Am new to powershell and using this procedure to set application policy with microsoft team
The above is necessary when creating online meetings as per this procedure
but whenever i run
Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "appid"
Am getting an error
Exception calling "GetSteppablePipeline" with "1" argument(s):
"Exception calling "GetRemoteNewCsOnlineSession" with
"1" argument(s): "Run either Connect-MicrosoftTeams or new-csonlinesession before running cmdlets."
I have already Connected using admin credentials by using
Import-Module MicrosoftTeams
Connect-MicrosoftTeams
I have powershell 5.1 on my device.
What am i missing or how do i resolve the error above.
Please check which module your using GA or public preview module,if you have installed both,please do uninstall GA and try to set the policy
Update teams module , close and reopen the powershell and try to assign the policy
Reference link
Please do let me know if above steps works for you
Related
I'm trying to access a public file using a URL from Australian Bureau Of Statistics.
https://stat.data.abs.gov.au/sdmx-json/data/ABS_BLDG_APPROVALS_LGA2020/1.1.1.110.LGA2020.20660+20740+20830+20910+21110+21180+21450+21610+21890+22170+22310+22490+22670+22750+23110+23270+23430+23670+24130+24210+24330+24410+24600+24650+24850+24970+25060+25150+25250+25340+25710+25900+26080+26170+26350+26490+26980+27070+27260+27350+27450.M/all?detail=Full&dimensionAtObservation=AllDimensions&startPeriod=2020-07&endPeriod=2020-09
And can do so without an error using Firefox but when I try using powershell I get
"Exception calling "DownloadFile" with "2" argument(s): "The remote server returned an error: (403) Forbidden."
The code I'm using:
(New-Object System.Net.WebClient).DownloadFile('https://stat.data.abs.gov.au/sdmx-json/data/ABS_BLDG_APPROVALS_LGA2020/1.1.1.110.LGA2020.20660+20740+20830+20910+21110+21180+21450+21610+21890+22170+22310+22490+22670+22750+23110+23270+23430+23670+24130+24210+24330+24410+24600+24650+24850+24970+25060+25150+25250+25340+25710+25900+26080+26170+26350+26490+26980+27070+27260+27350+27450.M/all?detail=Full&dimensionAtObservation=AllDimensions&startPeriod=2020-07&endPeriod=2021-09','C:\temp\test')
powershell version 5.1
Edit: I should have mentioned that I have successfully run the powershell script on other websites, without error
Just for completeness sake this script is now returning the file without error, thanks to #Daniel comment.
$wb = New-Object System.Net.WebClient;
$wb.Headers.Add("User-Agent: Other");
$wb.DownloadFile('https://stat.data.abs.gov.au/sdmx-json/data/ABS_BLDG_APPROVALS_LGA2020/1.1.1.110.LGA2020.20660+20740+20830+20910+21110+21180+21450+21610+21890+22170+22310+22490+22670+22750+23110+23270+23430+23670+24130+24210+24330+24410+24600+24650+24850+24970+25060+25150+25250+25340+25710+25900+26080+26170+26350+26490+26980+27070+27260+27350+27450.M/all?detail=Full&dimensionAtObservation=AllDimensions&startPeriod=2020-07&endPeriod=2021-09','C:\temp\test')
I am trying to run cmdlets from powershell module MicrosoftTeams (version 2.0.0) in a C# web application. I am using Authorization code flow and code from the answer provided in this post to acquire token: Acquire AAD token using ASP.Net web forms. Note: I had changed resource in the code to graph.windows.net to acquire AAD token. Token is acquired by using AuthenticationContext.AcquireTokenByAuthorizationCodeAsync Method.
Once the token is acquired, I run the following lines to create a powershell instance in C# and to import MicrosoftTeams Module.
PowerShell pshell
InitialSessionState iss;
iss = InitialSessionState.CreateDefault2();
iss.ImportPSModule(new[] { "MicrosoftTeams" });
pshell = PowerShell.Create(iss);
Then to connect with MicrosoftTeams, I run the following code:
var connectCmd = new Command("Connect-MicrosoftTeams");
connectCmd.Parameters.Add("AadAccessToken", AccessToken);
connectCmd.Parameters.Add("AccountId", "xxxxxxx#xxxxxx.onmicrosoft.com");
pshell.Commands.AddCommand(connectCmd);
var result1 = pshell.Invoke();
Code works fine till here.
After this I clear the shell commands and invoke the Get-CsTeamsCallingPolicy cmdlet:
pshell.Commands.Clear();
pshell.Streams.Error.Clear();
pshell.AddScript("Get-CsTeamsCallingPolicy");
var result2 = pshell.Invoke();
After Invoke, I get an exception and this dialog pops up:
Pressing 'Continue' brings back the same dialogue a couple of times.
Exception details from this screen are:
System.Collections.Generic.KeyNotFoundException was unhandled by user code
HResult=-2146232969
Message=The given key was not present in the dictionary.
Source=mscorlib
StackTrace:
at System.Collections.Concurrent.ConcurrentDictionary`2.get_Item(TKey key)
at Microsoft.TeamsCmdlets.Powershell.Connect.Models.AzureSessionProvider.GetAccessToken(String resource, IEnumerable`1 scopes) in D:\a\1\s\src\Microsoft.TeamsCmdlets.PowerShell.Connect\Models\AzureSession.cs:line 80
at Microsoft.TeamsCmdlets.Powershell.Connect.TeamsPowerShellSession.GetAccessToken(String resource, IEnumerable`1 scopes) in D:\a\1\s\src\Microsoft.TeamsCmdlets.PowerShell.Connect\TeamsPowerShellSession.cs:line 82
at Microsoft.TeamsCmdlets.PowerShell.Connect.GetCsInternalAccessToken.ProcessRecord() in D:\a\1\s\src\Microsoft.TeamsCmdlets.PowerShell.Connect\GetCsInternalAccessToken.cs:line 61
at System.Management.Automation.CommandProcessor.ProcessRecord()
After pressing continue for the 3rd time, control goes back to C# code, and I receive the following runtime exception:
Exception calling "GetSteppablePipeline" with "1" argument(s):
"Exception calling "GetRemoteNewCsOnlineSession" with "1" argument(s):
"Run either Connect-MicrosoftTeams or new-csonlinesession before running cmdlets.""
Trying to run this logic from the powershell editor shows similar behavior:
Running the following two lines:
$AccessToken = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Connect-MicrosoftTeams -AadAccessToken $AccessToken -AccountId 'xxxxxxx#xxxxxx.onmicrosoft.com'
gives this result:
Account Environment Tenant TenantId
------- ----------- ------ --------
xxxxxxx#xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
I then run Get-Team cmdlet:
Get-Team -User xxxxxxx#xxxxxxx.onmicrosoft.com
which results in this message:
Get-Team : The given key was not present in the dictionary.
At line:1 char:1
+ Get-Team -User xxxxxxx#xxxxxxx.onmicrosoft.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Team], KeyNotFoundException
+ FullyQualifiedErrorId : System.Collections.Generic.KeyNotFoundException,Microsoft.TeamsCmdlets.PowerShell.Custom.GetTeam
Running cmdlet Get-CsTeamsCallingPolicy yields this
Exception calling "GetSteppablePipeline" with "1" argument(s):
"Exception calling "GetRemoteNewCsOnlineSession" with "1" argument(s):
"Run either Connect-MicrosoftTeams or new-csonlinesession before running cmdlets.""
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.0.0\net472\SfBORemotePowershellModule.psm1:11369 char:13
+ $steppablePipeline = $scriptCmd.GetSteppablePipeline($myI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : CmdletInvocationException
If I run Connect-MicrosoftTeams directly without providing access token and accountid, I get the login screens and after login everything works fine but not happening with AadAccessToken.
Same code works fine if connecting to AzureAD module via Connect-AzureAD cmdlet like this both in web application and powershell editor:
Connect-AzureAD -AadAccessToken $AccessToken -AccountId 'xxxxxxx#xxxxxxx.onmicrosoft.com'
If someone has faced and successfully resolved this issue or have some tips on how to resolve this, please help.
I have already tried a lot of things including searching for the specific exception messages and any possible solutions but found nothing that could help in this particular scenario, installed the latest version of MSTeams module, the previous version was old and did not have all the cmdlets that I am looking to work with. I actually installed the preview version of MSTeams module also to see if this issue is fixed in the upcoming release. Uninstalled the deprecated SkypeForBuisnessOnline Connector module, updated windows and so on. If you look at Example 4 in the Microsoft documentation for Connect-MicrosoftTeams, this is what I am following.
There are several problems in your implementation, I will explain them one by one below.
The answer in this post generates an Microsoft Graph access token rather than an AAD Graph access token. But you put it as the -AadAccessToken. You should put it as -MsAccessToken here because Get-Team is calling Microsoft Graph. But we cannot simply use Connect-MicrosoftTeams -MsAccessToken $AadAccessToken-AccountId 'xxxxxxx#xxxxxx.onmicrosoft.com' because the -AadAccessToken is necessary. So for testing purpose, we could set it as the same as -MsAccessToken.
So you can use this cmd to connect to Microsoft Teams:
Connect-MicrosoftTeams -AadAccessToken $AadAccessToken -MsAccessToken $AadAccessToken -AccountId 'xxxxxxx#xxxxxx.onmicrosoft.com'
Then you can run Get-Team -User xxxxxxx#xxxxxxx.onmicrosoft.com successfully.
But there will be another issue here. Get-CsTeamsCallingPolicy is a cmd under Skype For Business Powershell module. We have to run either Connect-MicrosoftTeams (in Teams module) or new-csonlinesession (in SFB module) before running cmdlets.
It means that Get-CsTeamsCallingPolicy is NOT calling Microsoft Graph or AAD Graph.
So the connection method using -AadAccessToken and -MsAccessToken is NOT enough for you to run this command from the SFB module.
I know you don't want to perform login interactively again here for running Powershell cmd. However, since your account has already enabled MFA, static login will no longer apply.
So next I tried to connect with a service principal by following Example 3 here.
Connect-MicrosoftTeams -TenantId c3eac90d-eb4b-48ef-ac86-7acac472d3cd -CertificateThumbprint 9b6ac64bfb8b48dbb53cca75fb33ce2d -applicationid daaaf729-aaff-45ba-8055-a39dd618fe24
Then the error Run either Connect-MicrosoftTeams or new-csonlinesession before running cmdlets. is bypassed BUT I got a new error when I run `Get-CsTeamsCallingPolicy:
Exception calling "GetRemoteNewCsOnlineSession" with "1" argument(s): "Tenant Domain is empty"
But I clearly specified the tenant id when I logged in with the service principal.
So I think that the Microsoft Teams module is not well integrated with SFB module currently.
Your design cannot be implemented in this way.
Hope all my findings are helpful.
I am having some issues using this ps script. Would you please explain what are the Permissions/rights are prerequisites to run the ps script.At the same time is it mandatory to have Azure Subscription? I have an Azure account under my organization's tenant Name. But in my account I dont see any subscription ID. I created an app from Menu>Azure Active Directory> APP Registration. Then got permission granted for the below two with the help of O365 Admin of my organization: Reports.Readers.all
User.Read
I have "Readers Role ". Is it sufficient to run those script to have O365 usages report, teams usage Report and all other reports mentioned in the link you shared above? Please help me out to resolve this. I am struggling with this for couple of weeks without any luck! :(
My powerShell version is 5.1.
When i am running the PS script I am getting error:(this is the script: https://gallery.technet.microsoft.com/Get-Office365-usage-f955ade4)
WARNING: Unable to load ADAL assemblies.
Update the MSOnline module by running Install-Module MSOnline -Force -AllowClobber
Exception calling "LoadFrom" with "1" argument(s): "Could not load file or assembly 'file:///C:\Program
Files\WindowsPowerShell\Modules\MSOnline\1.1.183.57\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll' or one of its dependencies. The system cannot find the file
specified."At C:\Users\MRAHM11\Documents\Projects\O365_Usage_PowerShell\Script_DwnLd\Get-Office365Report.ps1:256 char:21
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out- ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : FileNotFoundException
When I am executing PS> Install-Module MSOnline -Force -AllowClobber
Getting error:
WARNING: The version '1.1.183.57' of module 'MSOnline' is currently in use. Retry the operation after closing the applications.
What are the wrong steps I am taking?
Is my user permission is okey or need to have different user role like Global Reader or something else?
Please help..
Your issue is related to ADAL dll loading in MSOnline powershell module, not any permission so far as you have not reached to that point yet. But note that MSOnline is older V1 PowerShell module for Azure Active Directory which uses deprecated ADAL library. I suggest you NOT to use MSOnline anymore. Customers are encouraged to use the newer Azure Active Directory V2 PowerShell module* instead of this module. For details, refer Use PowerShell to create reports for Microsoft 365.
Install-Module -Name AzureAD
For newer V2 based script for O365 usage report, please refer https://gallery.technet.microsoft.com/Get-O365UsageReports-954fb5a3
*v2 doesn't require -AzureTenantADName or ADAL dlls.
Regarding permissions, Reports.Read.All is good enough.
Details on working with the Office 365 Usage reports via Microsoft Graph API: https://developer.microsoft.com/graph/docs/api-reference/v1.0/resources/report
Details on working with the Office 365 Usage reports via beta API in Microsoft Graph: https://developer.microsoft.com/graph/docs/api-reference/beta/resources/report
*beta API has some additional Teams reports API.
First try removing those modules..
Remove-Module -Name "MSOnline" -force
Uninstall-Module -Name "MSOnline" -AllVersions -force
and then install
Install-Module MSOnline -Force -AllowClobber
I was trying to make a secret from PowerShell for a SPN and saw the following:
New-AzureRmADAppCredential : Exception of type 'System.Exception' was thrown.
Here is what I did to cause the bug and how to fix it.
created SPN: New-AzureRmADApplication -DisplayName $adAppName -HomePage $adAppHomePage -IdentifierUris $adAppIdentifierUri -KeyCredentials $keyCredential
created password from portal
tried to create a new password from PowerShell: New-AzureRmADAppCredential -ObjectId 2222-3333-444 -Password 'wakatester'
saw the following error: New-AzureRmADAppCredential : Exception of type 'System.Exception' was thrown.
debugged and saw the following: "value": "Update to existing credential with KeyId '677dddaaa-4rde-bgt5-853a-2e02bce4c2f1' is not allowed."
to fix I deleted all secrets made from the portal
went back to PowerShell and created new certificates no problem
Use -Debug switch to see which parameter is not correct.
The same cryptic error will be thrown if you have another application with same IdentifierUris
If you want to create a new password for an application, you need to remove all the credentials for an application for it. I test in my lab, it I don't remove credentials, I will get the same result with you. Please use the following commands to add a new password.
To remove all the credentials for an application, use:
Remove-AzureRmADAppCredential -ApplicationId 8bc80782-a916-47c8-a47e-4d76ed755275 -All
To add a password, use:
New-AzureRmADAppCredential -ApplicationId 8bc80782-a916-47c8-a47e-4d76ed755275 -Password p#ssword!
More information please refer to this link.
I'm trying to use the Windows Azure PowerShell module to manage a subscription.
I have downloaded my certificate (the .publishsettings file) and imported it with Import-AzurePublishSettingsFile and then I've selected my subscription with Select-AzureSubscription neither of which gave errors.
I've also set my subscription using Set-AzureSubscription -SubscriptionName "Blah"
Still, I get a
Get-AzureService : Value cannot be null.
Parameter name: subscriptionId
when running Get-AzureService
I've read getting started guides and various documentation but I can't work out what I'm doing wrong. Which in my mind, makes this a UX problem that Microsoft should address.
Update
I got a bit further, I used
Set-AzureSubscription -SubscriptionName "Blah" -SubscriptionId 0123
which changed the error from Get-AzureService to:
Get-AzureService : Value cannot be null.
Parameter name: managementCertificate
But now I cannot set my certificate since the argument wants an X509Certificate type.
There is a better way to authenticate when using the Azure Powershell cmdlets --- Add-AzureAccount. This will prompt you for your login credentials instead of using the service management certificate.
You may still run into some issues because Azure powershell caches your subscriptions in XML files in %appdata%\Windows Azure Powershell.
I would recommend:
Close the Azure Powershell window
Delete the XML files in %appdata%\Windows Azure Powershell.
Open Azure Powershell and run Add-AzureAccount.
This should ensure that you have the correct subscriptions configured.
I hope this might help you-
Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile filenamewithpath
filenamewithpath is the publishsetting file with path saved on your pc