以用户身份使用 PowerShell 连接到 Azure Stack HubConnect to Azure Stack Hub with PowerShell as a user

可以使用 PowerShell 连接到 Azure Stack Hub 以管理 Azure Stack Hub 资源。You can connect to Azure Stack Hub with PowerShell to manage Azure Stack Hub resources. 例如,可以使用 PowerShell 来订阅产品/服务、创建虚拟机 (VM) 和部署 Azure 资源管理器模板。For example, you can use PowerShell to subscribe to offers, create virtual machines (VMs), and deploy Azure Resource Manager templates.

若要进行设置,请执行以下操作:To get setup:

  • 确保满足要求。Make sure you have the requirements.
  • 与 Azure Active Directory (Azure AD) 或 Active Directory 联合身份验证服务 (AD FS) 连接。Connect with Azure Active Directory (Azure AD) or Active Directory Federation Services (AD FS).
  • 注册资源提供程序。Register resource providers.
  • 测试连接。Test your connectivity.

使用 PowerShell 进行连接的先决条件Prerequisites to connecting with PowerShell

如果已通过 VPN 建立连接,请通过开发工具包或基于 Windows 的外部客户端配置这些先决条件:Configure these prerequisites from the development kit, or from a Windows-based external client if you're connected through VPN:

确保将以下脚本变量替换为 Azure Stack Hub 配置中的值:Make sure you replace the following script variables with values from your Azure Stack Hub configuration:

  • Azure AD 租户名称Azure AD tenant name
    用于管理 Azure Stack Hub 的 Azure AD 租户名称。The name of your Azure AD tenant used to manage Azure Stack Hub. 例如,yourdirectory.partner.onmschina.cn。For example, yourdirectory.partner.onmschina.cn.
  • Azure 资源管理器终结点Azure Resource Manager endpoint
    对于 Azure Stack 开发工具包,此值设置为 https://management.local.azurestack.externalFor Azure Stack Development kit, this value is set to https://management.local.azurestack.external. 若要为 Azure Stack Hub 集成系统获取此值,请与服务提供商联系。To get this value for Azure Stack Hub integrated systems, contact your service provider.

使用 Azure AD 连接到 Azure Stack HubConnect to Azure Stack Hub with Azure AD

    Add-AzureRMEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"
    # Set your tenant name
    $AuthEndpoint = (Get-AzureRmEnvironment -Name "AzureStackUser").ActiveDirectoryAuthority.TrimEnd('/')
    $AADTenantName = "<myDirectoryTenantName>.partner.onmschina.cn"
    $TenantId = (invoke-restmethod "$($AuthEndpoint)/$($AADTenantName)/.well-known/openid-configuration").issuer.TrimEnd('/').Split('/')[-1]

    # After signing in to your environment, Azure Stack Hub cmdlets
    # can be easily targeted at your Azure Stack Hub instance.
    Add-AzureRmAccount -EnvironmentName "AzureStackUser" -TenantId $TenantId

使用 AD FS 连接到 Azure Stack HubConnect to Azure Stack Hub with AD FS

# Register an Azure Resource Manager environment that targets your Azure Stack Hub instance
Add-AzureRMEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"

# Sign in to your environment
Login-AzureRmAccount -EnvironmentName "AzureStackUser"

注册资源提供程序Register resource providers

不会自动为没有通过门户部署任何资源的新用户订阅自动注册资源提供程序。Resource providers aren't automatically registered for new user subscriptions that don't have any resources deployed through the portal. 可以通过运行以下脚本显式注册资源提供程序:You can explicitly register a resource provider by running the following script:

foreach($s in (Get-AzureRmSubscription)) {
        Select-AzureRmSubscription -SubscriptionId $s.SubscriptionId | Out-Null
        Write-Progress $($s.SubscriptionId + " : " + $s.SubscriptionName)
Get-AzureRmResourceProvider -ListAvailable | Register-AzureRmResourceProvider
    }

备注

AD FS 仅支持通过用户标识进行交互式身份验证。AD FS only supports interactive authentication with user identities. 如果需要凭据对象,则必须使用服务主体 (SPN)。If a credential object is required, you must use a service principal (SPN). 若要详细了解如何在设置服务主体时将 Azure Stack Hub 和 AD FS 作为标识管理服务,请参阅管理 AD FS 应用标识For more information on setting up a service principal with Azure Stack Hub and AD FS as your identity management service, see Manage an AD FS app identity.

测试连接Test the connectivity

完成所有设置后,请通过使用 PowerShell 在 Azure Stack Hub 中创建资源来测试连接。When you've got everything setup, test connectivity by using PowerShell to create resources in Azure Stack Hub. 作为测试,为应用程序创建资源组并添加 VM。As a test, create a resource group for an application and add a VM. 运行以下命令创建名为“MyResourceGroup”的资源组:Run the following command to create a resource group named "MyResourceGroup":

New-AzureRmResourceGroup -Name "MyResourceGroup" -Location "Local"

后续步骤Next steps