I'm getting an error running New-AzureRmRoleAssignment. I want to give an AD group access to a resource group. The script actually works-- the group gets contributor access to the resource group. It just says that it's failing with the message "Access denied to the specified API version".
My script (params not included) is here:
# Import the Task.Common dll that has all the cmdlets we need for Build
import-module Microsoft.TeamFoundation.DistributedTask.Task.Common
import-module Microsoft.TeamFoundation.DistributedTask.Task.Internal
Import-Module "Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Internal"
Import-Module "Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Azure"
Write-Output "Connecting to Azure"
Initialize-AzurePowershellSupport -ConnectedServiceName $ConnectedServiceName -ErrorAction SilentlyContinue
$subscription = (Get-AzureRmContext).Subscription.SubscriptionName #(Get-AzureRmContext).Subscription.SubscriptionName
New-AzureRmRoleAssignment -ObjectId $objID -RoleDefinitionName $roleName -ResourceGroupName $environment-$featureName
How can I fix the error? The script does what it's supposed to, but the build "fails".
According to the error log, do you login Azure by using service principal. If yes, it is a know issue. Please check the issue on GitHub. The issue is solved on the latest version Azure Power Shell(4.1.0 or later).
You could use the following cmdlet to check your Azure PowerShell version.
Get-Module -ListAvailable -Name Azure -Refresh
The latest version is 4.3.1, you could download it from the link.
If you build the script on VSTS, please use Hosted 2017 build agent, it uses the latest version PowerShell. Please refer to this answer.
Related
I've run into an error after following this document (https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy) when trying to set up an application access policy in powershell. This is the cmdlet that was run, which produced the error,
New-CsApplicationAccessPolicy -Identity "MeetingsPolicy" -AppIds "<app-id>" -Description "MeetingsPolicy"
The error received in powershell is the following,
"New-CsApplicationAccessPolicy : Unable to cast object of type 'System.Management.Automation.PSListModifier' to type
'System.String'."
Can anyone help shed any light on what is the problem here and how to fix it please?
P.S Im using Powershell 5.1 on Win 10 and running Powershell in admin mode.
Have also tried the following using "splatting", which also did not work.
$props = #{
identity = 'MeetingsPolicy'
appids = '<app-id>'
description = 'MeetingsPolicy'
}
New-CsApplicationAccessPolicy #props
So it turned out the Microsoft Teams cmdlet module version 3.1.0 has issues in there when installed with no previous version. I had to install the 2.3.2-preview version first, which allowed the cmdlets to work. I then updated this version to 3.1.0 and it works fine.
So the steps you need to take are the following,
i) Remove the teams module from powershell,
Uninstall-Module MicrosoftTeams -Allversions
ii) Install the older version first,
Install-Module -Name MicrosoftTeams -RequiredVersion 2.3.2-preview -AllowPrerelease
iii) Connect to teams
Connect-MicrosoftTeams
v) Update to the latest version (Optional)
Update-Module -Name MicrosoftTeams
Run cmdlet and it should work now.
Credit to Marcus Rath for his post here https://blog.matrixpost.net/teams-powershell-several-cmdlet-doesnt-work-errounable-to-cast-object-of-type-system-management-automation-pslistmodifier-to-type-system-string/, which explains the issue in more detail.
I am having some issues using this ps script. Would you please explain what are the Permissions/rights are prerequisites to run the ps script.At the same time is it mandatory to have Azure Subscription? I have an Azure account under my organization's tenant Name. But in my account I dont see any subscription ID. I created an app from Menu>Azure Active Directory> APP Registration. Then got permission granted for the below two with the help of O365 Admin of my organization: Reports.Readers.all
User.Read
I have "Readers Role ". Is it sufficient to run those script to have O365 usages report, teams usage Report and all other reports mentioned in the link you shared above? Please help me out to resolve this. I am struggling with this for couple of weeks without any luck! :(
My powerShell version is 5.1.
When i am running the PS script I am getting error:(this is the script: https://gallery.technet.microsoft.com/Get-Office365-usage-f955ade4)
WARNING: Unable to load ADAL assemblies.
Update the MSOnline module by running Install-Module MSOnline -Force -AllowClobber
Exception calling "LoadFrom" with "1" argument(s): "Could not load file or assembly 'file:///C:\Program
Files\WindowsPowerShell\Modules\MSOnline\1.1.183.57\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll' or one of its dependencies. The system cannot find the file
specified."At C:\Users\MRAHM11\Documents\Projects\O365_Usage_PowerShell\Script_DwnLd\Get-Office365Report.ps1:256 char:21
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out- ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : FileNotFoundException
When I am executing PS> Install-Module MSOnline -Force -AllowClobber
Getting error:
WARNING: The version '1.1.183.57' of module 'MSOnline' is currently in use. Retry the operation after closing the applications.
What are the wrong steps I am taking?
Is my user permission is okey or need to have different user role like Global Reader or something else?
Please help..
Your issue is related to ADAL dll loading in MSOnline powershell module, not any permission so far as you have not reached to that point yet. But note that MSOnline is older V1 PowerShell module for Azure Active Directory which uses deprecated ADAL library. I suggest you NOT to use MSOnline anymore. Customers are encouraged to use the newer Azure Active Directory V2 PowerShell module* instead of this module. For details, refer Use PowerShell to create reports for Microsoft 365.
Install-Module -Name AzureAD
For newer V2 based script for O365 usage report, please refer https://gallery.technet.microsoft.com/Get-O365UsageReports-954fb5a3
*v2 doesn't require -AzureTenantADName or ADAL dlls.
Regarding permissions, Reports.Read.All is good enough.
Details on working with the Office 365 Usage reports via Microsoft Graph API: https://developer.microsoft.com/graph/docs/api-reference/v1.0/resources/report
Details on working with the Office 365 Usage reports via beta API in Microsoft Graph: https://developer.microsoft.com/graph/docs/api-reference/beta/resources/report
*beta API has some additional Teams reports API.
First try removing those modules..
Remove-Module -Name "MSOnline" -force
Uninstall-Module -Name "MSOnline" -AllVersions -force
and then install
Install-Module MSOnline -Force -AllowClobber
I am attempting to login to an Azure account through a PowerShell script by means of making use of a publishsettings file; However, I am still finding that it is requiring me to login to my account using Login-AzureRmAccount, regardless of having those credentials.
My step-by step looks something like this:
Clear out all accounts that may be available:
Get-AzureAccount | ForEach-Object { Remove-AzureAccount $_.ID -Force }
Download the PublishSettings file: Import-AzurePublishSettingsFile –PublishSettingsFile $PublishSettingsFileNameWithPath
Select the Azure subscription using the subscription ID:
Select-AzureRMSubscription -SubscriptionId $SubscriptionId
And finally, create a new resource group in the subscription before deploying it: New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force 2>> .\errorCIMS_RG.txt | Out-File .\rgDetailsCIMS_RG.txt
However, this is when an error is thrown: Run Login-AzureRmAccount to login.
Assuming I have the PublishSettings file, and it hasnt expired, why would this be giving back an error?
As Mihail said, we should check Azure PowerShell version first, and install the latest version.
We can run this command to list Azure PowerShell version:
Get-Module -ListAvailable -Name Azure -Refresh
By the way, Import-AzurePublishSettingsFile work for ASM, New-AzureRmResourceGroup is ARM command, so if you want to create resource group, you should Login-AzureRmAccount first.
Note:
The AzureResourceManager module does not support publish settings
files.
More information about Import-AzurePublishSettingsFile, please refer to this link.
I solved this problem by updating to last version of azure powershell cmdlet.
You can find last one here:
https://github.com/Azure/azure-powershell/releases
We have a set of custom powershell modules which use the Azure powershell cmdlets - they have been working fine for over a year. I just set up a new machine and whenever I try to run Get_AzureWebsite I receive the following error:
PS C:\WINDOWS\system32> Get-AzureWebsite 'anything'
Get-AzureWebsite : Requested value 'Dynamic' was not found.
This may just be a machine setup but am worried that these comdlets may be being deprecated - appreciate if anyone can help or knows how to fix this?
It may be fixed by updating the version of Azure PowerShell . More detail please refer to the issue and feedback. Please refer to how to install and configure Azure PowerShell. I didn't reproduce it on the Azure PowerShell v2.1.0. It works successfully.Please try to use the following code to get the current Azure PowerShell version .
(Get-Module -ListAvailable | Where-Object{ $_.Name -eq 'Azure' }) `
| Select Version, Name, Author, PowerShellVersion | Format-List;
Okay so this is versions of Azure and AzureRM cmdlets.
Working install is
Install-Module -Name AzureRM -RequiredVersion 1.3.2
Install-Module Azure -AllowClobber
Not sure about -AllowClobber but this was printed in the Azure Console....
PackageManagement\Install-Package : A command with name 'Get-AzureStorageContainerAcl' is already available on this
system. This module 'Azure' may override the existing commands. If you still want to install this module 'Azure', use
-AllowClobber parameter.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1661 char:21
Guess there is a class in the Storage namespace or something
I installed the latest azure powershell and then ran again the script.
It worked fine.
Just to add you need to restart your machine after installing latest powershell, else you might face error "the required module Azure.Storage is not loaded"
I'm trying to run some azure powershell commands as part of my Visual Studio Team Services build using Azure Resource Manager.
It gives me the following error:
No default subscription has been designated. Use Select-AzureSubscription -Default to set the default subscription.
The commands I'm trying to run:
$website = Get-AzureWebsite | where {$_.Name -eq 'my-website'}
Write-Output ("##vso[task.setvariable variable=DeployUrl;]$website.HostNames")
When I tried to run it locally, I had to call
Add-AzureAccount
Select-AzureRmSubscription -SubscriptionName "Visual Studio Premium with MSDN"
to get it working, but it is not possible in the VSTS build.
UPDATE:
I've configured it to use the azure classic mode instead of resource manager, at it works. I don't think that it is a feasible solution for production as azure classic mode is obsolete.
Since you are using Azure Resource Manager, please check the things below:
Make sure "Azure Resource Manager" service endpoint is added correctly.
Use "Get-AzureRmWebApp" command instead of "Get-AzureWebsite" command just as bmoore mentioned.
I have tested it at my side, it works correctly.
My PowerShell script:
$website = Get-AzureRmWebApp | where {$_.Name -eq 'eddieapp0930'}
Write-Host $website.HostNames
Run from "Azure PowerShell Script" task:
Thank you for your question.
If you are using service manager mode(classic mode), the correct cmdlet is:
Add-AzureAccount
Get-AzureSubscription -SubscriptionName “name” | Select-AzureSubscription
If you are using Resource Manager, the correct cmdlet is:
Login-AzureRmAccount
Get-AzureRmSubscription –SubscriptionName "name" | Select-AzureRmSubscription
or just use -SubscriptionId instead of -SubscriptionName.
More information about ASM and ARM, please refer to the link below:
https://azure.microsoft.com/en-us/documentation/articles/resource-manager-deployment-model/
If you still have questions, welcome to post back here. Thanks.