AK-47-b
Apr 07, 2022Copper Contributor
Filter issue
Hi all, I can't work out why this filter errors.
$LastLogin = Get-AzureADAuditSignInLogs -All $true -Top 1 -Filter "userDisplayName eq '$UserDisplayName'" -ErrorAction SilentlyContinue | Select createdDateTime
If I check that the variable is correctly populated, it is.
If I manually add the userDisplayName that I extract from the variable it works.
The error is claiming it's a filter issue.
Get-AzureADAuditSignInLogs : Error occurred while executing GetAuditSignInLogs
Code: BadRequest
Message: Invalid filter clause
InnerError:
RequestId: 2e875adc-cd60-4323-bcac-b224ee74419a
DateTimeStamp: Thu, 07 Apr 2022 02:09:10 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At C:\Users\xxx\AAD_UserAudit.ps1:12 char:18
+ ... LastLogin = Get-AzureADAuditSignInLogs -All $true -Top 1 -Filter "use ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADAuditSignInLogs], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.GetAuditSignInLogs
I would appreciate any ideas you might have to sort this one out.
- Thanks for taking an interest. As it turns out, after many hours of research, I am facing two distinct issues. The first, on the filter error appears to be a known and old bug in AzureAD Preview module. The second is due to Graph API limits. So I'll be editing the script to be less aggressive and slow down the call rate, and hope that at the slower rate it allows the filters to be parsed correctly.
Thanks for taking an interest in helping.