SOLVED

get-mailbox powershell command no longer works

Copper Contributor

Hi,

 

i have been running the command

 

 

Get-Mailbox |Select-Object DisplayName, PrimarySmtpAddress |Sort-Object DisplayName | Export-CSV C:\IT\Powershell\Users.csv

 

 

as part of a powershell script for a few months without issue. Now when i run it i get

Active Directory operation failed on PROD.OUTLOOK.COM. Additional information: Active directory response: The server does not support the control. The control is critical.

Have they stopped this command?

thanks

Gareth

 
9 Replies
Do you mean you get this error every time you run the cmdlet?
Hi,

yes every time i run it. We use a certificate for access and it is still valid soim not sure if it is access related

thanks

Gareth
I'm also using CBA, and not seeing any troubles with it. Just for the sake of completeness, try connecting via regular user account. Or try another machine if possible.

@Vasil Michev 

it works if i connect to exchangeonline using a regular user account.

@Terry_Lazer 

my code is

$pass2 = Get-Content "C:\IT\Powershell\password.txt" | ConvertTo-SecureString
Connect-ExchangeOnline -CertificateFilePath "C:\IT\Powershell\***.pfx" -CertificatePassword  $pass2  -AppId "***" -Organization "***.com"
Get-Mailbox |Select-Object DisplayName, PrimarySmtpAddress |Sort-Object DisplayName | Export-CSV C:\IT\Powershell\Users.csv

where do i add the import session code?

 

thanks

Just for a giggle, try using Get-ExoMailbox instead of Get-Mailbox. It could be that you've run into a bug with the upgraded cmdlets in version 3.0 (which I assume you're using).

@Tony Redmond 

hi,

 

i get a new error now

Get-ExoMailbox : Error while querying REST service. HttpStatusCode=401 ErrorMessage=Microsoft.Exchange.Admin.OData.Core.ODataServiceException: 
CrossTenantAccessNotAllowed: For AppOnly flow Tenant in token e******s.onmicrosoft.com doesn't match with Tenant in request Url b*****t.com.
   at Microsoft.Exchange.AdminApi.Common.AdminApiUtils.VerifyTenantInIdentityAndUrlMatchForAppOnly(HttpContextBase httpContext)
   at Microsoft.Exchange.Admin.Library.BetaHttpHandler.ProcessRequest(HttpContext context)Microsoft.Exchange.Admin.OData.Core.ODataServiceException: 
CrossTenantAccessNotAllowed: For AppOnly flow Tenant in token e******s.onmicrosoft.com doesn't match with Tenant in request Url b*****t.com.
   at Microsoft.Exchange.AdminApi.Common.AdminApiUtils.VerifyTenantInIdentityAndUrlMatchForAppOnly(HttpContextBase httpContext)
   at Microsoft.Exchange.Admin.Library.BetaHttpHandler.ProcessRequest(HttpContext context)
At C:\IT\Powershell\OfficeUsers.ps1:10 char:1
+ Get-ExoMailbox |Select-Object DisplayName, PrimarySmtpAddress |Sort-O ...
+ ~~~~~~~~~~~~~~
    + CategoryInfo          : ProtocolError: (:) [Get-EXOMailbox], RestClientException
    + FullyQualifiedErrorId : An error occurred while processing this request.,Microsoft.Exchange.Management.RestApiClient.GetExoMailbox
best response confirmed by GarethParry (Copper Contributor)
Solution
Are you sure that the certificates, applications, and organization (tenant) you're trying to use all line up? Get-ExoMailbox complains about a token mismatch.

You know that you can run the code interactively, so that means that when authentication works, the code works. The problem here is how you're trying to authenticate. Given that you're using CBA, it's likely something to do with the certificate. Has the certificate expired?
hi thanks for this you steared me in the right direction. our tenent anema nd domain name are not the same and it didint like the entry i had for organisation. It used to work so i guess they changed something in the last few weeks.
1 best response

Accepted Solutions
best response confirmed by GarethParry (Copper Contributor)
Solution
Are you sure that the certificates, applications, and organization (tenant) you're trying to use all line up? Get-ExoMailbox complains about a token mismatch.

You know that you can run the code interactively, so that means that when authentication works, the code works. The problem here is how you're trying to authenticate. Given that you're using CBA, it's likely something to do with the certificate. Has the certificate expired?

View solution in original post