Published: April 18, 2013
Updated: September 17, 2014
Applies To: Azure, Office 365, Windows Intune
The Get-MsolServicePrincipalCredential cmdlet can be used to retrieve a list of credentials associated with a service principal.
-AppPrincipalId <Guid> The application ID associated with the service principal credentials to retrieve. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -ObjectId <Guid> The object ID associated with the service principal credentials to retrieve. Required? true Position? named Default value Accept pipeline input? true (ByPropertyName) Accept wildcard characters? false -ServicePrincipalName <string> The unique name of the service principal to retrieve credentials from. An SPN must use one of the following formats "appName" or "appName/hostname" or be a valid URL. AppName represents the name of the application and hostname represents the URI authority for the application. Required? true Position? named Default value Accept pipeline input? true (ByPropertyName) Accept wildcard characters? false -TenantId <Guid> The unique ID of the tenant to perform the operation on. If this is not provided, then the value will default to the tenant of the current user. This parameter is only applicable to partner users. Required? false Position? named Default value Accept pipeline input? true (ByPropertyName) Accept wildcard characters? false <CommonParameters> This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
Output is provided by Microsoft.Online.Administration.ServicePrincipalCredential. The output retrieves the list of credentials associated with a service principal. Each service principal contains the following information:
Type - The type of service principal credential (Asymmetric/Symmetric/Password)
Value - The value of the credential. If the credential type is certificate, this represents the base 64 encoded certificate. If credential type is symmetric, it represents an AES key
KeyGroupId - The identifier reserved for internal use
KeyId - The unique identifier of the key
StartDate - The effective start date of the credential usage
EndDate - The effective end date of the credential usage
Usage - Specifies if the credential is used to "sign" or "verify" a token
The following command will retrieve all of the credential properties (but not the credential value) associated with the service principal name (SPN) "MyApp/Contoso.com". An SPN must follow the format appClass/hostname, where appClass represents the application class ("MyApp") and hostname represents the hostname for the application (Contoso.com).
Get-MsolServicePrincipalCredential -ServicePrincipalName "MyApp/Contoso.com"
There are several other places you can get more information and help. These include:
Other ResourcesManage Azure Active Directory by using Windows PowerShell