I need to adapt a script that currently is using Msol-Service module with the AzureAD module. I have a script developed in Powershell that use Get-MsolDirSyncProvisioningError to check the sync errors in my tenant.
Get-MsolDirSyncProvisioningError -ErrorCategory PropertyConflict
I've searched in AzureAD cmdlets' documentation and i don't saw any cmdlet that do something.
Which is the same cmdlet in AzureAD module?
Command for azure Ad sync provisioning error isn't currently available.They are all managed and can be seen in azure provisioning audit logs i.e; through GUI.The Only command available is through msol like the command you provided(Get-MsolDirSyncProvisioningError -ErrorCategory PropertyConflict ).
This may not be the requirement for script but you may give a try with below commands for a particular user(UPN) if it can help else please ignore.
Example command:
1.
(Get-AzureADUser -All 1| where {$_.UserPrincipalName -like "user#xyz.OnMicrosoft.com"}).dirsyncprovisioningerrors | fl
(or)
( get-azureaduser -all $true -Filter "startswith(UserPrincipalName,'admin#xyz.onmicrosoft.com')").dirsyncprovisioningerrors
Reference:
get-azureaduser-vs-get-msoluser |community.spiceworks
Related
I'm trying to implement a fairly simple PowerShell query, hosted in Azure Automation, to manage External Identities
I've set up a System Managed Identity and have successfully connected using Connect-AzAccount -Identity
But when I run it, it says You must call the Connect-AzureAD cmdlet before calling any other cmdlets
The next cmdlet is Get-AzureADPolicy, which I think triggered the above message
Following this blog, I tried this:
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext -ErrorAction Stop
Connect-AzureAD -TenantId $AzureContext.Tenant.TenantId -AccountId $AzureContext.Account.Id
and I get this: Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'
Am not at all sure now what to do; any help appreciated
PS: I'm aware there are quite few related questions, but I have not been able to find an answer to this particular query ...
I was having the same issue and I resolved it by using the below commands. I have added comments to underline what each statement is meant for.
# Ensures you do not inherit an AzContext in your runbook. Out-Null is used to disable any output from this Cmdlet.
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect to Azure with system-assigned managed identity.
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context. Out-Null is used to disable any output from this Cmdlet.
Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext | Out-Null
With help from M/S support, I can now clarify the issue. The core point is that it is not possible to authenticate for AzureAD (with Connect-AzureAD) using Managed Identity; a Run As account must be used, at least currently
Further, for our use case, the Run As account had to have "Global Admin" role; "Owner" was not sufficient
It is of course possible to use Managed Identity for managing other Azure Resources (using Connect-AzAccount)
The use case i am working is create online meeting and i followed the following documentation https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
As part of this, Admin needs to create application access policy and grant it to a user.https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy
While executing New-CsApplicationAccessPolicy cmdlet I am having the following error.
e.g New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "ddb80e06-92f3-4978-bc22-a0eee85e6a9e", -Description "description here"
ERROR
Get-CsOnlineSession: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:63
Line |
63 | $remoteSession = & (Get-CsOnlineSessionCommand)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The remote server returned an error: (404) Not Found.
Invoke-Command: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:22959
Line |
22959 | … -Session (Get-PSImplicitRemotingSession -CommandName ‘New-CsApplic …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot validate argument on parameter ‘Session’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
2:20
this error when i execute below policy New-CsApplicationAccessPolicy -Identity Millo-Video-policy -AppIds “334941f7-50e4-4b19-9d5d-22328ad41553” -Description “video delegation policy for app”
I would appreciate if you can help me how to solve this problem.
P.s. I am using personal azure account
This cmdlet runs using skype connecter. But now this cmdlet is added in latest powershell module. please upgrate powershell module and run the cmdlet. please go through this link
I tried the following steps and its working:
Upgrade the microsoft teams powershell module to the latest (also follow the above steps provided by Kartheek above)
Connect-MicrosoftTeams #Enter global Administrator account credential and make sure that you see Admin account details in connection output.
Now execute the New-CsApplicationAccessPolicy
Make sure the powershell connects/works.
Usually i test the above steps in test demo tenant, before doing it in prod. Test the same and confirm if you can still repro the issue.
I'm getting an error running New-AzureRmRoleAssignment. I want to give an AD group access to a resource group. The script actually works-- the group gets contributor access to the resource group. It just says that it's failing with the message "Access denied to the specified API version".
My script (params not included) is here:
# Import the Task.Common dll that has all the cmdlets we need for Build
import-module Microsoft.TeamFoundation.DistributedTask.Task.Common
import-module Microsoft.TeamFoundation.DistributedTask.Task.Internal
Import-Module "Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Internal"
Import-Module "Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Azure"
Write-Output "Connecting to Azure"
Initialize-AzurePowershellSupport -ConnectedServiceName $ConnectedServiceName -ErrorAction SilentlyContinue
$subscription = (Get-AzureRmContext).Subscription.SubscriptionName #(Get-AzureRmContext).Subscription.SubscriptionName
New-AzureRmRoleAssignment -ObjectId $objID -RoleDefinitionName $roleName -ResourceGroupName $environment-$featureName
How can I fix the error? The script does what it's supposed to, but the build "fails".
According to the error log, do you login Azure by using service principal. If yes, it is a know issue. Please check the issue on GitHub. The issue is solved on the latest version Azure Power Shell(4.1.0 or later).
You could use the following cmdlet to check your Azure PowerShell version.
Get-Module -ListAvailable -Name Azure -Refresh
The latest version is 4.3.1, you could download it from the link.
If you build the script on VSTS, please use Hosted 2017 build agent, it uses the latest version PowerShell. Please refer to this answer.
I am attempting to login to an Azure account through a PowerShell script by means of making use of a publishsettings file; However, I am still finding that it is requiring me to login to my account using Login-AzureRmAccount, regardless of having those credentials.
My step-by step looks something like this:
Clear out all accounts that may be available:
Get-AzureAccount | ForEach-Object { Remove-AzureAccount $_.ID -Force }
Download the PublishSettings file: Import-AzurePublishSettingsFile –PublishSettingsFile $PublishSettingsFileNameWithPath
Select the Azure subscription using the subscription ID:
Select-AzureRMSubscription -SubscriptionId $SubscriptionId
And finally, create a new resource group in the subscription before deploying it: New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force 2>> .\errorCIMS_RG.txt | Out-File .\rgDetailsCIMS_RG.txt
However, this is when an error is thrown: Run Login-AzureRmAccount to login.
Assuming I have the PublishSettings file, and it hasnt expired, why would this be giving back an error?
As Mihail said, we should check Azure PowerShell version first, and install the latest version.
We can run this command to list Azure PowerShell version:
Get-Module -ListAvailable -Name Azure -Refresh
By the way, Import-AzurePublishSettingsFile work for ASM, New-AzureRmResourceGroup is ARM command, so if you want to create resource group, you should Login-AzureRmAccount first.
Note:
The AzureResourceManager module does not support publish settings
files.
More information about Import-AzurePublishSettingsFile, please refer to this link.
I solved this problem by updating to last version of azure powershell cmdlet.
You can find last one here:
https://github.com/Azure/azure-powershell/releases
I am trying to write a powershell script to add and remove members from a distribution list which is present in the active directory.I tried a command for adding members to the distribution list which is like:
ADD-DistributionGroupmember -identity "staff" -member "johnevans#contoso.com"
but when i try to execute this command i get an error saying that add-distributiongroupmember is an invalid command.
so,can anyone provide me a powershell script to add and remove members from the distribution list which is present in the active directory.
Add-DistributionGroupMember is an Exchange cmdlet, and requires the Exchange management snapin, or a remote Exchange management session.
You can accomplish the same thing using the ActiveDirectory module and Add-ADGroupMember, but you won't be able to use the user's email address as the member identity to add. Exchange will work with that as an identity reference, but the native AD cmdlets won't.
You need Exchange Powershell module: http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/23/learn-how-to-use-powershell-to-run-exchange-server-commands-remotely.aspx
If you want to do it without the Exchange cmdlets, this works I tested it:
$groupIdentity = "My Group"
$userEmailAddress = "johnevans#contoso.com"
Add-ADGroupMember -Identity $groupIdentity -Member (Get-ADUser -Filter {mail -eq $userEmailAddress})