Azure:无法选择数据导出服务作为主体

时间:2019-05-14 17:09:19

标签: azure dynamics-crm microsoft-dynamics azure-keyvault data-export

我想将数据从MS Dynamics 365导出到Azure云。为了导出动态数据,我已经在动态中安装了数据导出服务。在azure中,我可以选择指定我的密钥保管库值一个访问策略,因此我通常可以选择将数据导出服务添加为主体。但就我而言,不存在这样的选择。可能是什么原因?

enter image description here

1 个答案:

答案 0 :(得分:0)

give permission to the Data Export Service功能的Azure帐户管理员身份运行此处描述的Windows PowerShell脚本,以便它可以访问您的Azure Key Vault。该脚本显示创建用于访问连接字符串的导出配置文件所需的密钥库URL。

$subscriptionId = 'ContosoSubscriptionId'   
$keyvaultName = 'ContosoKeyVault'
    $secretName = 'ContosoDataExportSecret'
    $resourceGroupName = 'ContosoResourceGroup1'
    $location = 'West US'
    $connectionString = 'AzureSQLconnectionString'
$organizationIdList = 'ContosoSalesOrg1_id, ContosoSalesOrg2_id'
$tenantId = 'tenantId'
    # -------------------------------------------------------------------------------- #

# Login to Azure account, select subscription and tenant Id
Login-AzureRmAccount
Set-AzureRmContext -TenantId $tenantId -SubscriptionId $subscriptionId

# Create new resource group if not exists.
$rgAvail = Get-AzureRmResourceGroup -Name $resourceGroupName -Location $location -ErrorAction SilentlyContinue
if(!$rgAvail){
    New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
}

# Create new key vault if not exists.
$kvAvail = Get-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue
if(!$kvAvail){
    New-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location $location
    # Wait few seconds for DNS entry to propagate
    Start-Sleep -Seconds 15
}

# Create tags to store allowed set of Organizations.
$secretTags = @{}
foreach ($orgId in $organizationIdList.Split(',')) {
    $secretTags.Add($orgId.Trim(), $tenantId)
}

# Add or update a secret to key vault.
$secretValue = ConvertTo-SecureString $connectionString -AsPlainText -Force
$secret = Set-AzureKeyVaultSecret -VaultName $keyvaultName -Name $secretName -SecretValue $secretValue -Tags $secretTags

# Authorize application to access key vault.
$servicePrincipal = 'b861dbcc-a7ef-4219-a005-0e4de4ea7dcf'
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvaultName -ServicePrincipalName $servicePrincipal -PermissionsToSecrets get

# Display secret url.
Write-Host "Connection key vault URL is "$secret.id.TrimEnd($secret.Version)""

注意:一个Azure订阅可以有多个Azure Active Directory租户ID。确保选择与将用于数据导出的Dynamics 365 for Customer Engagement应用程序实例相关联的正确的Azure Active Directory租户ID。

有关更多详细信息,您可以参考此article

相关问题
最新问题