Using Service Principal Identity to List AD Roles

45 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you are tasked with gathering the role definitions and role assignments for your organization. You do not have access to the portal, so you must collect this information via SSH connection, by using a Linux VM and a service principal. Once access to the Azure subscription has been gained, use the Azure CLI to collect the required information, and output to a file so you can email it to your manager.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Log in to Azure using the Service Principal
  1. Once connected to the Linux VM, perform the az login command with the --service-principal flag to login to the Azure account.
List the Role Definitions and Role Assignments
  1. Enter the Azure CLI command to list the role definitions and output to a file named roleinfo.json.
  2. Enter the Azure CLI command to list the role assignments and append the output to the same file.

Additional Resources

You have been given login credentials to a Linux VM and a service principal. Connect to the VM with the credentials, and using the service principal, access the Azure subscription.

Please use the credentials of the 'Service Principal' as provided in the credentials section, the 'Azure portal Account' credentials will not work.

Once you have gained access to the Azure subscription, perform the steps listed in the objectives to complete this hands-on lab.

NOTE: To get your own Tenant ID, search for Tenant properties in the Azure portal. The value will be under the Tenant ID field. Please wait about 2 minutes before connecting via ssh to give the lab time to fully provision.

HELP! Recieving a command error about invalid arguments?

We are aware of an issue with this lab where you may receive the error message argument --password/-p: expected one argument when attempting to run the az login command. This can occur when the Service Principal's Client Secret begins with a hyphen character ( - ). This is a related to a known issue with the Azure CLI. We are working to implement a workaround for this issue.

If you receive this error, you can add a space to the beginning Client Secret, which will allow the command to run. For example, if the Client Secret generated for your Hands-On Lab were -aBc123dEf456gHi789jKl-012mNo345pQ, when entering the command you would write it as " -aBc123dEf456gHi789jKl-012mNo345pQ".

If this does not work, cancel and restart the lab. If you experience any other issues, please contact our friendly support team who can investigate further.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?