Forum Discussion
New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list
Hi,
I've tried executing this script and I'm also getting the same error message, any update on how to resolve?
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: One or more properties contains invalid values.
InnerError:
RequestId: 3dbe4560-e2e7-47dd-9b46-f66ff31132da
DateTimeStamp: Mon, 29 Jan 2018 05:12:32 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:325 char:5
+ New-AzureADPolicy -Definition $policyValue -DisplayName B2BManagementPolicy ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
New AzureAD Policy:
Cannot index into a null array.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:330 char:1
+ PrintAllowBlockedList $currentpolicy.Definition[0];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
Hi Rob,
Thank you for the information, I've got PS 5 and now getting a different error message.
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Cannot bind argument to parameter 'Definition' because it is an empty collection.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:325 char:35
+ New-AzureADPolicy -Definition @policyValue -DisplayName B2BManage ...
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-AzureADPolicy], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyCollectionNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
New AzureAD Policy:
Cannot index into a null array.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:330 char:1
+ PrintAllowBlockedList $currentpolicy.Definition[0];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
Monika BislaMicrosoft
Hi Prabhakar,
Can you please provide following details in order to investigate this issue further?
1. Output of your current Policy using following command:
.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
2. The exact command which you are using for updating the policy.
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
4. Can you capture the fiddler traces while running the command and provide the same if possible.
Thanks,
Monika
Hi Monika,
Thanks for your update, please find the details accordingly.
1. Output of your current Policy using following command:.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Query
No policy found for Allow/Block domain list in AzureAD.2. The exact command which you are using for updating the policy.
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("abctest.com")
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
PS D:\dlp> Get-Module -ListAvailable AzureAD*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2.0.0.137 AzureADPreview {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-...4. Can you capture the fiddler traces while running the command and provide the same if possible
Unable to attach the fiddler file.
Adding Sarat Subramaniam for trouble shooting help.
