Use AzureAD PowerShell cmdlets on VSTS agent

Today, I continued working on my custom VSTS extension that I will publish in the near future. In the extension I needed a way how to use AzureAD PowerShell cmdlets on VSTS agent because it isn’t installed by default.

Ship cmdlets in extension

Installing AzureAD cmdlets is not really that difficult. You just download the AzureAD cmdlets module from the PowerShell gallery and put them in your extension so they will be installed with your extension.

Importing the cmdlets

After you put the cmdlets as artifact in your extension, you need to import them. You can do this in example in your execution PowerShell file (in my case Main.ps1) with the following code:


After imported, you can use them. Of course you first need to login. Because we don’t want to hard code credentials in our extension, you will have to pass them to the Connect-AzureAD cmdlet. There are multiple ways on how to do this. Think in example of a credential file as variable. I used an Azure Resource Manager endpoint for this. I did this because I actually only wanted to use the AzureRM module for my extension but some of the cmdlets are only in the AzureAD module.

So how do we login? Connect-AzureAD doesn’t allow to login with a Service Principal and a key. You need to use a self-signed certificate for this what I don’t want. I already have an Azure Resource Manager endpoint with a key. I want to use that key so the login procedures for AzureRM and AzureAD are the same. I already wrote a post on how to login with a SP and key but with an existing Azure Resource Manager endpoint in your task you can use the following code:

After the above code, you can run any cmdlet that you want (if your AzureRM endpoint SP has permission on it).

6 thoughts to “Use AzureAD PowerShell cmdlets on VSTS agent”

  1. How do you get the ball rolling?

    I installed the Azure AD Application Management extension. As this doesn’t make the PowerShell-module available, I obviously need to load it somehow. Any suggestions on that?

    1. Hi Jari, this post is not explaining how to use the “Azure AD Application Management” extension. This is more for developers that are creating extensions for Azure DevOps (VSTS). I explain here how to embed it into your extension.

      What are you trying to do? Are you creating an extension?

  2. Hi Ralph,

    Nice article, however is this also possible from a hosted VS2017 agent ? I receive below error:

    ##[error]The term ‘Get-VstsInput’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    I am using the Azure PowerShell script: InlineScript step

    1. This article is created for people that are creating PowerShell Pipelines extensions for Azure DevOps. So the command ‘Get-VstsInput’ is from the Azure DevOps SDK that you can use in your extensions to get the values from the input fields of a task. So it makes sense that I won’t work immediately with a native Azure PowerShell task.

Leave a Reply