I am getting error "Could not delete user 'me#user.com'." in Azure and Office 365 error "Not all selected users were deleted Some users couldn't be deleted at this time. Correlation ID: ".
I have run the following with several O365 techs and it just won't delete. It is not in any shared resource, contact list, dlist, etc.
PS C:\Users\owner> set-executionpolicy unrestricted
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
PS C:\Users\owner> $Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
Import-PSSession $Session
PS C:\Users\owner> Remove-MsolUser -UserPrincipalName me#user.com
Confirm
Continue with this operation?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Remove-MsolUser : Unable to complete this action. Try again later.
At line:1 char:16
+ Remove-MsolUser <<<< -UserPrincipalName me#user.com
+ CategoryInfo : OperationStopped: (:) [Remove-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Adm
inistration.Automation.RemoveUser
PS C:\Users\owner> remove-msoldomain -domainname user.com -force
Remove-MsolDomain : Unable to remove this domain. Use Get-MsolUser -DomainName <domain name> to retrieve a list of obj
ects that are blocking removal.
At line:1 char:18
+ remove-msoldomain <<<< -domainname user.com -force
+ CategoryInfo : OperationStopped: (:) [Remove-MsolDomain], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.DomainNotEmptyException,Microsoft.Online.Admi
nistration.Automation.RemoveDomain
PS C:\Users\owner> get-msoluser -domainname user.com
UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
me#user.com User A. Name False
PS C:\Users\owner> remove-msoluser -userprincipalname me#user.com
Confirm
Continue with this operation?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Remove-MsolUser : Unable to complete this action. Try again later.
At line:1 char:16
+ remove-msoluser <<<< -userprincipalname me#user.com
+ CategoryInfo : OperationStopped: (:) [Remove-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Adm
inistration.Automation.RemoveUser
PS C:\Users\owner> remove-msoluser -userprincipalname me#user.com -force
Remove-MsolUser : Unable to complete this action. Try again later.
At line:1 char:16
+ remove-msoluser <<<< -userprincipalname me#user.com -force
+ CategoryInfo : OperationStopped: (:) [Remove-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Adm
inistration.Automation.RemoveUser
Two things you could try (in order):
Remove all licenses from the user using Set-MsolUserLicense
Change the domain of the user to a different domain:
$user = Get-MsolUser -UserPrincipalName "user.com"
Set-MsolUserPrincipalName -ObjectId $user.ObjectId -NewUserPrincipalName "me#user.onmicrosoft.com"
First try (1), then try to delete. If it still doesn't work, do (2), then try to delete.
Related
When I try to create a user policy for my active directory I get this error:
Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is
not null or empty, and then try the command again.
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:22959 char:38
+ ... -Session (Get-PSImplicitRemotingSession -CommandName 'New-CsApplic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
The code that I'm using is this:
Import-Module MicrosoftTeams
# Get the credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String "password"
$credentials = New-Object System.Management.Automation.PsCredential("email", $password)
# Connect to Microsoft Teams
Connect-MicrosoftTeams -Credential $credentials
New-CsApplicationAccessPolicy -Identity Random -AppIds "appid" -Description "Users"
Grant-CsApplicationAccessPolicy -PolicyName Random -Identity "userObjectId"
I know that the command New-CsApplicationAccessPolicy is creating the error but my guess is that it's caused by the command Connect-MicrosoftTeams because from what I can understand is that Connect-MicrosoftTeams creates a session.
Is there a way to set the session via a parameter or is this something you need to do outside this method?
I am trying to connect to my Azure AD with my companies O365 account. When I run the commands in the PS shell, works great. But trying to make a ps1 script file, commands fail in ISE. Code and errors below:
Code:
$managedcred = get-storedcredential -Target o365
connect-azuread -credential $managedcred
Error:
Connect-AzureAD : One or more errors occurred.: AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred.
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AggregateException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AdalServiceException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : Response status code does not indicate success: 400 (BadRequest).
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], HttpRequestException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : {"error":"invalid_grant","error_description":"AADSTS50126: Invalid username or password.\r\nTrace ID:
3bbf3cba-61c3-45c5-a19f-60973b7c2700\r\nCorrelation ID: 14599060-8bb3-4fce-afda-621efc3660ed\r\nTimestamp: 2019-10-03
16:05:03Z","error_codes":[50126],"timestamp":"2019-10-03 16:05:03Z","trace_id":"3bbf3cba-61c3-45c5-a19f-60973b7c2700","correlation_id":"14599060-8bb3-4fce-afda-621efc366
0ed","error_uri":"https://login.microsoftonline.com/error?code=50126"}: Unknown error
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AdalException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred.: AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadAuthenticationFailedException,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
So it appears that the first command works fine, but the connect fails.
According to error message, you do not use the correct username and password to connect Azure AD. Please use the following command to check it.
Get-StoredCredential -Target O365 -AsCredentialObject
Besides, according to my understanding, you want to connect Azure AD without a prompt. You also can use the following command:
$name = ""
$password = ""
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($name, $secpasswd)
Connect-AzureAD -Credential $mycreds
Update
According to research, app password is used to complete MFA with the clients which do not support modern authentication, such as outlook. For more details, please refer to https://support.microsoft.com/en-au/help/12409/microsoft-account-app-passwords-and-two-step-verification. So we cannot use app password to connect Azure AD in PowerShell ISE.
According to the situation, I suggest you use service principal to connect Azure AD. For more details, please refer to https://learn.microsoft.com/en-us/powershell/azure/active-directory/signing-in-service-principal?view=azureadps-2.0.
I created a script using powershell that connect to AzureAD and it was working fine using the following:
Connect-AzureAD -TenantId $TenantId
The sign in window pops up and I am able to successfully connect. However, I need to setup the script to run automatically so I found this code to do it:
# Set Configs
$TenantId = "<tenant id>"
$AzureUser = "<user>"
$AzurePass = Get-Content "cred.txt" | ConvertTo-SecureString
# Connect to Azure AD
$AzureCred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser, $AzurePass
Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
But I can't seem to get it to work. I use the following to generate my cred.txt file:
Read-Host -assecurestring | convertfrom-securestring | out-file C:\cred.txt
When I run it, I get the following error:
Connect-AzureAD : One or more errors occurred.: The character set
provided in ContentType is invalid. Cannot read content as string
using an invalid character set. At line:9 char:1
+ Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred. At line:9 char:1
+ Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AggregateException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : The character set provided in ContentType is
invalid. Cannot read content as string using an invalid character set.
At line:9 char:1
+ Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], InvalidOperationException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : '"utf-8"' is not a supported encoding name. For
information on defining a custom encoding, see the documentation for
the Encoding.RegisterProvider method. Parameter name: name At line:9
char:1
+ Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], ArgumentException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred.: The character set
provided in ContentType is invalid. Cannot read content as string
using an invalid character set. At line:9 char:1
+ Connect-AzureAD -TenantId $TenantId -Credential $AzureCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadAuthenticationFailedException,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
I logged in on a different tenant using the same script and it was working fine. It is just not working to the tenant that has federation on. Any workaround for this aside from turning off federation?
I want to catch the exception that occurs, when adding a DNS record with Add-DnsServerResourceRecordA in PowerShell with the switch -CreatePTR, but no reverse lookupzone exists.
But there is no error. If I provoke the error a simple menu pops up and informs me about the situation. But independent from the -ErrorAction switch the $error variable does not receive an error. What's my fault?
Thanks for your reply.
PS C:\Users\xyz>> Add-DnsServerResourceRecordA -Name "test-mwi4" -IPv4Address 1.1.1.1 -CreatePtr -ZoneName contoso.biz -ErrorAction Continue
Add-DnsServerResourceRecordA : Failed to create PTR record. Resource record test-mwi4 in zone mn-man.biz on server MNDEMUCDC010 is created successfully, but corresponding PTR record could not be created.
At line:1 char:1
+ Add-DnsServerResourceRecordA -Name "test-mwi4" -IPv4Address 1.1.1.1 -CreatePtr - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (test-mwi4:root/Microsoft/...ResourceRecordA) [Add-DnsServerResourceRecordA], CimException
+ FullyQualifiedErrorId : WIN32 9715,Add-DnsServerResourceRecordA
Thank you!
In order to use this command in try catch block use below code:
Try
{
Add-DnsServerResourceRecordA -Name "test-mwi4" -IPv4Address 1.1.1.1 -CreatePtr -ZoneName contoso.biz -ErrorAction Stop
}
Catch
{
Write-Host "Error while adding pointer record:`n$($Error[0].Exception.Message)"
}
$Error[0] returns:
$Error[0]
Add-DnsServerResourceRecordA : Failed to get the zone information for
contoso.biz on server HYDLPT487.
At line:3 char:5
+ Add-DnsServerResourceRecordA -Name "test-mwi4" -IPv4Address 1.1.1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (test-mwi4:root/Microsoft/...Resou
rceRecordA) [Add-DnsServerResourceRecordA], CimException
+ FullyQualifiedErrorId : WIN32 1722,Add-DnsServerResourceRecordA
We are trying to setup a machine for PSRemoting using the following command
Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
for some reason this only works when we open the powershell in the context of a domain user who is a local administrator.
PS C:\Windows\system32> Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
Confirm
Are you sure you want to perform this action?
Performing operation "Set-PSSessionConfiguration" on Target "Name:
Microsoft.PowerShell".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):A
Access is denied.
At line:15 char:26
+ if ((!$pluginName) -or <<<< !(test-path "$pluginDir"))
+ CategoryInfo : InvalidOperation: (:) [], InvalidOperationExcept
ion
+ FullyQualifiedErrorId : WsManError
Join-Path : Access is denied.
At line:22 char:35
+ $pluginFileNamePath = Join-Path <<<< "$pluginDir" 'FileName'
+ CategoryInfo : NotSpecified: (:) [Join-Path], InvalidOperationE
xception
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Power
Shell.Commands.JoinPathCommand
Test-Path : Cannot bind argument to parameter 'Path' because it is an empty str
ing.
At line:23 char:19
+ if (!(test-path <<<< "$pluginFileNamePath"))
+ CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingVa
lidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
lowed,Microsoft.PowerShell.Commands.TestPathCommand
Get-Item : Cannot bind argument to parameter 'LiteralPath' because it is an emp
ty string.
At line:29 char:43
+ $pluginFileName = get-item -literalpath <<<< "$pluginFileNamePath"
+ CategoryInfo : InvalidData: (:) [Get-Item], ParameterBindingVal
idationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
lowed,Microsoft.PowerShell.Commands.GetItemCommand
Set-PSSessionConfiguration : Session Configuration "Microsoft.PowerShell" is no
t a PowerShell based shell.
At line:89 char:27
+ Set-PSSessionConfiguration <<<< $args[0] $args[1] $args[2] $args[3] $args[4]
$args[5] $args[6] $args[7] $args[8]
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExcep
tion
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
n,Set-PSSessionConfiguration
PS C:\Windows\system32>
it looks to me that there is something that is preventing access to the wsman:\localhost\plugin but can't understand how that can be fixed. This only happens in our test bed, but in our development environment we have no such issues.
Does any one have any clue as to what additional user access is for this command to work that an local administrator user may not have?
Here is an article that explains how to resolve this problem... basically to fix this you set LocalAccountTokenFilterPolicy to True in the registry.
http://www.shirmanov.com/2011/04/winrm-access-is-denied-on-local.html