Unable to get groups with POSH

Silver Contributor

I am getting the following error. Can someone please tell me what I'm doing wrong? I'm a Global admin in the tenant.

 

Connect-PnPMicrosoftGraph -Scopes "Group.ReadWrite.All","User.Read.All"

PS C:\Scripts> Get-PnPUnifiedGroup
Get-PnPUnifiedGroup : Exception of type 'Microsoft.Graph.ServiceException' was thrown.
At line:1 char:1
+ Get-PnPUnifiedGroup
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-PnPUnifiedGroup], ServiceException
    + FullyQualifiedErrorId : Microsoft.Graph.ServiceException,SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup

13 Replies
Does the std Get-UnifiedGroup powershell cmdlets work?
yes, that works correctly.

adding @Vesa Juvonen 

For what it is worth, I literally just installed PNP PowerShell yesterday to start playing with it, copied and pasted your code and it ran just fine. So the syntax is at least right.

ok, thanks, I just tried again and got the same error.

BTW, PNP PowerShell is fantastic. @Erwin van Hunen has done an amazing job

Hi Dean,

 

I just tried here but I get no errors. If you execute the cmdlet as said, and if you still receive the error, can you enter 

 

$error[0].Exception.StackTrace

 

and post that?

@Erwin van Hunen thanks for the suggestion. This is what I get. I don't understand what this means, does it provide you any clues?

 

PS C:\> $error[0].Exception.StackTrace
   at Microsoft.Graph.HttpProvider.<SendAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.BaseRequest.<SendRequestAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.BaseRequest.<SendAsync>d__32`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.DriveRequest.<GetAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass3_0.<<GetUnifiedGroupSiteUrl>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.GetUnifiedGroupSiteUrl(String groupId, String accessToken, Int32 retryCount, Int32 delay)
   at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass10_0.<<ListUnifiedGroups>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.ListUnifiedGroups(String accessToken, String displayName, String mailNickname, Int32 startIndex, Int32 endIndex, Boole
an includeSite, Int32 retryCount, Int32 delay)
   at SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup.ExecuteCmdlet()
   at System.Management.Automation.CommandProcessor.ProcessRecord()

Dear all,

 

I have the same issue and desperately looking for a solution...

 

2017-03-28 11_55_44-Administrator_ Windows PowerShell ISE.png

I still can use the MS cmdlet

2017-03-28 11_57_05-Administrator_ Windows PowerShell ISE.png

Help please?

And this is the output for the stack trace

 

PS C:\GitHub\ACEA\PowerShell\Scripts> $error[0].Exception.StackTrace

at Microsoft.Graph.HttpProvider.<SendAsync>d__19.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Graph.BaseRequest.<SendRequestAsync>d__34.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Graph.BaseRequest.<SendAsync>d__32`1.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Graph.DriveRequest.<GetAsync>d__6.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass3_0.<<GetUnifiedGroupSiteUrl>b__0>d.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.GetUnifiedGroupSiteUrl(String groupId, String accessToken, Int32 re

tryCount, Int32 delay)

at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass10_0.<<ListUnifiedGroups>b__0>d.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.ListUnifiedGroups(String accessToken, String displayName, String ma

ilNickname, Int32 startIndex, Int32 endIndex, Boolean includeSite, Int32 retryCount, Int32 delay)

at SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup.ExecuteCmdlet()

at System.Management.Automation.CommandProcessor.ProcessRecord()

 

I am getting the same error and stacktrace is similar.  Has anyone figured this one out yet?

 

Get-PnPUnifiedGroup : Exception of type 'Microsoft.Graph.ServiceException' was thrown.
At C:\Users\rvanandel\SharePoint\SharePoint Migration Project - Docu\Engagement Sites\create-engagement.ps1:38 char:14
+ $group = Get-PnPUnifiedGroup -Identity $groupName -Verbose;
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-PnPUnifiedGroup], ServiceException
+ FullyQualifiedErrorId : Microsoft.Graph.ServiceException,SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup

at Microsoft.Graph.HttpProvider.<SendAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.<SendRequestAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.<SendAsync>d__32`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.GraphServiceGroupsCollectionRequest.<GetAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.<>c__DisplayClass12_0.<<ListUnifiedGroups>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at OfficeDevPnP.Core.Framework.Graph.UnifiedGroupsUtility.ListUnifiedGroups(String accessToken, String displayName, String mailNickname, Int32 startIndex, Int32 end
Index, Boolean includeSite, Int32 retryCount, Int32 delay)
at SharePointPnP.PowerShell.Commands.Graph.GetUnifiedGroup.ExecuteCmdlet()
at System.Management.Automation.CommandProcessor.ProcessRecord()

 

I fixed my issue.  Turns out my app needed more permissions than the documentation let on.  I needed these permissions

Delegated Permissions

  • Sites.Read.All
  • User.Read
  • Directory.Read.all
  • Group.Read.All
  • Group.ReadWrite.All
  • User.Read.All

Application Permissions

  • Directory.Read.All
  • Group.ReadWrite.All
  • User.Read.All

I'm not 100% I need the Sites.Read.All, though. I haven't gone back to test that. I'm just happy to finally have it working.

 

 

I've created an App registration via: https://apps.dev.microsoft.com (still trying to determine how/why this is different than creating a registration directly in AzureAD), and granted ALL of the Group and User related permissions to Graph (not just the ones specified above).

 

However, I'm seeing some interesting (and inconsistent) behavior in using the Get-PnPUnifiedGroup command.

 

Scenario 1: When I connect without using the app registration I created, using Connect-PnPMicrosoftGraph -Scopes "Group.ReadWrite.All", then authenticating using an O365 account with a Global Admin role.

When I run Get-PnPUnifiedGroup without parameters, I get the exception identified in this thread.  However, if I attempt to specify a group, it does return a value, but for some reason, is not able to show the value for the Site URL.  If Site URL is a property of the group object, I can't understand how I would possibly get an access denied message:

DisplayName                   Group Id                               Site URL

-----------                   --------                               --------

The A Team                     61987e15-6b1f-4e4a-8d19-b762c3b5a149   Access denied. You do not have perm...

 

Scenario 2: When I connect (successfully...I can confirm by running Get-PnPAccessToken) using the app registration I created and I attempt to run the Get-PnPUnifiedGroup command with or without paramenters, I get the exception in both scenarios.

 

Has anyone else experienced this behavior and/or have any thoughts on a solution?

@Rory Collins 

We are using a script to check Unified groups, Last week it worked, but as of today we get the error:

"The service is not available. Try the request again after a delay. There may be a Retry-After header."

for SiteUrl. 

Anyone an idea?