Connect-MsolService -AdGraphAccessToken $token

%3CLINGO-SUB%20id%3D%22lingo-sub-1780932%22%20slang%3D%22en-US%22%3EConnect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1780932%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20planning%20for%20automation%20that%20requires%20to%20frequently%20fetch%20DELETED%20users%20using%20the%20below%20command%20line.%20With%20the%20collected%20data%20I%20perform%20cleanup%20in%20AzDO.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%24deletedUsersfromAAD%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B(%3C%2FSPAN%3E%3CSPAN%3EGet-MsolUser%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-ReturnDeletedUser%26nbsp%3B-EnabledFilter%26nbsp%3BEnabledOnly%26nbsp%3B-MaxResults%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E500%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EWhere-Object%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24_%3C%2FSPAN%3E%3CSPAN%3E.SoftDeletionTimestamp.ToString%3C%2FSPAN%3E%3CSPAN%3E(%3C%2FSPAN%3E%3CSPAN%3E%22MM-dd-yyyy%22%3C%2FSPAN%3E%3CSPAN%3E)%26nbsp%3B-gt%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24limit%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7D%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3ESort-Object%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-Property%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24_%3C%2FSPAN%3E%3CSPAN%3E.SoftDeletionTimestamp%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EBut%20when%20I%20running%20the%20pipeline%20it%20stuck%20at%20Connect-MsolService%20because%20everytime%20login%20window%20pop-up%20for%20authentication.%20How%20can%20I%20bypass%20the%20pop-up%20authentication%20while%20using%20%C2%A8Connect-MsolService%C2%A8.%3CBR%20%2F%3E%3CBR%20%2F%3EOr%20it%20will%20be%20great%20if%20there%20is%20alternative%20to%20fetch%20only%20deleted%20(soft%20deleted)%20AAD%20users%20list%2C%20instead%20of%20indexing%20entire%20AAD.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1780932%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1782386%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1782386%22%20slang%3D%22en-US%22%3E%3CP%3ELast%20time%20I%20toyed%20with%20this%2C%20you%20needed%20to%20use%20both%26nbsp%3B-AdGraphAccessToken%20and%20-MsGraphAccessToken%20to%20make%20it%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2035939%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2035939%22%20slang%3D%22en-US%22%3E%3CP%3E...how%20to%20generate%20these%20tokens%3F%20any%20link%20for%20document%20or%20something%20that%20help%20to%20understand%20the%20process%3F%3C%2FP%3E%3CP%3Ethx%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2038029%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2038029%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bafter%20reviewing%20numerous%20articles%20i%20was%20able%20to%20write%20some%20code%2C%20i%20have%20no%20problem%20with%20MSGraphToken%20but%20it%20fails%20on%20ADGraphToken.%20i'm%20not%20sure%20if%20i%20create%20it%20correctly.%20if%20you%20managed%20to%20somehow%20use%20this%20method%20i'd%20appreciate%20if%20you%20share%20code.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20as%20well%20found%20that%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-docs-powershell-azuread%2Fissues%2F246%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-docs-powershell-azuread%2Fissues%2F246%3C%2FA%3E%20but%20i%20don't%20understand%20if%20you%20can%20logon%20using%20both%20tokens%20or%20it%20is%20not%20working%20any%20more...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhat%20i%20was%20able%20to%20do%3A%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%24TenantId%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'********'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%24ClientId%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'*********'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%24ClientSecret%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'**********'%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24MSGraphBody%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%40%3C%2FSPAN%3E%7B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'tenant'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24TenantId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'client_id'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24ClientId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'scope'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2F.default%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2F.default%3C%2FA%3E'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'client_secret'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24ClientSecret%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'grant_type'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'client_credentials'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%7D%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24MSParams%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%40%3C%2FSPAN%3E%7B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Uri'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%22%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2F%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%3E%24TenantId%3C%2FSPAN%3E%3CSPAN%3E%2Foauth2%2Fv2.0%2Ftoken%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Method'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'Post'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Body'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24MSGraphBody%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'ContentType'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'application%2Fx-www-form-urlencoded'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%7D%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24ADGraphBody%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%40%3C%2FSPAN%3E%7B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'tenant'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24TenantId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'client_id'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24ClientId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'scope'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'%3CA%20href%3D%22https%3A%2F%2Fgraph.windows.net%2F.default%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.windows.net%2F.default%3C%2FA%3E'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'client_secret'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24ClientSecret%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'grant_type'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'client_credentials'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%7D%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24ADParams%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%40%3C%2FSPAN%3E%7B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Uri'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%22%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2F%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%3E%24TenantId%3C%2FSPAN%3E%3CSPAN%3E%2Foauth2%2Fv2.0%2Ftoken%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Method'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'Post'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'Body'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E%24ADGraphBody%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CSPAN%3E'ContentType'%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3E'application%2Fx-www-form-urlencoded'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%7D%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24ADAuthResponse%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3EInvoke-RestMethod%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E%40ADParams%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%24MSAuthResponse%3C%2FSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3CSPAN%3EInvoke-RestMethod%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E%40MSParams%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EConnect-MsolService%3C%2FSPAN%3E%26nbsp%3B-AdGraphAccessToken%26nbsp%3B%3CSPAN%3E%24ADAuthResponse%3C%2FSPAN%3E%3CSPAN%3E.access_token%3C%2FSPAN%3E%26nbsp%3B-MsGraphAccessToken%26nbsp%3B%3CSPAN%3E%24MSAuthResponse%3C%2FSPAN%3E%3CSPAN%3E.access_token%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%20color%3D%22%23FF0000%22%3E%3CSPAN%3E%2B%20Connect-MsolService%20-AdGraphAccessToken%20%24ADAuthResponse.access_token%20...%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%2B%20CategoryInfo%20%3A%20OperationStopped%3A%20(%3A)%20%5BConnect-MsolService%5D%2C%20MicrosoftOnlineException%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20Microsoft.Online.Administration.Automation.InvalidHeaderException%2CMicrosoft.Online.Administration.Automation.ConnectMsolService%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
New Contributor

I am planning for automation that requires to frequently fetch DELETED users using the below command line. With the collected data I perform cleanup in AzDO.

 

$deletedUsersfromAAD = (Get-MsolUser -ReturnDeletedUser -EnabledFilter EnabledOnly -MaxResults 500 | Where-Object { $_.SoftDeletionTimestamp.ToString("MM-dd-yyyy") -gt $limit }  | Sort-Object -Property $_.SoftDeletionTimestamp)
 
But when I running the pipeline it stuck at Connect-MsolService because everytime login window pop-up for authentication. How can I bypass the pop-up authentication while using ¨Connect-MsolService¨.

Or it will be great if there is alternative to fetch only deleted (soft deleted) AAD users list, instead of indexing entire AAD.
3 Replies

Last time I toyed with this, you needed to use both -AdGraphAccessToken and -MsGraphAccessToken to make it work.

...how to generate these tokens? any link for document or something that help to understand the process?

thx

@Vasil Michev after reviewing numerous articles i was able to write some code, i have no problem with MSGraphToken but it fails on ADGraphToken. i'm not sure if i create it correctly. if you managed to somehow use this method i'd appreciate if you share code.

 

i as well found that: https://github.com/Azure/azure-docs-powershell-azuread/issues/246 but i don't understand if you can logon using both tokens or it is not working any more...

 

what i was able to do:

$TenantId = '********'
$ClientId = '*********'
$ClientSecret = '**********'

$MSGraphBody = @{
    'tenant' = $TenantId
    'client_id' = $ClientId
    'client_secret' = $ClientSecret
    'grant_type' = 'client_credentials'
}

$MSParams = @{
    'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    'Method' = 'Post'
    'Body' = $MSGraphBody
    'ContentType' = 'application/x-www-form-urlencoded'
}

$ADGraphBody = @{
    'tenant' = $TenantId
    'client_id' = $ClientId
    'client_secret' = $ClientSecret
    'grant_type' = 'client_credentials'
}

$ADParams = @{
    'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    'Method' = 'Post'
    'Body' = $ADGraphBody
    'ContentType' = 'application/x-www-form-urlencoded'
}

$ADAuthResponse = Invoke-RestMethod @ADParams
$MSAuthResponse = Invoke-RestMethod @MSParams
Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token -MsGraphAccessToken $MSAuthResponse.access_token
 
+ Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService