (Contoso.com).

Get-MsolServicePrincipalCredential -ServicePrincipalName "MyApp/Contoso.com"

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft