New-AzureRmRoleAssignment : Object reference not set to an instance of an object
Unable to assign role to user using New-AzureRmRoleAssignment command. When I run the above command its thronging an error as follows .
New-AzureRmRoleAssignment : Object reference not set to an instance of an object.
Can any one help to resole the issue.
To assign role to user successfully in the runbook, follow the steps below.
Note : The New-AzureRmRoleAssignment you used belongs to the old AzureRM, it was deprecated and will not be updated anymore. In my sample, I use the new Az command New-AzRoleAssignment, I also recommend you to use it.
1.Navigate to the subscription in the portal(you need to be Owner/User Access Administrator in the subscription) -> add the service principal of your automation RunAs account as an Owner/User Access Administrator(by default it will be added as Contributor when it was created, but Contributor have no permission to run New-AzRoleAssignment).
2.Navigate to the Azure Active Directory in the portal -> App registrations -> find the AD App of your RunAs Account and add the Directory.Read.All application permission in Azure Active Directory Graph(Not Microsoft Graph) like below, don't forget to click the Grant admin consent for xxx button at last(you need to be the admin role in your AAD tenant). The permission may take about 30 min to take effect.
3.Navigate to the automation account in the portal -> Modules -> make sure you have installed the Az.Accounts, Az.Resources modules, if not, go to Browse Gallery, search for the names, and install them.
4.Then in the runbook, use the script below, it works fine on my side. In my sample, I add the user as a Reader in the resource group joyRG, you can change it, it depends on your requirement.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$user = Get-AzADUser -UserPrincipalName [email protected]
New-AzRoleAssignment -ObjectId $user.id -ResourceGroupName joyRG -RoleDefinitionName Reader
- Automation Account Importing PowerShell Module Issue
- Trying to list all the certificates and secrets that are expired or going to expire in all applications
- Need to set up the e-mail notification for PowerShell runbook to send its output periodically/daily to the mail
- How do you access Azure runbook storage?
- Unable to retrieve key vault certificates in azure runbook
- How to call a python script from a logic app to parse and write data to an azure sql database
- Powershell script working in ISE, but not working in Azure Runbook
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Azure Devops pipeline throwing error while running powershell script - The string is missing the terminator: "
- Runbook Powershell Invoke-Sqlcmd SQL Server MI connection
- 'Catching' webhook event in Azure
- VS Code Azure Automation Runbook Python Packages not recognized
- How to check if a virtual machine is running using Python
- Creating Microsoft OnPremise User with Azure RunBook
- How to trigger a webhook after azure pipeline run completes
- Get Azure Automation Runbook Credential in Python
- Passing an array in an Invoke-AzureRmVMRunCommand parameter hash table not working
- Can't connect to managed identity with User Administrator role
- Attempting to create SQL Server resource using managed identity in a runbook gives forbidden result
- How can I retrieve output from Azure PowerShell child Runbook (7.2) started by 'Start-AutomationRunbook' from within parent Runbook (also 7.2)?
- Assigning "Desktop Virtualization User" role to users using Azure Runbook
- How to schedule runbook based on minutes in Azure automation Account
- Content of the Azure Runbook not getting updated when the content link referred to by the Terraform script is updated
- Using powershell to move azure runbooks and their webhooks to another automation account
- Certificate authentication to Graph API in Azure Automation Account
- Generate token in Azure RunBook
- Disable Auto-Scaling of an AKS Node pool via Azure Powershell
- Decrease Paramiko maximal request size
- How to trigger a run Book in azure automation account yearly once or twice
- How do I ensure a new Azure runbook with parameters is published on creation?