Forum Discussion
Sahil Arora
Microsoft
MicrosoftNew Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list
We are happy to announce the world wide roll-out of Allow/Block list support for guest access in O365 Groups. With this feature, IT Admins can set-up a list of domains to
Allow guest users of spe...
I'm trying to use this script, but initially I was getting an error for line 325, about an invalid parameter -InformationAction - so I removed that parameter.
Running:
Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("contoso.com")
I now get:
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: One or more properties contains invalid values.
InnerError:
RequestId: f7c9e44f-ffac-4f2a-8ff2-627ce077bd15
DateTimeStamp: Thu, 18 Jan 2018 14:57:19 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At C:\users\XXXXX\Downloads\PowerShell\365Groups\Set-GuestAllowBlockDomainPolicy.ps1:325 char:5
+ New-AzureADPolicy -Definition $policyValue -DisplayName B2BManagementPolicy ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
New AzureAD Policy:
Cannot index into a null array.
Any thoughts please?
Running:
Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("contoso.com")
I now get:
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: One or more properties contains invalid values.
InnerError:
RequestId: f7c9e44f-ffac-4f2a-8ff2-627ce077bd15
DateTimeStamp: Thu, 18 Jan 2018 14:57:19 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At C:\users\XXXXX\Downloads\PowerShell\365Groups\Set-GuestAllowBlockDomainPolicy.ps1:325 char:5
+ New-AzureADPolicy -Definition $policyValue -DisplayName B2BManagementPolicy ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
New AzureAD Policy:
Cannot index into a null array.
Any thoughts please?
Hi,
I've tried executing this script and I'm also getting the same error message, any update on how to resolve?
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: One or more properties contains invalid values.
InnerError:
RequestId: 3dbe4560-e2e7-47dd-9b46-f66ff31132da
DateTimeStamp: Mon, 29 Jan 2018 05:12:32 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:325 char:5
+ New-AzureADPolicy -Definition $policyValue -DisplayName B2BManagementPolicy ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
New AzureAD Policy:
Cannot index into a null array.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:330 char:1
+ PrintAllowBlockedList $currentpolicy.Definition[0];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
- I had a support case open with MS, and they found that it was because I was using PowerShell 4 (on Windows 7) - I updated to PowerShell 5, and the script then ran fine.
Hi Rob,
Thank you for the information, I've got PS 5 and now getting a different error message.
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Cannot bind argument to parameter 'Definition' because it is an empty collection.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:325 char:35
+ New-AzureADPolicy -Definition @policyValue -DisplayName B2BManage ...
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-AzureADPolicy], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyCollectionNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
New AzureAD Policy:
Cannot index into a null array.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:330 char:1
+ PrintAllowBlockedList $currentpolicy.Definition[0];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
Monika BislaHi Prabhakar,
Can you please provide following details in order to investigate this issue further?
1. Output of your current Policy using following command:
.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
2. The exact command which you are using for updating the policy.
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
4. Can you capture the fiddler traces while running the command and provide the same if possible.
Thanks,
Monika
