Remove-MSGraphApplicationKeyCredential Function Bug #7
Replies: 3 comments
-
|
@spdoc thanks for this, and I didn't see it until now. I'll go and look into this and will update/fix it and let you know soon. Glad to see somebody has found these useful. |
Beta Was this translation helpful? Give feedback.
-
|
@spdoc I'm unable to reproduce the issue, testing in Windows PowerShell 5.1 and PowerShell 7.1.3. To setup this test, I did these steps: $Certificate = New-SelfSignedMSGraphApplicationCertificate -Subject jbTest-InitialCert
Export-Certificate -Cert $Certificate -FilePath $Home\Desktop\cert.cer #uploaded this to Azure AD manually/GUI
$App = @{
ApplicationId = '2cb9820b-2df4-401e-a2db-831e74734464'
TenantId = 'MyTenant.onmicrosoft.com'
Certificate = $Certificate
}
$TK = New-MSGraphAccessToken @App
$AppOID = '1395ca2e-e755-4bdc-a6d9-71510e1b9cca'
$PT1 = New-MSGraphPoPToken -ApplicationObjectId $AppOID -Certificate $Certificate
$NewCert = New-SelfSignedMSGraphApplicationCertificate -Subject jbTest-NewCert-willduplicate-in-AAD
Add-MSGraphApplicationKeyCredential -Certificate $NewCert -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1
Add-MSGraphApplicationKeyCredential -Certificate $NewCert -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1
Add-MSGraphApplicationKeyCredential -Certificate $NewCert -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1
Add-MSGraphApplicationKeyCredential -Certificate $NewCert -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1
Add-MSGraphApplicationKeyCredential -Certificate $NewCert -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1
#^ NewCert has now been added 5 times to Azure AD!In either Windows PowerShell or PowerShell core, here's what I get when I try to remove the certificate/keyCredential by Thumbprint: Remove-MSGraphApplicationKeyCredential -ApplicationObjectId $AppOID -AccessToken $TK -PoPToken $PT1 -CertificateThumbprint 3977168D9A4DCB8A423F10252AB13423F9EFD40C
WARNING: Multiple keyCredentials matching certificate thumbprint 3977168D9A4DCB8A423F10252AB13423F9EFD40C were found. List these with the command below, then re-run this command using -KeyId instead of -CertificateThumbprint:
New-MSGraphRequest -AccessToken <AccessTokenObject> -Request 'applications/0595db45-e755-4bdc-a6d9-71510e1b9cca' | select -expand keyCredentialsSo this confirms that |
Beta Was this translation helpful? Give feedback.
-
|
Only difference I have in my environment is I am not creating self signed certificates. I have certificates provided by our CA and that could be the reason I am not getting any value in variable $MatchingKeyCredentials.Count. Thanks for checking, its working fine for me as I have done some changes in your script. I will try with self signed certificate and let you know If I see any different results. |
Beta Was this translation helpful? Give feedback.
-
Can you check function of "Remove-MSGraphApplicationKeyCredential".
I used it and It gave error. some troubleshooting and I was able to fix it.
Instead of using $MatchingKeyCredentials.Count you may need to use $MatchingKeyCredentials.customKeyIdentifier.Count,
as $MatchingKeyCredentials.Count is always NULL and then even if Key is present it Error of "No Key found" gets printed.
Thank You for writing these great modules. You did awesome job. :-)
Beta Was this translation helpful? Give feedback.
All reactions