Forum Discussion
Connect-MsolService -AdGraphAccessToken $token
I am planning for automation that requires to frequently fetch DELETED users using the below command line. With the collected data I perform cleanup in AzDO. $deletedUsersfromAAD = (Get-MsolUser...
...how to generate these tokens? any link for document or something that help to understand the process?
thx
VasilMichev after reviewing numerous articles i was able to write some code, i have no problem with MSGraphToken but it fails on ADGraphToken. i'm not sure if i create it correctly. if you managed to somehow use this method i'd appreciate if you share code.
i as well found that: https://github.com/Azure/azure-docs-powershell-azuread/issues/246 but i don't understand if you can logon using both tokens or it is not working any more...
what i was able to do:
$TenantId = '********'
$ClientId = '*********'
$ClientSecret = '**********'
$MSGraphBody = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
$MSParams = @{
'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $MSGraphBody
'ContentType' = 'application/x-www-form-urlencoded'
}
$ADGraphBody = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = 'https://graph.windows.net/.default'
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
$ADParams = @{
'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $ADGraphBody
'ContentType' = 'application/x-www-form-urlencoded'
}
$ADAuthResponse = Invoke-RestMethod @ADParams
$MSAuthResponse = Invoke-RestMethod @MSParams
Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token -MsGraphAccessToken $MSAuthResponse.access_token
+ Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService
Did you (or anyone else) find a solution to this issue?
I'm trying to run a few msol commands in a script to collect information, and need to use a spn/access token to authenticate.
- Is this still not possible?
