Home » Office 365 » New-MsolServicePrincipal – Creates a Service Principal

New-MsolServicePrincipal – Creates a Service Principal

The New-MsolServicePrincipal cmdlet in PowerShell adds a service principal to Microsoft Office 365. A service principal can be used to represent a Line of Business (LOB) application or an on-premises server such as Microsoft Exchange, SharePoint, or Lync in Microsoft Azure Active Directory as service principal objects.

The syntax to create a new service principal in Azure Active Directory is given below.

New-MsolServicePrincipal
   [-ServicePrincipalNames <String[]>]
   [-AppPrincipalId <Guid>]
   -DisplayName <String>
   [-AccountEnabled <Boolean>]
   [-Addresses <RedirectUri[]>]
   [-Type <ServicePrincipalCredentialType>]
   [-Value <String>]
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-Usage <ServicePrincipalCredentialUsage>]
   [-TenantId <Guid>]
   [<CommonParameters>]

In this article, we will discuss how to use the New-MsolServicePrincipal cmdlet in PowerShell to create a new service principal in Office 365.

How to Create a Service Principal in Office 365

To create a service principal in Office 365, use the New-MsolServicePrincipal cmdlet with the -ServicePrincipalNames and the -DisplayName parameters.

The -ServicePrincipalNames parameter is used to specify a list of service principal names (SPNs) associated with the service principal. An SPN must use one of the following formats:

  • appName
  • appName/hostname
  • a valid URL

The -DisplayName parameter specifies the friendly name of the service principal.

New-MsolServicePrincipal -ServicePrincipalNames @("ShellGeekApp/ShellApp.com") -DisplayName "ShellGeek App"  

This command creates a service principal name with the name “ShellGeekApp/ShellApp.com“, and the display name “ShellGeek App“. It uses the auto-generated 256-bit symmetric key to verify the application. This key is valid for a year from its date of creation.

Create Service Principal in Azure Active Directory
Create Service Principal in Azure Active Directory

The New-MsolServicePrincipal cmdlet creates a service principal in Azure Active Directory and returns the following service principal that contains the following information.

  • DisplayName: The friendly name of the service principal.
  • ObjectId: The unique ID of the service principal.
  • ServicePrincipalNames: The list of service principal names (SPNs)
  • AppPrincipalId: The application ID of the service principal.
  • TrustedForDelagation: The value indicating if the service principal is allowed for delegation.
  • AccountEnabled: The value indicating if the account is enabled.
  • KeyId: The unique ID of the key.
  • StartDate: The start date of the credential usage.
  • EndDate: The end date of the credential usage.
  • Usage: If the credential is used to sign or verify a token.

Conclusion

I hope the above article on how to use the New-MsolServicePrincipal cmdlet in PowerShell to create a service principal is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Related Links

Get-MsolServicePrincipal

Remove-MsolServicePrincipal

Set-MsolServicePrincipal