Here is my problem, I want to get the list of people with administrator role on O365 partner center while going through Azure Automation for scheduled task.
One of the first problems, is that access to the partner center is that you have to have the MFA activated on the account that does it. So I created an Azure application by following the information here: https://www.cyberdrain.com/connect-to-exchange-online-automated-when-mfa-is-enabled-using-the-secureapp-model/
The application has been created successfully, so I run the command given on the Microsoft site at the bottom (https://learn.microsoft.com/en-us/powershell/partnercenter/multi-factor-auth?view= partnercenterps-3.0):
$credential = Get-Credential
$refreshToken = '<refreshToken>'
Connect-PartnerCenter -ApplicationId 'xxxx-xxxx-xxxx-xxxx' -Credential $credential -RefreshToken $refreshToken
The problem is that when I run this command, this is the message I get:
Connect-PartnerCenter : Error: ClientId is not a Guid.
At line:8 char:1
+ Connect-PartnerCenter -ApplicationId $ApplicationId -Credential $cred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-PartnerCenter], MsalClientException
+ FullyQualifiedErrorId : Microsoft.Store.PartnerCenter.PowerShell.Commands.ConnectPartnerCenter
I have searched everywhere, I do not understand where this problem comes from.
Have some of you already encountered this problem or have another solution to get the list of admin people on the partner center?
Thank you
Related
I am trying to connect to three different CMDlets with one login:
$credential = Get-Credential
Connect-MsolService -Credential $credential
Connect-ExchangeOnline -Credential $credential
Connect-AzureAD -Credential $credential
it prompts for login, it prompts for old credentials then prompts for MFA, seems to connect to exchange online but returns the following error:
New-ExoPSSession : One or more errors occurred.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\netFramework\ExchangeOnlineManagement.psm1:475 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-ExoPSSession], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession
Could I please have assistance to connect these three cmdlets at one please?
Using $credential = Get-Credential, then pass $credential to the commands to login, this way will not work both for Connect-ExchangeOnline and Connect-AzureAD, you just got the error from Connect-ExchangeOnline as the error interrupted the script. For Connect-MsolService, when passing $credential, it will promote you to login interactively again.
In your case, you may need to login for all of them with an MFA-enabled account. If you want to avoid interactively login, you could use Azure AD App to login the commands.
Reference:
App-only authentication for unattended scripts in the EXO V2 module
Using a Service Principal to connect to a directory in PowerShell
I'm trying following powershell script to remowe to windows 2016.
$password = ConvertTo-SecureString "Password" -AsPlainText -Force
$cred= New-Object System.Management.Automation.PSCredential ("username", $password )
enter-pssession -computername 192.168.xxx.xxx -credential $cred
When login with user that has "Adminstrators" permission, it works just fine, but when login with user that only has "Users" permission, it gets access is denied error.
So, What should I do to make "Users" to login with powershell?
OK, I follow the guide below
https://www.sevecek.com/EnglishPages/Lists/Posts/Post.aspx?List=f6e49214-a43d-4fa5-9537-fb46eabe0cb8&ID=4&Web=6dbd0194-ad16-4838-ad08-7f33e3009473
And I can remote Windows Server 2016 with normal user.
But when I tried following script, the exception happens again.
[192.168.XXX.XXX]: PS C:\Users\TestUser\Documents> ([ADSI] "WinNT://localhost/TestUser,user").ChangePassword("#EDC4rfv", "1qaz#WSX")
And the error message is
Exception calling "ChangePassword" with "2" argument(s): "Access is denied.
"
At line:1 char:1
+ ([ADSI] "WinNT://localhost/TestUser,user").ChangePassword("#EDC4rfv", " ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
Does that mean even normal user can remote to Windows Server 2016, they still can't run commands?
To use PowerShell remoting(default endpoint "Microsoft.PowerShell"), the user should be part of Administrators group in remote machine.
You can tackle this by creating an Endpoint and giving the normal user permission to access it on the remote machine.
More about it is in below link.
https://blogs.technet.microsoft.com/heyscriptingguy/2014/03/31/introduction-to-powershell-endpoints/
I am running the code in my azure AD runbook with the MSOnline module installed:
Import-Module MSOnline
$credential = get-automationpscredential -name 'CoreyA'
Connect-MsolService -Credential $credential
But get the following error:
Connect-MsolService : Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'.
At line:3 char:1
+ Connect-MsolService -Credential $credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], EntryPointNotFoundException
+ FullyQualifiedErrorId :
System.EntryPointNotFoundException,Microsoft.Online.Administration.Automation.ConnectMsolService
I have tried multiple variations of the code and just cannot seem to find a solution ANYWHERE. The code works on my local machine with powershell ISE when I connect to my run as account, but not in AAD.
I met this exception too and seems the root reason is the account I used for connecting to tenant enabled MFA. Using an account isn't enabled MFA will solve this issue.
There is something wrong with reporting exception message in the latest MSOnline module, this issue directed me a wrong way and wasted me a lot of time.
When you change the MSOnline version to 1.0, you will see the right exception message.
MSOnline 1.0: https://www.powershellgallery.com/packages/MSOnline/1.0
Btw, I found a good way to solve Azure and O365 issues : https://support.microsoft.com/en-us/help/3174960/dev-chat-for-office365-azure this team will answer some queries for common Azure users too .
In the Azure portal I can click Add User and select User in another Windows Azure AD directory to add a user from another directory to the current directory (As long as I have sufficient authorization in both directories).
I'd like to be able to do this via powershell, but it doesn't seem possible since you can only connect to a single directory.
Here's the scenario:
admin#tenant1.onmicrosoft.com is a global admin in both tenant1 and tenant2. In the portal, I can see and manage both directories while logged as admin#tenant1.onmicrosoft.com.
But in powershell, if I do:
$cred = Get-Credential -UserName admin#tenant1.onmicrosoft.com
Connect-MsolService -Credential $cred
I can only see and manage the tenant1 directory. So I tried this:
$cred = Get-Credential -UserName admin#tenant1.onmicrosoft.com
Connect-MsolService -Credential $cred
$user = Get-MsolUser -UserPrincipalName user#myfederateddomain.com
$cred2 = Get-Credential -UserName admin#tenant2.onmicrosoft.com
Connect-MsolService -Credential $cred2
$user | New-MsolUser
But this failed:
New-MsolUser : Unable to create this user because the user principal name provided is not on a verified domain.
At line:1 char:9
+ $user | New-MsolUser
+ ~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [New-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.PropertyDomainValidationException,Microsoft.Online.Administ
ration.Automation.NewUser
I'm guessing this just isn't possible, but maybe someone can point out something I missed?
Unfortunately, as you had guessed, this functionality is not currently available through Azure AD PowerShell. It is something that we'd like to add in the future, but I don't have an exact timeframe for this yet.
UPDATE 4/14/2018: Sorry - was not monitoring this. There is now a way to invite a user from another tenant to the current tenant using Microsoft Graph. Please see https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/invitation. It still doesn't look like there's any Azure AD PowerShell for this.
I would like to batch import contacts from a CSV file to a public folder located on an Office 365 / Exchange Online server.
There is a wonderful PowerShell script from Microsoft that does the same in an on premises environment using EWS (Exchange Web Services): http://gallery.technet.microsoft.com/office/Import-Contacts-to-a-08e6ffd7
Is there a way to get this to work with Office 365?
What I tried
This is how I tried to connect to the Webservice, resulting in an error:
$cred = get-credential
Connect-MsolService -Credential $cred
Import-Module .\ImportOSCEXPFContact.psm1
Connect-OSCEXWebService -Credential $cred -Force
Error returned (translated from German):
Connect-OSCEXWebService : Error calling "AutodiscoverUrl" with 2 arguments: "The Autodiscover service couldn't be located."
On Line:1 Character:24
+ Connect-OSCEXWebService <<<< -Credential $cred -Force
+ CategoryInfo : NotSpecified: (:) [Connect-OSCEXWebService], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException,Connect-OSCEXWebService
Anyone might help out or knows if that could work at all?
Thanks for help!
Aaron
Made it!
I modified a Script by Steve Goodman to do so.
Here is the code if you need to do the same:
https://web.archive.org/web/20160730070630/http://pastie.org/8489637