Forum Discussion
Unable to get groups with POSH
I am getting the same error and stacktrace is similar. Has anyone figured this one out yet?
Get-PnPUnifiedGroup : Exception of type 'Microsoft.Graph.ServiceException' was thrown.
At C:\Users\rvanandel\SharePoint\SharePoint Migration Project - Docu\Engagement Sites\create-engagement.ps1:38 char:14
+ $group = Get-PnPUnifiedGroup -Identity $groupName -Verbose;
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-PnPUnifiedGroup], ServiceException
+ FullyQualifiedErrorId : Microsoft.Graph.ServiceException,SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup
at Microsoft.Graph.HttpProvider.<SendAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.<SendRequestAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.<SendAsync>d__32`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.GraphServiceGroupsCollectionRequest.<GetAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass12_0.<<ListUnifiedGroups>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.ListUnifiedGroups(String accessToken, String displayName, String mailNickname, Int32 startIndex, Int32 end
Index, Boolean includeSite, Int32 retryCount, Int32 delay)
at SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup.ExecuteCmdlet()
at System.Management.Automation.CommandProcessor.ProcessRecord()
I fixed my issue. Turns out my app needed more permissions than the documentation let on. I needed these permissions
Delegated Permissions
- Sites.Read.All
- User.Read
- Directory.Read.all
- Group.Read.All
- Group.ReadWrite.All
- User.Read.All
Application Permissions
- Directory.Read.All
- Group.ReadWrite.All
- User.Read.All
I'm not 100% I need the Sites.Read.All, though. I haven't gone back to test that. I'm just happy to finally have it working.
- Rory CollinsSep 14, 2017Copper Contributor
I've created an App registration via: https://apps.dev.microsoft.com (still trying to determine how/why this is different than creating a registration directly in AzureAD), and granted ALL of the Group and User related permissions to Graph (not just the ones specified above).
However, I'm seeing some interesting (and inconsistent) behavior in using the Get-PnPUnifiedGroup command.
Scenario 1: When I connect without using the app registration I created, using Connect-PnPMicrosoftGraph -Scopes "Group.ReadWrite.All", then authenticating using an O365 account with a Global Admin role.
When I run Get-PnPUnifiedGroup without parameters, I get the exception identified in this thread. However, if I attempt to specify a group, it does return a value, but for some reason, is not able to show the value for the Site URL. If Site URL is a property of the group object, I can't understand how I would possibly get an access denied message:
DisplayName Group Id Site URL
----------- -------- --------
The A Team 61987e15-6b1f-4e4a-8d19-b762c3b5a149 Access denied. You do not have perm...
Scenario 2: When I connect (successfully...I can confirm by running Get-PnPAccessToken) using the app registration I created and I attempt to run the Get-PnPUnifiedGroup command with or without paramenters, I get the exception in both scenarios.
Has anyone else experienced this behavior and/or have any thoughts on a solution?
- Erik_AvegaartFeb 28, 2020Copper Contributor
We are using a script to check Unified groups, Last week it worked, but as of today we get the error:
"The service is not available. Try the request again after a delay. There may be a Retry-After header."
for SiteUrl.
Anyone an idea?