Skip to content

Commit 4ef580c

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #15784 from ronmiab/rb-rotate-secret
Added new section for ARB SPN per PM request
2 parents 24fdb41 + 3885643 commit 4ef580c

File tree

1 file changed

+27
-2
lines changed

1 file changed

+27
-2
lines changed

azure-stack/hci/manage/manage-secrets-rotation.md

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,10 @@ Use the PowerShell cmdlet `Set-AzureStackLCMUserPassword` to rotate the`AzureSta
2222
> [!NOTE]
2323
> When you run `Set-AzureStackLCMUserPassword`, the cmdlet only updates what was previously changed in Active Directory.
2424
25-
2625
### PowerShell cmdlet and properties
2726

2827
The `Set-AzureStackLCMUserPassword` cmdlet takes the following parameters:
2928

30-
3129
|Parameter|Description |
3230
|---------|---------|
3331
|`Identity` | Username of the user whose password you want to change. |
@@ -96,6 +94,33 @@ Follow these steps in to change the deployment service principal:
9694
Update-ServicePrincipalName -AppId <appID> -SecureSecretText $secretText
9795
```
9896
97+
## Change ARB service principal secret
98+
99+
This section describes how you can change the service principal used for Azure resource bridge created during deployment.
100+
101+
Follow these steps in to change the deployment service principal:
102+
103+
1. Sign on to your Microsoft Entra ID.
104+
105+
2. Locate the service principal for Azure resource bridge. The name of the service principal includes **DefaultARBApplication**.
106+
107+
3. Create a new client secret for the service principal.
108+
109+
4. Make a note of the `appID` for the existing service principal and the new `<client secret>`.
110+
111+
5. Sign on to one of your Azure Stack HCI server nodes using the deployment user credentials.
112+
113+
6. Run the following PowerShell command:
114+
115+
```powershell
116+
$SubscriptionId= "<Subscription ID>"
117+
$TenantId= "<Tenant ID>"
118+
$AppId = "<Application ID>"
119+
$secretText= "<Client secret>"
120+
$NewPassword = ConvertTo-SecureString -String $secretText -AsPlainText -Force
121+
Set-AzureStackRPSpCredential -SubscriptionID $SubscriptionId -TenantID $TenantId -AppId $AppId -NewPassword $NewPassword
122+
```
123+
99124
## Next steps
100125
101126
- [Complete the prerequisites and checklist and install Azure Stack HCI, version 23H2](../deploy/deployment-prerequisites.md).

0 commit comments

Comments
 (0)