Forum Widgets
Latest Discussions
Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyID. How to get the ID?
Hello! I am trying to copy an Intune App Protection Policy so I can edit it and apply it to a different group of users. I've cobbled together the below script from other examples but it doesn't work because I am not able to find the -ManagedAppPolicyID that it wants. I've not been able to find it anywhere in Intune. I've not been able to find a PowerShell cmdlet that will list it either. Does anyone know how I can make this work? Or another way to do it? Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" $policyId = "<Insert App Policy ID>" $appProtectionPolicy = Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyId $policyId $newPolicy = $appProtectionPolicy | Select-Object * -ExcludeProperty Id, CreatedDateTime, Version, LastModifiedDateTime $newPolicy.DisplayName = "Copy of $($newPolicy.DisplayName)" New-MgDeviceAppManagementMobileAppConfiguration -Data $newPolicy Get-MgDeviceAppManagementManagedAppPolicy -Filter "displayName eq '$($newPolicy.DisplayName)'"
Remove computers from multiple domains from one AD group
Hello! I've tried a couple of scripts I found and still cannot remove these computers from this one AD group. The script I'm currently using is: # Import the Active Directory module Import-Module ActiveDirectory # List of device names to be removed $computers = @( "machine1.domain1", "machine2.domain2" ) # Loop through each device name in the list foreach ($computer in $computers) { # Get the device object from Active Directory $computer = Get-ADComputer -Identity $computer -ErrorAction SilentlyContinue # Check if the device exists if ($computer) { # Remove the device from Active Directory get-adcomputer $computer | remove-adobject -recursive -Confirm:$false Write-Host "Removed device $computer from Active Directory." } else { Write-Host "Device $computer not found in Active Directory." } } The errors I get is the object cannot be found and it always lists Domain1. I'm pretty new to PS so would appreciate any guidance!
MGraph suddenly stops working
PS C:\Windows> Get-MGUser -All Get-MGUser : InteractiveBrowserCredential authentication failed: In Zeile:1 Zeichen:1 + Get-MGUser -All + ~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AuthenticationFailedException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgUser_List Prior to this I did a "connect-mgraph -Scopes "User.Read.All" " and authenticated myself with MFA. Did not get an error doing so. Logged in as a global administrator. Any ideas what i going wrong? I know, the error indicates Authentication Failure, but Authentication looks correct.Net mail message, PowerShell and Microsoft Purview Infrmation Protection
I have a PowerShell script that using the .net mail message to send emails. We want to restrict some of those emails to a certain sensitivity (we call it classification) and restrict it to only internal users (which this label does when sending via Outlook). I have looked at a number of ways to do this but haven't come up with anything that works. Here are the issues: The smtp server is NOT in Office 365. The PowerShell window is opened as an admin account so using an Outlook interface might not work. Currently, I have it set to send remotly (A session is created with the server that is whitelisted and it actually sends the message). Any information would be of great assistance.
PowerShell Script Failing with Auth Header and 500 Internal Server Error for REST API
Hi everyone, I'm encountering multiple issues with the PowerShell script that interacts with a REST API to execute batch jobs in FDMEE. The script is supposed to send an HTTP request with a Basic Authorization header, but I'm facing the following problems: "Invalid or Missing Authorization Header" Error: When I visit the API URL directly in the browser, I get: { "links": [], "status": 9, "details": "EPMFDM-ERROR: Invalid or Missing Authorization Header in request" } 2."Internal Server Error (500)": When running the script, it often goes to the catch block and displays a 500 Internal Server Error. Here's the error message I receive in PowerShell: PS>TerminatingError(Invoke-RestMethod): "Request failed." Error encountered in PowerShell Script. Here is the script I'm using: #HTTP Basic Authorization. Contains encrypted username and password encoded to base64 string. $headers = @{Authorization = 'Basic encryptedpassword';} # Set parameter values $jobName = $args[0] $uri = http://server.comm.iocs.address.com:0000/aif/rest/V1/jobs # Monitor status of current batch run Write-Output "Checking Job Status..." Start-Sleep -Seconds 5 $restResponse = Invoke-RestMethod -Uri $uri -Method Get -Headers $headers -ContentType "application/json" $lastJobID = $restResponse.items[0].jobID $payload = @{ jobType = "BATCH" jobName = $jobName } | ConvertTo-Json # Establish REST connection and execute batch job using REST API $restResponse = Invoke-RestMethod -Uri $uri -Method Post -Body $payload -Headers $headers -ContentType "application/json" $uri = $restResponse.links[0].href # Display initial status of batch Write-Output "See below status of batch run..." $restResponse = Invoke-RestMethod -Uri $uri -Method Get -Headers $headers -ContentType "application/json" $currentJobID = $restResponse.jobID Write-Output "Last Job ID: $lastJobID" Write-Output "Current Job ID: $currentJobID" } catch { Write-Output "Error encountered in PowerShell Script.." Write-Output $_.Exception.Message if ($_.InvocationInfo) { Write-Output "Error in script: $($_.InvocationInfo.ScriptName)" Write-Output "Error on line: $($_.InvocationInfo.ScriptLineNumber)" Write-Output "Error in command: $($_.InvocationInfo.Line)" } if ($_.Exception.Response) { Write-Output "HTTP Status Code: $($_.Exception.Response.StatusCode.Value__)" Write-Output "Status Description: $($_.Exception.Response.StatusDescription)" Write-Output "Response Content: $($_.Exception.Response.Content)" } exit 1 } Despite my efforts, the request still fails with the "Invalid or Missing Authorization Header" error and occasionally hits a 500 Internal Server Error. Here are the steps I've taken to debug the issues: Checked Base64 Encoding: Confirmed that the credentials are correctly encoded in Base64. Verified Header Format: Ensured that the Authorization header is correctly formed and included in the request. Tested with Postman: Manually tested the API request with Postman using the same Authorization header, and I'm getting the same header authorization error. Added Detailed Error Logging: Included more detailed error logging in the catch block to capture HTTP status codes and response content. I'm looking for advice on what might be causing these issues in the PowerShell script and how I can resolve them. Any insights or suggestions would be greatly appreciated!
Purview -> Powershell
i need to export some users their data before their licenses are removed. It is about 60 users, so i would rather user powershell instead of the purview portal to automate the job. So i have been playing around with the commandlets, to get an idea to build the script. The strange thing is what i see in Powershell is not represented in the Purview portal. We had an older compliance case which was no longer used. I tried to remove the compliance case by the Purview portal, but nothing happens when clicking "delete case" or "close case". i then reverted back to PowerShell by using the Remove-ComplianceCase "$CaseName", where the compliance case was successfully removed. When running the Get-ComplianceCase, i can see that the old compliance case is indeed removed, however the removed compliance case is still present in the Purview portal even several hours after deleting the case with PowerShell. Then started to play around with a new compliance search New-ComplianceSearch -Name "$($TargetMailbox.displayName) License Cleanup" -ExchangeLocation "$($TargetMailbox.PrimarySmtpAddress)" -Case "License Cleanup" -SharePointlocation "$($PNPPersonalSite.url)" after refreshing a couple of times i could see the compliance search in the purview portal. Then started the compliance search by using the Start-ComplianceSeacrh commandlet and verified that the search status was completed: Get-compliancesearch "$($TargetMailbox.displayName) License Cleanup" | select status However in the Purview portal no statistics were shown (not available yet). Didn't spend to much attention as i already saw discrepancies between the purview portal and what i saw in Powershell, so continued exporting compliance search with a compliance search action to export the data in the process manager New-ComplianceSearchAction -SearchName ""$($TargetMailbox.displayName)" -Export Can successfully retrieve the compliancesearch action in Powershell and can see that the status is completed, but fail to retrieve the export in the purview portal. Get-ComplianceSearchAction -case "License CleanUp" -includecredential | fl Did not achieve a way in downloading the export results via PowerShell, but would already be pretty pleased if i could achieve the first two steps via PowerShell. But as i am unable to retrieve the export in the Purview portal, i am afraid that i am still stuck. I can create an export in the Purview portal from the compliance search i created in Powershell. Can anyone please explain me the issue with the discrepancies between what i see in PowerShell and the Purview Portal and is it possible to see the exports created in powershell in the purview portal? And is it feasible to download the export from Powershell as well (Start-Process)?
Connecting to multiple Microsoft services with the same session
Hi guys. Working on a script that needs to connect to ExchangeOnlineManagement, TeamsOnlineManagement, SharePointOnlineManagement.... The script will be used across many different tenants, and I also plan to make it publicly available, so 1) I don't really want to pre-configure some complicated key setup and 2) I don't really want to have login pop-ups over and over again... For ExchangeOnline, I learned (accidentally), if I do this: $upn = Read-Host -Prompt "input yer wahawha" Connect-ExchangeOnline -userprimaryname $upn Connect-IPPSsession -userprimaryname $upn And login to MY tenant, I don't get prompted for login. I think likely because my device is Entra-joined, and it's using my Microsoft account. But even if I use a different account, it will only prompt me once - reusing it for the other. This is great, and exactly how I wanted things to flow - but now I'm trying to do Connect-SPOService (sharepoint) and Connect-MicrosoftTeams... and while both of these are part of the tenant, they don't take the -userprimaryname param - so I can specify to use the account I'm logged into my PC with.. The end-goal is to have this script run with minimal user input. I've SORT OF found a workaround for SharePoint, where I can get the SharePointSite from ExchangeOnline, then modify it a bit and use it as input for Connect-SPOService... but Teams, while it doesn't have the URL param requirement, DOES prompt me to login again. Is there a way to use the existing session for either of these, like I've done with ExchangeOnline / IPPSSession? We have MFA enabled, though not required from within our company network - but when I try to use Get-Credential, it errors me out because it wants MFA.
Adding AD users to a specific security group
Hi Everyone, Sorry if this question has already been asked as I couldn't find an answer. I’m trying to write a PowerShell script that runs as a scheduled task to add AD users to a specific AD security group. The goal is for this to run daily. The script will first check the users' OU to determine if they are already members of the security group. If they are, it will skip them; if they are not members, it will add them to the group. I have created the following script, but I’m unsure if it's the best approach. Additionally, can this script be executed on a server that doesn’t have Active Directory installed? If AD must be installed, would it be ideal to run it on a Domain Controller? # Check if Active Directory module is already imported, import only if necessary if (-not (Get-Module -Name ActiveDirectory)) { Import-Module ActiveDirectory } # Define the base OU and security group $BaseOU = "OU=W11_USERS,DC=W11,DC=NET" $SecurityGroup = "HR" # Get all users from W11_USERS and its sub-OUs $Users = Get-ADUser -SearchBase $BaseOU -SearchScope Subtree -Filter * # Loop through each user and check group membership before adding foreach ($User in $Users) { $UserDN = $User.DistinguishedName # Check if user is already a member of HR $IsMember = Get-ADGroupMember -Identity $SecurityGroup | Where-Object { $_.DistinguishedName -eq $UserDN } if (-not $IsMember) { Try { Add-ADGroupMember -Identity $SecurityGroup -Members $User -ErrorAction Stop Write-Host "Added $($User.SamAccountName) to $SecurityGroup" -ForegroundColor Green } Catch { Write-Host "Failed to add $($User.SamAccountName): $_" -ForegroundColor Red } } else { Write-Host "$($User.SamAccountName) is already a member of $SecurityGroup" -ForegroundColor Yellow } } Write-Host "User addition process completed."
