The New-MsolServicePrincipalCredential cmdlet in PowerShell adds a new credential to a service principal in Microsoft Office 365. The service principal can be obtained using the Object ID, app principal ID, or service principal name (SPN).
The syntax to add a credential to a service principal is given below.
New-MsolServicePrincipalCredential
-ObjectId <Guid>
-ServicePrincipalName <String>
-AppPrincipalId <Guid>
[-Type <ServicePrincipalCredentialType>]
[-Value <String>]
[-StartDate <DateTime>]
[-EndDate <DateTime>]
[-Usage <ServicePrincipalCredentialUsage>]
[-TenantId <Guid>]
[<CommonParameters>]In this article, we will discuss how to use the New-MsolServicePrincipalCredential cmdlet in PowerShell to add a new credential to a service principal.
How to Add a Credential to a Service Principal
To add a credential to a service principal in Office 365, use the New-MsolServicePrincipalCredential cmdlet with the -ServicePrincipalName parameter.
The -ServicePrincipalName parameter specifies the name of the service principal to which to add the credential.
New-MsolServicePrincipalCredential -ServicePrincipalName "ShellGeek/ShellApp.com"
This command adds a credential or key to an existing service principal named “ShellGeek/ShellApp.com“. In this case, the symmetric key is generated for this credential and added to the service principal using the service principal name value of “ShellGeek/ShellApp.com“.
How to Add an Existing Credential to a Service Principal
To add an existing credential to a service principal, use the existing certificate with the New-MsolServicePrincipalCredential cmdlet.
# creates an instance of the X509Certificate classificate
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
# Import the X509Certificate
$Certificate.Import("C:\shellapp.cer")
# Retrieve the raw binary data of certificate
$BinCert = $Certificate.GetRawCertData()
# Converts the binary data of certificate to a Base64-encoded string
$CredValue = [System.Convert]::ToBase64String($binCert);
# Create a new service principal credential in Azure AD
New-MsolServicePrincipalCredential -ServicePrincipalName "ShellGeekApp/ShellApp.com" -Type asymmetric -Value $CredValue -StartDate $Certificate.GetEffectiveDateString() -EndDate $Certificate.GetExpirationDateString()
In the above PowerShell script, it adds the existing certificate named shellapp.cer to the service principal name value of “ShellGeekApp/ShellApp.com“.
How to Register an On-Premises Exchange Server
To register an on-premises Exchange Server, use the New-MsolServicePrincipalCredential cmdlet with the -AppPrincipalId, -Type, and -Value parameters.
The -AppPrincipalId parameter specifies the application ID of the service principal to which to add the credential. The -Type parameter specifies the type of credential used. The -Value parameter specifies the value of the credential.
New-MsolServicePrincipalCredential -AppPrincipalId -Type asymmetric -Value $CredValue
This command registers an on-premises Exchange Server so that communications between the Exchange Server and Microsoft Azure Active Directory services such as Office 365 occur. The -CredValue contains the base64 encoded public X509 certificate used to represent the on-premises Exchange server.
Conclusion
I hope the above article on the New-MsolServicePrincipalCredential cmdlet in PowerShell to add a credential key to a service principal is helpful to you.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.