The use case i am working is create online meeting and i followed the following documentation https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
As part of this, Admin needs to create application access policy and grant it to a user.https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy
While executing New-CsApplicationAccessPolicy cmdlet I am having the following error.
e.g New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "ddb80e06-92f3-4978-bc22-a0eee85e6a9e", -Description "description here"
ERROR
Get-CsOnlineSession: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:63
Line |
63 | $remoteSession = & (Get-CsOnlineSessionCommand)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The remote server returned an error: (404) Not Found.
Invoke-Command: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:22959
Line |
22959 | … -Session (Get-PSImplicitRemotingSession -CommandName ‘New-CsApplic …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot validate argument on parameter ‘Session’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
2:20
this error when i execute below policy New-CsApplicationAccessPolicy -Identity Millo-Video-policy -AppIds “334941f7-50e4-4b19-9d5d-22328ad41553” -Description “video delegation policy for app”
I would appreciate if you can help me how to solve this problem.
P.s. I am using personal azure account
This cmdlet runs using skype connecter. But now this cmdlet is added in latest powershell module. please upgrate powershell module and run the cmdlet. please go through this link
I tried the following steps and its working:
Upgrade the microsoft teams powershell module to the latest (also follow the above steps provided by Kartheek above)
Connect-MicrosoftTeams #Enter global Administrator account credential and make sure that you see Admin account details in connection output.
Now execute the New-CsApplicationAccessPolicy
Make sure the powershell connects/works.
Usually i test the above steps in test demo tenant, before doing it in prod. Test the same and confirm if you can still repro the issue.
Related
I'm trying to implement a fairly simple PowerShell query, hosted in Azure Automation, to manage External Identities
I've set up a System Managed Identity and have successfully connected using Connect-AzAccount -Identity
But when I run it, it says You must call the Connect-AzureAD cmdlet before calling any other cmdlets
The next cmdlet is Get-AzureADPolicy, which I think triggered the above message
Following this blog, I tried this:
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext -ErrorAction Stop
Connect-AzureAD -TenantId $AzureContext.Tenant.TenantId -AccountId $AzureContext.Account.Id
and I get this: Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'
Am not at all sure now what to do; any help appreciated
PS: I'm aware there are quite few related questions, but I have not been able to find an answer to this particular query ...
I was having the same issue and I resolved it by using the below commands. I have added comments to underline what each statement is meant for.
# Ensures you do not inherit an AzContext in your runbook. Out-Null is used to disable any output from this Cmdlet.
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect to Azure with system-assigned managed identity.
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context. Out-Null is used to disable any output from this Cmdlet.
Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext | Out-Null
With help from M/S support, I can now clarify the issue. The core point is that it is not possible to authenticate for AzureAD (with Connect-AzureAD) using Managed Identity; a Run As account must be used, at least currently
Further, for our use case, the Run As account had to have "Global Admin" role; "Owner" was not sufficient
It is of course possible to use Managed Identity for managing other Azure Resources (using Connect-AzAccount)
I need to adapt a script that currently is using Msol-Service module with the AzureAD module. I have a script developed in Powershell that use Get-MsolDirSyncProvisioningError to check the sync errors in my tenant.
Get-MsolDirSyncProvisioningError -ErrorCategory PropertyConflict
I've searched in AzureAD cmdlets' documentation and i don't saw any cmdlet that do something.
Which is the same cmdlet in AzureAD module?
Command for azure Ad sync provisioning error isn't currently available.They are all managed and can be seen in azure provisioning audit logs i.e; through GUI.The Only command available is through msol like the command you provided(Get-MsolDirSyncProvisioningError -ErrorCategory PropertyConflict ).
This may not be the requirement for script but you may give a try with below commands for a particular user(UPN) if it can help else please ignore.
Example command:
1.
(Get-AzureADUser -All 1| where {$_.UserPrincipalName -like "user#xyz.OnMicrosoft.com"}).dirsyncprovisioningerrors | fl
(or)
( get-azureaduser -all $true -Filter "startswith(UserPrincipalName,'admin#xyz.onmicrosoft.com')").dirsyncprovisioningerrors
Reference:
get-azureaduser-vs-get-msoluser |community.spiceworks
I am trying to set DenyAddAndCustomizePages property of my tenant site using the script below but it gives an error. What should be the alternative for using it with new PnP.Powershell module? Our project was running for several months with SharepointPnPPowershell But as this is now deprecated and not supported anymore, after installing PnP. Powershell we are seeing lots of issues.
Method invocation failed because [PnP.PowerShell.Commands.Model.SPOSite] does not contain a method named 'update'.
I tried to include Import-Module Microsoft.Online.SharePoint.PowerShell -Scope "Local" as described at the end of the article below but that did not work.
https://learn.microsoft.com/en-us/answers/questions/258967/problems-with-update-method-to-change-conditional.html
$site = Get-PnPTenantSite -Detailed -Url $Url
$site.DenyAddAndCustomizePages = "Disabled"
$site.Update() | Out-Null
I'm guessing you found the answer by now? If not, have you tried this?
Set-PnpTenantSite -Identity $siteUrl -DenyAddAndCustomizePages:$false | Out-Null
Tks.
Alex
I have (what I think is) an odd problem.
I have two domain admin accounts and one domain controller (for the purpose of this question). Here is the scenario:
Admin1 RDPs to dc01 and runs the Powershell command (see command below), and it succeeds
Admin2 RDPs to dc01 and runs the Powershell command (see command below), and it fails (see error below).
In both cases, we are entering the credentials of admin1 when prompted by Get-Credential
Command:
Get-ADGroupMember administrators -Credential (Get-Credential) -Server dc01 -Recursive
Error:
Get-ADGroupMember : There is no such object on the server
If I remove the -Recursive parameter, then the command works for both admins (again, using the credentials of admin1). If I open ADUC as admin1, then look at the members of Administrators, I can see all members, opening sub-groups without issue.
What in the world is going on? Thanks.
Well, looks like it was a permissions issue. I added the service account to Enterprise Admins and the failure stopped. I have no idea which object is causing the failure.
I am attempting to login to an Azure account through a PowerShell script by means of making use of a publishsettings file; However, I am still finding that it is requiring me to login to my account using Login-AzureRmAccount, regardless of having those credentials.
My step-by step looks something like this:
Clear out all accounts that may be available:
Get-AzureAccount | ForEach-Object { Remove-AzureAccount $_.ID -Force }
Download the PublishSettings file: Import-AzurePublishSettingsFile –PublishSettingsFile $PublishSettingsFileNameWithPath
Select the Azure subscription using the subscription ID:
Select-AzureRMSubscription -SubscriptionId $SubscriptionId
And finally, create a new resource group in the subscription before deploying it: New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force 2>> .\errorCIMS_RG.txt | Out-File .\rgDetailsCIMS_RG.txt
However, this is when an error is thrown: Run Login-AzureRmAccount to login.
Assuming I have the PublishSettings file, and it hasnt expired, why would this be giving back an error?
As Mihail said, we should check Azure PowerShell version first, and install the latest version.
We can run this command to list Azure PowerShell version:
Get-Module -ListAvailable -Name Azure -Refresh
By the way, Import-AzurePublishSettingsFile work for ASM, New-AzureRmResourceGroup is ARM command, so if you want to create resource group, you should Login-AzureRmAccount first.
Note:
The AzureResourceManager module does not support publish settings
files.
More information about Import-AzurePublishSettingsFile, please refer to this link.
I solved this problem by updating to last version of azure powershell cmdlet.
You can find last one here:
https://github.com/Azure/azure-powershell/releases