Remove-MsolServicePrincipalCredential

Removes a credential key from a service principal.

Syntax

Remove-MsolServicePrincipalCredential
      -ObjectId <Guid>
      -KeyIds <Guid[]>
      [-TenantId <Guid>]
      [<CommonParameters>]
Remove-MsolServicePrincipalCredential
      -KeyIds <Guid[]>
      -ServicePrincipalName <String>
      [-TenantId <Guid>]
      [<CommonParameters>]
Remove-MsolServicePrincipalCredential
      -KeyIds <Guid[]>
      -AppPrincipalId <Guid>
      [-TenantId <Guid>]
      [<CommonParameters>]

Description

The Remove-MsolServicePrincipalCredential cmdlet removes a credential key from a service principal in the case of a compromise or as part of credential key rollover expiration. The service principal is identified by supplying either the object ID, application ID, or service principal name (SPN). The credential to be removed is identified by its key ID.

Examples

Example 1: Remove a credential from a service principal

PS C:\> Remove-MsolServicePrincipalCredential -KeyIds @("aaaaaaaa-0b0b-1c1c-2d2d-333333333333") -ServicePrincipalName "MyApp2/myApp.com"

This command removes a credential key from a service principal. In this example, the key ID aaaaaaaa-0b0b-1c1c-2d2d-333333333333 is removed from the service principal associated with the service principal name MyApp2/myApp.com. To show a list of key IDs associated with a service principal, use the Get-MsolServicePrincipalCredential cmdlet.

Parameters

-AppPrincipalId

Specifies the application ID of the service principal from which to remove the credential.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-KeyIds

Specifies an array of unique IDs of credential keys to remove. The key IDs for a service principal can be obtained by using the Get-MsolServicePrincipalCredential cmdlet.

Type:Guid[]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

Specifies the unique object ID of the service principal from which to remove the credential.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ServicePrincipalName

Specifies the name of the service principal from which to remove the credential. An SPN must use one of the following formats:

  • appName
  • appName/hostname
  • a valid URL

AppName represents the name of the application. Hostname represents the URI authority for the application.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-TenantId

Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False