Forum Widgets
Latest Discussions
Connecting to multiple Microsoft services with the same session
Hi guys. Working on a script that needs to connect to ExchangeOnlineManagement, TeamsOnlineManagement, SharePointOnlineManagement.... The script will be used across many different tenants, and I also plan to make it publicly available, so 1) I don't really want to pre-configure some complicated key setup and 2) I don't really want to have login pop-ups over and over again... For ExchangeOnline, I learned (accidentally), if I do this: $upn = Read-Host -Prompt "input yer wahawha" Connect-ExchangeOnline -userprimaryname $upn Connect-IPPSsession -userprimaryname $upn And login to MY tenant, I don't get prompted for login. I think likely because my device is Entra-joined, and it's using my Microsoft account. But even if I use a different account, it will only prompt me once - reusing it for the other. This is great, and exactly how I wanted things to flow - but now I'm trying to do Connect-SPOService (sharepoint) and Connect-MicrosoftTeams... and while both of these are part of the tenant, they don't take the -userprimaryname param - so I can specify to use the account I'm logged into my PC with.. The end-goal is to have this script run with minimal user input. I've SORT OF found a workaround for SharePoint, where I can get the SharePointSite from ExchangeOnline, then modify it a bit and use it as input for Connect-SPOService... but Teams, while it doesn't have the URL param requirement, DOES prompt me to login again. Is there a way to use the existing session for either of these, like I've done with ExchangeOnline / IPPSSession? We have MFA enabled, though not required from within our company network - but when I try to use Get-Credential, it errors me out because it wants MFA.
PowerShell Script to Follow a SharePoint Site for a User
Good morning! I've been struggling with this for a while now. I've tried multiple scripts that are supposed to do this and run into many errors. I have a new script I found, which seems to mostly work, but it gives me this one error: Write-Error: Response status code does not indicate success: Forbidden (Forbidden). It looks like a permissions issue. I'm executing this in VSC, running under my user account, but when it connects to Graph, I'm authenticating it as my admin account, which has the following roles: I do realize how easy it is for users to follow a site, but this is one of those messed-up political situations, so I need a way to do this. After the error, it just hangs here: Add users to follow site(. [Adding user 'Ken Ce.] Here is the script I'm using: # Example: .\Add-FollowUserSite.ps1 -UsersMail "user1@[domain].com","user2@[domain].com","user3@[domain].com" -SitesUrl "https://[domain].sharepoint.com" [CmdletBinding()] param( [Parameter(Mandatory=$true,HelpMessage="List of Users Mails")] [String[]]$UsersMail=@("user1@[domain].com","user2@[domain].com","user3@[domain].com"), [Parameter(Mandatory=$true,HelpMessage="List of SharePoint Url to follow")] [String[]]$SitesUrl=@("https://[domain].sharepoint.com") ) Begin{ # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.users) { Write-Host "Microsoft Graph Users Module Already Installed" } else { try { Install-Module -Name microsoft.graph.users -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.sites) { Write-Host "Microsoft Graph Sites Module Already Installed" } else { try { Install-Module -Name microsoft.graph.sites -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Import Modules Microsoft.Graph.users and Microsoft.Graph.sites to be used Import-Module Microsoft.Graph.users Import-Module Microsoft.Graph.sites Write-Host "Connecting to Tenant" -f Yellow Connect-MgGraph -Scopes "Sites.ReadWrite.All", "User.Read.All" Write-Host "Connection Successful!" -f Green } Process{ $count = 0 $UsersMail | foreach { #Get user Graph properties $mail = $_ $user = Get-MgUser -ConsistencyLevel eventual -Count 1 -Search ([string]::Format('"Mail:{0}"',$mail)) $SitesUrl | foreach { #Get Site Graph properties $domain = ([System.Uri]$_).Host $AbsolutePath = ([System.Uri]$_).AbsolutePath $uriSite = [string]::Format('https://graph.microsoft.com/v1.0/sites/{0}:{1}',$domain,$AbsolutePath) $site = Invoke-MgGraphRequest -Method GET $uriSite #Create Body for Post request $body = @' { "value": [ { "id": "{$SiteID}" } ] } '@.Replace('{$SiteID}',$site.id) #Graph call that include user to follow site $uriFollow = [string]::Format('https://graph.microsoft.com/v1.0/users/{0}/followedSites/add',$user.Id) #Include follow option from user to SharePoint Site try{ $response = Invoke-MgGraphRequest -Method POST $uriFollow -Body $body -ContentType "application/json" Write-Host "User '$($user.DisplayName)' is following site '$($AbsolutePath)'" -f Green } catch { Write-Error $_.Exception } } $count += 1 #progress bar Write-Progress -Activity 'Add users to follow site(s)' -Status "Adding user '$($user.DisplayName)' to follow sites... ($($count)/$($UsersMail.Count))" -PercentComplete (($count / $UsersMail.Count) * 100) } } End { Disconnect-MgGraph Write-Host "Finished" -ForegroundColor Green } Any help would be greatly appreciated.
PowerShell implicit remoting without connection to server
When I start a PowerShell session on my local computer, and then run: Get-Module -Name FailoverClusters I can see that implicit remoting is used (and I can see the temporary files generated for this), and an output is generated. Needless to say that I don't have the FailoverClusters module installed anywhere on the local machine (I've verified $Env:PSModulePath as well). I don't have any connection to a server when running the command. Maybe somebody can explain to me what PowerShell is doing to find the FailoverClusters module and the cmdlets contained therein?
MGraph suddenly stops working
PS C:\Windows> Get-MGUser -All Get-MGUser : InteractiveBrowserCredential authentication failed: In Zeile:1 Zeichen:1 + Get-MGUser -All + ~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AuthenticationFailedException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgUser_List Prior to this I did a "connect-mgraph -Scopes "User.Read.All" " and authenticated myself with MFA. Did not get an error doing so. Logged in as a global administrator. Any ideas what i going wrong? I know, the error indicates Authentication Failure, but Authentication looks correct
Can I use PowerShell SecretStore for local system accounts?
I am trying to store some "system" secrets for my services running as default system accounts like "SYSTEM" and "NETWORK SERVICE". Based on my understanding, the SecretStore vault stores secrets locally on file for the current user. So it seems I can't use the tool for my project?need to create a PTR record via PS | Need your help !
Hello dear community, I am trying to update PTR records in my DNS manager using PowerShell script and I am using the below script, it works only when a reverse zone is already existing but I have a part of the code to create a reverse zone if doesn't exist. So the problem is reverse zone is not being created and script ends. Can anyone debug it for me ? or tell me what is wrong or I am ok to have a new script if the below is not right. Appreciate your help !!! :) ------------------------- param( [string]$CsvPath = "E:\dns test file.csv", [string]$DnsServer = "10.10.10.10" ) # Import required module try { Import-Module DnsServer -ErrorAction Stop } catch { Write-Error "Failed to import DnsServer module: $_" exit 1 } # Import CSV data try { $records = Import-Csv -Path $CsvPath Write-Host "Successfully imported $($records.Count) records from $CsvPath" } catch { Write-Error "Failed to import CSV: $_" exit 1 } # Initialize counters $results = @{ Success = 0 Failure = 0 Skipped = 0 Created = 0 } # Process each record foreach ($record in $records) { Write-Host "`nProcessing $($record.IPAddress) -> $($record.Hostname)" try { # Validate IP address format $octets = $record.IPAddress -split '\.' if ($octets.Count -ne 4) { throw "Invalid IP address format - must have 4 octets" } # Build reverse zone name (e.g., 10.0.0.0/24 becomes 0.0.10.in-addr.arpa) $reverseZone = "$($octets[2]).$($octets[1]).$($octets[0]).in-addr.arpa" $ptrName = $octets[3] # Last octet becomes record name # Validate and format hostname $hostname = $record.Hostname.Trim() if (-not $hostname.EndsWith('.')) { $hostname += '.' } # Check if reverse zone exists $zoneExists = Get-DnsServerZone -Name $reverseZone -ComputerName $DnsServer -ErrorAction SilentlyContinue if (-not $zoneExists) { throw "Reverse zone $reverseZone does not exist on server $DnsServer" } # Check for existing PTR record $existingPtr = Get-DnsServerResourceRecord -ZoneName $reverseZone -ComputerName $DnsServer -Name $ptrName -RRType PTR -ErrorAction SilentlyContinue if ($existingPtr) { # Check if it already points to the correct host if ($existingPtr.RecordData.PtrDomainName -eq $hostname) { Write-Host " [SKIP] PTR record already correctly points to $hostname" $results.Skipped++ continue } # Update existing record Write-Host " [UPDATE] Changing PTR from $($existingPtr.RecordData.PtrDomainName) to $hostname" $newRecord = $existingPtr.Clone() $newRecord.RecordData.PtrDomainName = $hostname Set-DnsServerResourceRecord -ZoneName $reverseZone -ComputerName $DnsServer ` -OldInputObject $existingPtr -NewInputObject $newRecord -PassThru -ErrorAction Stop $results.Success++ } else { # Create new record - FIXED SECTION Write-Host " [CREATE] Adding new PTR record for $ptrName pointing to $hostname" # Explicitly create the record object $newPtrRecord = @{ ZoneName = $reverseZone Name = $ptrName PtrDomainName = $hostname ComputerName = $DnsServer ErrorAction = 'Stop' } # Add the record with verbose output $result = Add-DnsServerResourceRecordPtr @newPtrRecord -PassThru if ($result) { Write-Host " [SUCCESS] Created PTR record:" $result | Format-List | Out-String | Write-Host $results.Created++ } else { throw "Add-DnsServerResourceRecordPtr returned no output" } } } catch { Write-Host " [ERROR] Failed to process $($record.IPAddress): $_" -ForegroundColor Red $results.Failure++ # Additional diagnostic info Write-Host " [DEBUG] Zone: $reverseZone, Record: $ptrName, Target: $hostname" if ($Error[0].Exception.CommandInvocation.MyCommand) { Write-Host " [DEBUG] Command: $($Error[0].Exception.CommandInvocation.MyCommand)" } } } # Display summary Write-Host "`nUpdate Summary:" Write-Host " Created: $($results.Created)" Write-Host " Updated: $($results.Success)" Write-Host " Skipped: $($results.Skipped)" Write-Host " Failed: $($results.Failure)" # Return results for further processing if needed $results -------------- Output what I got: Successfully imported records from E:\dns test file.csv Processing 10.0.0.10 -> test.test.sd6.glb.corp.local [ERROR] Failed to process 10.0.0.10: Reverse zone 0.0.10.in-addr.arpa does not exist on server 10.10.10.10 [DEBUG] Zone: 0.0.10.in-addr.arpa, Record: 10, Target: test.test.sd6.glb.corp.local. Update Summary: Created: 0 Updated: 0 Skipped: 0 Failed: 1 Name Value ---- ----- Created 0 Skipped 0 Failure 1 Success 0Entra PIM Role Activation
# Ensure necessary modules are installed $modules = @("DCToolbox", "Microsoft.Entra") foreach ($module in $modules) { if (-not (Get-Module -ListAvailable -Name $module)) { Install-Module -Name $module -Repository PSGallery -Scope CurrentUser -Force -AllowClobber } } # Check if msal.ps package is installed if (-not (Get-Package -Name msal.ps -ErrorAction SilentlyContinue)) { Install-Package msal.ps -Force -Confirm:$false } # Ensure Entra Authentication module is properly imported Remove-Module Microsoft.Entra.Authentication -ErrorAction SilentlyContinue Import-Module Microsoft.Entra.Authentication -Force # Connect to Entra ID with proper authentication Connect-Entra Add-Type -AssemblyName System.Windows.Forms # Create GUI Form $form = New-Object System.Windows.Forms.Form $form.Text = "EntraPIMRole Activation" $form.Size = New-Object System.Drawing.Size(350, 350) # Create Checkboxes $checkboxes = @() $labels = @("Global Administrator", "Teams Administrator", "SharePoint Administrator", "Exchange Administrator", "Billing Administrator") for ($i = 0; $i -lt $labels.Count; $i++) { $checkbox = New-Object System.Windows.Forms.CheckBox $checkbox.Text = $labels[$i] $checkbox.AutoSize = $true $checkbox.Width = 250 $checkbox.Location = New-Object System.Drawing.Point(20, (20 + ($i * 30))) $checkboxes += $checkbox $form.Controls.Add($checkbox) } # Create TextBox $textBox = New-Object System.Windows.Forms.TextBox $textBox.Location = New-Object System.Drawing.Point(20, 180) $textBox.Size = New-Object System.Drawing.Size(300, 20) $form.Controls.Add($textBox) # Create Button $button = New-Object System.Windows.Forms.Button $button.Text = "Run" $button.Location = New-Object System.Drawing.Point(20, 220) $button.Size = New-Object System.Drawing.Size(80, 30) $button.Add_Click({ $selectedOptions = $checkboxes | Where-Object { $_.Checked } | ForEach-Object { $_.Text } $inputText = $textBox.Text # Verify if the required function exists before executing if (Get-Command -Name Enable-DCEntraIDPIMRole -ErrorAction SilentlyContinue) { Enable-DCEntraIDPIMRole -RolesToActivate $selectedOptions -UseMaximumTimeAllowed -Reason $inputText [System.Windows.Forms.MessageBox]::Show("Activated Roles: $($selectedOptions -join ', ')`nReason: $inputText") } else { [System.Windows.Forms.MessageBox]::Show("Error: Enable-DCEntraIDPIMRole function not found. Ensure the correct module is installed.") } }) $form.Controls.Add($button) # Show Form $form.ShowDialog() Im trying to create a script so i can activate PIM with logon to the azure portal. But for some reason i cant get it to work. Can you all please help me out.Assigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.
When creating a new team from a template with powershell add new private channel and members
Hi All, I have a powershell script I am using to create and populate new teams from a template and add owners and users via .csv, Everything seem to work fine except the private team in the template is not copied to the new teams. Is there a way to copy the private team with its members from the template? if not how can I add a new private team and add users from a .csv file to my existing script. Import-Module Microsoft.Graph.Teams Connect-MgGraph -Scope Group.ReadWrite.All Connect-MicrosoftTeams $ProgressPreference = 'SilentlyContinue' ######################### #Variable definition: $DefaultModelTeam = "Team template ID" $MembersFilePath = "C:\Users\t130218\Desktop\owlimport_365.csv" $OwnersFilePath = "C:\Users\t130218\Desktop\TeamOwners.csv" ######################### Function CreaTeam{ param( [Parameter(Position=0)] [string]$displayName, [Parameter(Position=1)] [string]$description ) begin{ $params = @{ partsToClone = "apps,tabs,settings,channels" displayName = $displayName description = $description mailNickname = $displayName #visibility = "public" } #Disable "Crea" button in order to avoid duplicate Teams creation $btnCrea.enabled=$false #Message output and waiting time countdown for allow new Tean creation finalization $lblMessaggio.text="Creazione Team in corso..." $teamId= $txtTemplate.text Copy-MgTeam -TeamId $teamId -BodyParameter $params $lblTeamId.text = "Attendere 20 secondi" Start-Sleep -Seconds 5 $lblTeamId.text = "Attendere 15 secondi" Start-Sleep -Seconds 5 $lblTeamId.text = "Attendere 10 secondi" Start-Sleep -Seconds 5 $lblTeamId.text = "Attendere 5 secondi" Start-Sleep -Seconds 5 #The Teamid of the team that was just created can only be discovered via Team name search $newTeam= Get-MgGroup | Where-Object {$_.DisplayName -like $displayName} $lblTeamId.text=$newTeam.Id #Get Team members from the CSV $TeamUsers = Import-Csv $MembersFilePath -delimiter ";" #Iterate through each row obtained from the CSV and add to Teams as a Team member $TeamUsers | ForEach-Object { Add-TeamUser -GroupId $newTeam.id -User $_.m365_email -Role Member Write-host "Added User:"$_.m365_email -f Green } #Get Team owners from the CSV $TeamOwners = Import-Csv $OwnersFilePath -delimiter ";" #Iterate through each row obtained from the CSV and add to Teams as a Team member $TeamOwners | ForEach-Object { Add-TeamUser -GroupId $newTeam.id -User $_.m365_email -Role Owner Write-host "Added Owner:"$_.m365_email -f Green } } } Add-Type -AssemblyName System.Windows.Forms [System.Windows.Forms.Application]::EnableVisualStyles() $CorsoTeams = New-Object system.Windows.Forms.Form $CorsoTeams.ClientSize = New-Object System.Drawing.Point(1200,575) $CorsoTeams.text = "Corso Teams - Crea Struttura" $CorsoTeams.TopMost = $false $lblNomeCorso = New-Object system.Windows.Forms.Label $lblNomeCorso.text = "Nome del corso" $lblNomeCorso.AutoSize = $true $lblNomeCorso.width = 25 $lblNomeCorso.height = 10 $lblNomeCorso.location = New-Object System.Drawing.Point(40,79) $lblNomeCorso.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',10) $btnCrea = New-Object system.Windows.Forms.Button $btnCrea.text = "Crea" $btnCrea.width = 150 $btnCrea.height = 67 $btnCrea.location = New-Object System.Drawing.Point(373,298) $btnCrea.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',16) $btnChiudi = New-Object system.Windows.Forms.Button $btnChiudi.text = "Chiudi" $btnChiudi.width = 150 $btnChiudi.height = 67 $btnChiudi.location = New-Object System.Drawing.Point(628,298) $btnChiudi.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',16) $lblDataCorso = New-Object system.Windows.Forms.Label $lblDataCorso.text = "Data del corso" $lblDataCorso.AutoSize = $true $lblDataCorso.width = 25 $lblDataCorso.height = 10 $lblDataCorso.location = New-Object System.Drawing.Point(39,143) $lblDataCorso.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',10) $lblDescrizione = New-Object system.Windows.Forms.Label $lblDescrizione.text = "Descrizione (facoltativa)" $lblDescrizione.AutoSize = $true $lblDescrizione.width = 25 $lblDescrizione.height = 10 $lblDescrizione.location = New-Object System.Drawing.Point(39,210) $lblDescrizione.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',10) $txtDataCorso = New-Object system.Windows.Forms.TextBox $txtDataCorso.multiline = $false $txtDataCorso.width = 150 $txtDataCorso.height = 40 $txtDataCorso.enabled = $true $txtDataCorso.location = New-Object System.Drawing.Point(370,134) $txtDataCorso.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',20) $txtNomeTeam = New-Object system.Windows.Forms.TextBox $txtNomeTeam.multiline = $false $txtNomeTeam.width = 405 $txtNomeTeam.height = 40 $txtNomeTeam.enabled = $true $txtNomeTeam.location = New-Object System.Drawing.Point(370,75) $txtNomeTeam.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',20) $txtDescrizione = New-Object system.Windows.Forms.TextBox $txtDescrizione.multiline = $false $txtDescrizione.width = 405 $txtDescrizione.height = 40 $txtDescrizione.enabled = $true $txtDescrizione.location = New-Object System.Drawing.Point(370,210) $txtDescrizione.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',20) $btnChiudi = New-Object system.Windows.Forms.Button $btnChiudi.text = "Chiudi" $btnChiudi.width = 150 $btnChiudi.height = 67 $btnChiudi.location = New-Object System.Drawing.Point(628,298) $btnChiudi.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',16) $lblMessaggio = New-Object system.Windows.Forms.Label $lblMessaggio.text = "INSERIRE I DATI" $lblMessaggio.AutoSize = $true $lblMessaggio.width = 25 $lblMessaggio.height = 10 $lblMessaggio.location = New-Object System.Drawing.Point(40,493) $lblMessaggio.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',10) $lblTemplate = New-Object system.Windows.Forms.Label $lblTemplate.text = "Modello Team utilizzato:" $lblTemplate.AutoSize = $true $lblTemplate.width = 25 $lblTemplate.height = 10 $lblTemplate.location = New-Object System.Drawing.Point(40,400) $lblTemplate.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',8) $txtTemplate = New-Object system.Windows.Forms.TextBox $txtTemplate.multiline = $false $txtTemplate.width = 405 $txtTemplate.height = 40 $txtTemplate.enabled = $true $txtTemplate.text = $DefaultModelTeam $txtTemplate.location = New-Object System.Drawing.Point(370,400) $txtTemplate.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',14) $lblTeamId = New-Object system.Windows.Forms.Label $lblTeamId.text = "" $lblTeamId.AutoSize = $true $lblTeamId.width = 25 $lblTeamId.height = 10 $lblTeamId.location = New-Object System.Drawing.Point(540,493) $lblTeamId.Font = New-Object System.Drawing.Font('Microsoft Sans Serif',10) $CorsoTeams.controls.AddRange(@($lblNomeCorso,$btnCrea,$lblDataCorso,$txtDataCorso,$txtNomeTeam,$btnChiudi,$lblMessaggio,$lblDescrizione,$txtDescrizione, $lblTeamId,$lblTemplate,$txtTemplate )) $txtDataCorso.text=Get-Date -Format "dd/MM/yyyy" $btnCrea.Add_Click({ $NomeTeamCompleto=$txtNomeTeam.text+" - "+$txtDataCorso.text CreaTeam $NomeTeamCompleto $txtDescrizione.text $lblMessaggio.text= "Team creato - TeamId:" }) $btnChiudi.Add_Click({$CorsoTeams.Close()}) [void]$CorsoTeams.ShowDialog()
