Connect-MsolService -AdGraphAccessToken $token

%3CLINGO-SUB%20id%3D%22lingo-sub-1780932%22%20slang%3D%22en-US%22%3EConnect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1780932%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20planning%20for%20automation%20that%20requires%20to%20frequently%20fetch%20DELETED%20users%20using%20the%20below%20command%20line.%20With%20the%20collected%20data%20I%20perform%20cleanup%20in%20AzDO.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%24deletedUsersfromAAD%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B(%3C%2FSPAN%3E%3CSPAN%3EGet-MsolUser%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-ReturnDeletedUser%26nbsp%3B-EnabledFilter%26nbsp%3BEnabledOnly%26nbsp%3B-MaxResults%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E500%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EWhere-Object%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24_%3C%2FSPAN%3E%3CSPAN%3E.SoftDeletionTimestamp.ToString%3C%2FSPAN%3E%3CSPAN%3E(%3C%2FSPAN%3E%3CSPAN%3E%22MM-dd-yyyy%22%3C%2FSPAN%3E%3CSPAN%3E)%26nbsp%3B-gt%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24limit%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7D%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3ESort-Object%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-Property%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24_%3C%2FSPAN%3E%3CSPAN%3E.SoftDeletionTimestamp%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EBut%20when%20I%20running%20the%20pipeline%20it%20stuck%20at%20Connect-MsolService%20because%20everytime%20login%20window%20pop-up%20for%20authentication.%20How%20can%20I%20bypass%20the%20pop-up%20authentication%20while%20using%20%C2%A8Connect-MsolService%C2%A8.%3CBR%20%2F%3E%3CBR%20%2F%3EOr%20it%20will%20be%20great%20if%20there%20is%20alternative%20to%20fetch%20only%20deleted%20(soft%20deleted)%20AAD%20users%20list%2C%20instead%20of%20indexing%20entire%20AAD.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1780932%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1782386%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1782386%22%20slang%3D%22en-US%22%3E%3CP%3ELast%20time%20I%20toyed%20with%20this%2C%20you%20needed%20to%20use%20both%26nbsp%3B-AdGraphAccessToken%20and%20-MsGraphAccessToken%20to%20make%20it%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2035939%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-MsolService%20-AdGraphAccessToken%20%24token%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2035939%22%20slang%3D%22en-US%22%3E%3CP%3E...how%20to%20generate%20these%20tokens%3F%20any%20link%20for%20document%20or%20something%20that%20help%20to%20understand%20the%20process%3F%3C%2FP%3E%3CP%3Ethx%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I am planning for automation that requires to frequently fetch DELETED users using the below command line. With the collected data I perform cleanup in AzDO.

 

$deletedUsersfromAAD = (Get-MsolUser -ReturnDeletedUser -EnabledFilter EnabledOnly -MaxResults 500 | Where-Object { $_.SoftDeletionTimestamp.ToString("MM-dd-yyyy") -gt $limit }  | Sort-Object -Property $_.SoftDeletionTimestamp)
 
But when I running the pipeline it stuck at Connect-MsolService because everytime login window pop-up for authentication. How can I bypass the pop-up authentication while using ¨Connect-MsolService¨.

Or it will be great if there is alternative to fetch only deleted (soft deleted) AAD users list, instead of indexing entire AAD.
3 Replies

Last time I toyed with this, you needed to use both -AdGraphAccessToken and -MsGraphAccessToken to make it work.

...how to generate these tokens? any link for document or something that help to understand the process?

thx

@Vasil Michev after reviewing numerous articles i was able to write some code, i have no problem with MSGraphToken but it fails on ADGraphToken. i'm not sure if i create it correctly. if you managed to somehow use this method i'd appreciate if you share code.

 

i as well found that: https://github.com/Azure/azure-docs-powershell-azuread/issues/246 but i don't understand if you can logon using both tokens or it is not working any more...

 

what i was able to do:

$TenantId = '********'
$ClientId = '*********'
$ClientSecret = '**********'

$MSGraphBody = @{
    'tenant' = $TenantId
    'client_id' = $ClientId
    'client_secret' = $ClientSecret
    'grant_type' = 'client_credentials'
}

$MSParams = @{
    'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    'Method' = 'Post'
    'Body' = $MSGraphBody
    'ContentType' = 'application/x-www-form-urlencoded'
}

$ADGraphBody = @{
    'tenant' = $TenantId
    'client_id' = $ClientId
    'client_secret' = $ClientSecret
    'grant_type' = 'client_credentials'
}

$ADParams = @{
    'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    'Method' = 'Post'
    'Body' = $ADGraphBody
    'ContentType' = 'application/x-www-form-urlencoded'
}

$ADAuthResponse = Invoke-RestMethod @ADParams
$MSAuthResponse = Invoke-RestMethod @MSParams
Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token -MsGraphAccessToken $MSAuthResponse.access_token
 
+ Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService