Powershell script for SharePoint online inventory fails with FullyQualifiedErrorId : IdcrlException


Hi All, I've bee tasked with creating a simple report that shows all the sites on SharePoint Online and a total of the content items in each site.  It's just a basic inventory. The Powershell script below works fine in my developer tenant, but when I run it in our test tenant it fails when hitting line 44 which has the command $context.executequery().  Here's the error message:


Exception calling "ExecuteQuery" with "0" argument(s): "The sign-in name or
password does not match one in the Microsoft account system."
At D:\projects\sandbox\SPO Powershell\SPOInventory.ps1:44 char:4
+ $context.ExecuteQuery()
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdcrlException

The collection has not been initialized. It has not been requested or the
request has not been executed. It may need to be explicitly requested.
At D:\projects\sandbox\SPO Powershell\SPOInventory.ps1:46 char:13
+ ForEach ($List in $Lists)
+ ~~~~~
+ CategoryInfo : OperationStopped: (:) [], CollectionNotInitializ
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.CollectionNotInitial


I believe this is caused by the fact that in our test tenant we are using ADFS, but I'm not sure of how to fix the powershell script to make it work.  Here is my powershell script:


Add-Type –Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type –Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

$AdminUrl = "tenant admin url"
$UserName = "administrator account"
$Password = "the password"


$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $SecurePassword
$SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName, $SecurePassword)



function Get-SPOWebs(){
$Url = $(throw "Please provide a Site Collection Url"),
$Credential = $(throw "Please provide a Credentials")

$context = New-Object Microsoft.SharePoint.Client.ClientContext($Url)
$context.Credentials = $SPOCredentials
$web = $context.Web
foreach($web in $web.Webs)
Get-SPOWebs -Url $web.Url -Credential $Credential

function Get-ItemCount($Url) {

$context = New-Object Microsoft.SharePoint.Client.ClientContext($Url)
$context.Credentials = $SPOCredentials
# $context.Credentials = $Credentials
$Lists = $context.web.Lists
$itemCount = 0
ForEach ($List in $Lists)
$listTitle = $List.Title
If ($listTitle -ne 'User Information List' -and `
$listTitle -ne 'Work Flow History' -and `
$listTitle -ne 'Images' -and `
$listTitle -ne 'Site Assets' -and `
$listTitle -ne 'Composed Looks' -and `
$listTitle -ne 'Microfeed' -and `
$listTitle -ne 'Workflow Tasks' -and `
$listTitle -ne 'Access Requests' -and `
$listTitle -ne 'Master Page Gallery' -and `
$listTitle -ne 'Web Part Gallery' -and `
$listTitle -ne 'Style Library' -and `
$listTitle -ne 'List Template Library' -and `
$listTitle -ne 'appdata' -and `
$listTitle -ne 'appfiles' -and `
$listTitle -ne 'Content type publishing error log' -and `
$listTitle -ne 'Form Templates' -and `
$listTitle -ne 'Converted Forms' -and `
$listTitle -ne 'Solution Gallery' -and `
$listTitle -ne 'TaxonomyHiddenList' -and `
$listTitle -ne 'Theme Gallery' -and `
$listTitle -ne 'List Template Gallery' -and `
$listTitle -ne 'Maintenance Log Library' -and `
$listTitle -ne 'Cache Profiles' -and `
$listTitle -ne 'Web Template Extensions' -and `
$listTitle -ne 'Content and Structure Reports' -and `
$listTitle -ne 'wfpub')
$qry = [Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery()
$items = $list.GetItems($qry)
$itemCount += $items.count
return $itemCount

#Retrieve all site collection infos
$filePath = "D:\Projects\Sandbox\SPO Powershell\spositeinventroy.csv"
$filePath2 = "D:\Projects\Sandbox\SPO Powershell\spoiteminventory.csv"
#Connect-SPOService -Url $AdminUrl
Connect-SPOService -Url $AdminUrl
$sites = Get-SPOSite
$row = "Site Name,Site Path,Site Collection Path,Is Site Collection,Item Count"
Add-Content $filePath $row

foreach ($site in $sites)
$itemCount = 0
$siteCol = $site.Url
$itemCount = Get-ItemCount($siteCol)
$row = $site.Title + "," + $site.Url + "," + $siteCol + "," + "Y" + "," + $itemCount
Add-Content $filePath $row
write-host $site.Url " Item Count = " $itemCount
$AllWebs = Get-SPOWebs -Url $site.Url -Credential $SPOCredentials
foreach($web in $Allwebs)
$itemCount = 0
$webURL = $web.Url
$itemCount = Get-ItemCount($webURL)
$row = $web.Title + "," + $web.Url + "," +$siteCol + "," + "N" + "," + $itemCount
Add-Content $filePath $row
write-host $web.Url " Item Count = " $itemCount



like I said above this works fine in my developer tenant, but fails in my test tenant.  I am certain that I am using the proper credentials, but there must be something that I am missing in order to have this work with ADFS.  Any help is appcreciated thank!



3 Replies
Strange, I have in the pust created and run PS scripts in environments where ADFS is deployed and I have not had any problems...can you just simply create a connection to your SPO test tenant and run Get-SPOSite and see what happens? Use the SPO Management Shell for that

Hi Juan, yes I can get past excuting Connect-SPOService and Get-SPOSite.  It's when I create a context object and execute a query on that object that I get the error.

If you step through your code, does it fail on the very first iteration of your Get-SPOWebs() method? Could it be that one of the sub webs has broken inheritance and you don't have access?


Are you sure you have permissions to list webs and lists on that site?