User Profile
_CM_
Copper Contributor
Joined Oct 11, 2017
User Widgets
Recent Discussions
Re: PermissionScopeNotGranted
Resolved. This grants User a new eligible PIM entry for role 'Application Administrator' Get role id from Get-MgRoleManagementDirectoryRoleDefinition | select Id, DisplayName | sort DisplayName this now works $params = @{ "PrincipalId" = "{user Object ID}" "RoleDefinitionId" = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" # App Admin role "Justification" = "Justification text" "directoryScopeId" = "/{AAD resource ObjectId for e.g. Azure AD app}" # use "/" for Tenant wide "Action" = "AdminAssign" "ScheduleInfo" = @{ "StartDateTime" = Get-Date "Expiration" = @{ "Type" = "AfterDuration" "Duration" = "PT8H" } } } New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params2.2KViews0likes0CommentsPermissionScopeNotGranted
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest returns errorCode "PermissionScopeNotGranted","message":"Authorization failed due to missing permission scope" I'm authenticating using an Service Principal with Certificate, and to my knowledge this should have all the required API permissions. Not sure if this is the issue or if the error points to the DirectoryScopeId in the Params, currently being "/subscriptions/$($Subscription.Id)" Any ideas? For role Global Reader, I'm using this $params = @{ "PrincipalId" = "3630920c-hidden" "RoleDefinitionId" = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" "Justification" = "Approved in EISP-2655" "DirectoryScopeId" = "/" "Action" = "AdminAssign" "ScheduleInfo" = @{ "StartDateTime" = Get-Date "Expiration" = @{ "Type" = "AfterDuration" "Duration" = "PT8H" } } } New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params Returns ErrorCode: RoleAssignmentExists - expected. Doing the same for Contributor role (b24988ac-6180-42a0-ab88-20f7382dd24c) fails with ErrorCode: RoleNotFoundSolved2.3KViews0likes1CommentRe: Failed to execute backend request using Remove-MgChatMember
Tested as per: https://learn.microsoft.com/en-us/graph/api/chat-delete-members?view=graph-rest-1.0&tabs=http connect-mgGraph -scopes "ChatMember.ReadWrite" (successful) Remove-MgChatMember -ChatId somthing@thread.v2 -ConversationMemberId rather_long_string now returns: Remove-MgChatMember : InsufficientPrivileges + CategoryInfo : InvalidOperation: ({ ChatId = 19:8...=, IfMatch = }:<>f__AnonymousType229`3) [Remove-MgChatMember_Delete], RestException`1 + FullyQualifiedErrorId : Forbidden,Microsoft.Graph.PowerShell.Cmdlets.RemoveMgChatMember_Delete I initially used an AAD app registration with all the Delegated and Apprlication permissions for Chat and more, all being consented for organization, failing with the initial error in first post. Could this all be caused of the Graph API protection? https://learn.microsoft.com/en-us/graph/teams-protected-apis821Views0likes0CommentsEX2019 hybrid allowed on failover cluster platform?
Already have EX2013 and O365 hybrid setup. Want to setup new EX2019 in best HA environment, hosted in Azure VMs. Can I use two W2019 servers in a failover cluster? Will it work with VMs in an Availability Set? I have not found any docs saying whats the better HA architecture. Any ideas? Btw, this new setup will only be for management. Everything already moved to O365.417Views2likes0CommentsIs AAD geo-distributed in the Germany datacenters?
Hi. Need to know if AAD is geo-distributed when using the datacenters located in Germany. They are operated by T-Systems International and have special considerations inplace for i.e. sharing data outside of Germany. Anyone knows?1KViews0likes1Comment
Recent Blog Articles
No content to show