Forum Discussion
aammirmirza
Oct 14, 2020Copper Contributor
Connect-MsolService -AdGraphAccessToken $token
I am planning for automation that requires to frequently fetch DELETED users using the below command line. With the collected data I perform cleanup in AzDO.
$deletedUsersfromAAD = (Get-MsolUser -ReturnDeletedUser -EnabledFilter EnabledOnly -MaxResults 500 | Where-Object { $_.SoftDeletionTimestamp.ToString("MM-dd-yyyy") -gt $limit } | Sort-Object -Property $_.SoftDeletionTimestamp)
But when I running the pipeline it stuck at Connect-MsolService because everytime login window pop-up for authentication. How can I bypass the pop-up authentication while using ¨Connect-MsolService¨.
Or it will be great if there is alternative to fetch only deleted (soft deleted) AAD users list, instead of indexing entire AAD.
Or it will be great if there is alternative to fetch only deleted (soft deleted) AAD users list, instead of indexing entire AAD.
Last time I toyed with this, you needed to use both -AdGraphAccessToken and -MsGraphAccessToken to make it work.
- nExoRCopper Contributor
...how to generate these tokens? any link for document or something that help to understand the process?
thx
- nExoRCopper Contributor
VasilMichev after reviewing numerous articles i was able to write some code, i have no problem with MSGraphToken but it fails on ADGraphToken. i'm not sure if i create it correctly. if you managed to somehow use this method i'd appreciate if you share code.
i as well found that: https://github.com/Azure/azure-docs-powershell-azuread/issues/246 but i don't understand if you can logon using both tokens or it is not working any more...
what i was able to do:
$TenantId = '********'$ClientId = '*********'$ClientSecret = '**********'$MSGraphBody = @{'tenant' = $TenantId'client_id' = $ClientId'scope' = 'https://graph.microsoft.com/.default''client_secret' = $ClientSecret'grant_type' = 'client_credentials'}$MSParams = @{'Method' = 'Post''Body' = $MSGraphBody'ContentType' = 'application/x-www-form-urlencoded'}$ADGraphBody = @{'tenant' = $TenantId'client_id' = $ClientId'scope' = 'https://graph.windows.net/.default''client_secret' = $ClientSecret'grant_type' = 'client_credentials'}$ADParams = @{'Method' = 'Post''Body' = $ADGraphBody'ContentType' = 'application/x-www-form-urlencoded'}$ADAuthResponse = Invoke-RestMethod @ADParams$MSAuthResponse = Invoke-RestMethod @MSParamsConnect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token -MsGraphAccessToken $MSAuthResponse.access_token+ Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService