16 December 2015

SharePoint Online - How to remove a service principal name from service principal

Today I was configuring server to server authentication between SharePoint 2013 Azure and SharePoint Online. I was following the steps from this MSDN URL -

https://technet.microsoft.com/en-us/library/dn197169.aspx

Everything went on fine until I executed following commands -

$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns

I got following error in the last command -

Set-MsolServicePrincipal : Uniqueness violation. Property: ServicePrincipalNames.
At line:1 char:1
+ Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Set-MsolServicePrincipal], MicrosoftOnlineException
    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UniquenessValidationException,Microsoft.Onlin
   e.Administration.Automation.SetServicePrincipal


I checked the values of existing Msol Service Principal with the help of following commands - 

$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns

The output was in this format - 

00000003-0000-0ff1-ce00-000000000000/*.mydomain.com
00000003-0000-0ff1-ce00-000000000000/*.sharepoint.com
00000003-0000-0ff1-ce00-000000000000

I immediately found the problem. I was trying to add "*.mydomain.com" again to the service principal and it was already existing. I realized that I had added it earlier on a different server using a different certificate. But since that certificate was no longer valid, I have to re-register it with a new certificate but with same domain name. 

Searched a lot on internet but was not able to find how to remove a service principal name from a service principal.

Finally I found the solution in my original commands.

$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns

If you see these commands, I am adding my service principal name in service principal using

$spns.Add("$spoappid/$spcn")

Since this is a generic list, all I have to do is remove the same service principal name from generic list and again update the service principal.

$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Remove("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns

That's it. Simple and elegant solution. But spent quite some time figuring it out.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)