Running Un-attended Scripts via Task Scheduler
I am trying to get some of my PS Scripts that are required regularly to run un-attended on a server using Task Scheduler. I am aware that App Registrations seem to be the recommended way, but I am struggling to find the best way to plan and deploy a solution. For example, one of the jobs I want to automate is a search using Exchange get-messagetracev2, I have created a service account, given the account Delegate Full Access permissions to 31 shared mailboxes I need to report on. Basically, I need to know how many emails have been received during the previous week to each mailbox. Generate a csv, list the mailbox, start date - end date, number of emails received, then ideally either email 3 users the report, or send a Teams notification (using Workflow Bot) to send a notification that the report is ready and the file is attached. I must be using the least permissive method of doing this, looking for ways to achieve this with the lowest level of access and to understand the best config for the App Registration, can I use Delegate or must it be App permissions? Thanks in advance
Problem restoring deleted user with mggraph
Hello, I have done a few 365 migration and almost everytime there are some user data that has been missed in the migration. Earlier I solved this by restoring the 365 user in the source tenant to another domain using this msol script in powershell: Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose -AutoReconcileProxyConflicts Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose -AutoReconcileProxyConflicts -NewUserPrincipalName email address removed for privacy reasons I know it is not perfect but it worked well and saved a bunch of times. I have now done another migration now and got the same issue so I need to restore the users so we can access the data again and move it. BUT! I realized today that msol service is no more, so I am kinda stuck with figuring this out in mggraph. I have tried for a few hours now and I am not sure if this even possible with mggraph. Whenever I try to build a script using Restore-MgDirectoryDeletedUser/Item which google, copilote etc tells me to use I only get this error: The term 'Restore-MgDirectoryDeletedUser/item' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Or I get that it "works" but that the proxy/domain conflicts: Errors detected while trying to restore the user restoreUserErrors: ErrorValue:<pii><pii>E*****.E*******</pii>@domain.com</pii> ObjectType: ConflictingObjectId:, ErrorType:UserPrincipalName, ErrorId:InvalidDomainErrorValue:<pii>smtp:<pii>ee</pii>@domain.com</pii> ObjectType: ConflictingObjectId:, ErrorType:ProxyAddress, ErrorId:InvalidDomain Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-09-08T13:49:36 Since I do not have the first domain in the source tenant anymore I need to restore the user to a different domain. Does anyone have any idea on how I can recreate the msol version to mggraph? I feel like I have tried everything to my knowledge now so hopefully anyone here can give me help or tips. Thanks! /Adam
Intermittent issues with PowerShell Command Responses Since May 10, 2025
Since May 10, 2025, we have observed unexpected behavior intermittently in the responses of the following PowerShell commands. Could you please investigate the issues outlined below? Get-CsTenantFederationConfiguration: The AllowPublicUsers property appears in the command output, but when the response is passed to ConvertTo-Json, the AllowPublicUsers value is missing. Please refer to the attached screenshot for reference. Get-CsExternalAccessPolicy: The EnablePublicCloudAccess property, which is expected to return a boolean value, is now returning null. These issues are not isolated to a specific instance — we are intermittently observing the same behavior across multiple Office 365 tenants. Looking forward to your assistance.MGraph suddenly stops working
PS C:\Windows> Get-MGUser -All Get-MGUser : InteractiveBrowserCredential authentication failed: In Zeile:1 Zeichen:1 + Get-MGUser -All + ~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AuthenticationFailedException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgUser_List Prior to this I did a "connect-mgraph -Scopes "User.Read.All" " and authenticated myself with MFA. Did not get an error doing so. Logged in as a global administrator. Any ideas what i going wrong? I know, the error indicates Authentication Failure, but Authentication looks correctPowerShell Script to Follow a SharePoint Site for a User
Good morning! I've been struggling with this for a while now. I've tried multiple scripts that are supposed to do this and run into many errors. I have a new script I found, which seems to mostly work, but it gives me this one error: Write-Error: Response status code does not indicate success: Forbidden (Forbidden). It looks like a permissions issue. I'm executing this in VSC, running under my user account, but when it connects to Graph, I'm authenticating it as my admin account, which has the following roles: I do realize how easy it is for users to follow a site, but this is one of those messed-up political situations, so I need a way to do this. After the error, it just hangs here: Add users to follow site(. [Adding user 'Ken Ce.] Here is the script I'm using: # Example: .\Add-FollowUserSite.ps1 -UsersMail "user1@[domain].com","user2@[domain].com","user3@[domain].com" -SitesUrl "https://[domain].sharepoint.com" [CmdletBinding()] param( [Parameter(Mandatory=$true,HelpMessage="List of Users Mails")] [String[]]$UsersMail=@("user1@[domain].com","user2@[domain].com","user3@[domain].com"), [Parameter(Mandatory=$true,HelpMessage="List of SharePoint Url to follow")] [String[]]$SitesUrl=@("https://[domain].sharepoint.com") ) Begin{ # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.users) { Write-Host "Microsoft Graph Users Module Already Installed" } else { try { Install-Module -Name microsoft.graph.users -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.sites) { Write-Host "Microsoft Graph Sites Module Already Installed" } else { try { Install-Module -Name microsoft.graph.sites -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Import Modules Microsoft.Graph.users and Microsoft.Graph.sites to be used Import-Module Microsoft.Graph.users Import-Module Microsoft.Graph.sites Write-Host "Connecting to Tenant" -f Yellow Connect-MgGraph -Scopes "Sites.ReadWrite.All", "User.Read.All" Write-Host "Connection Successful!" -f Green } Process{ $count = 0 $UsersMail | foreach { #Get user Graph properties $mail = $_ $user = Get-MgUser -ConsistencyLevel eventual -Count 1 -Search ([string]::Format('"Mail:{0}"',$mail)) $SitesUrl | foreach { #Get Site Graph properties $domain = ([System.Uri]$_).Host $AbsolutePath = ([System.Uri]$_).AbsolutePath $uriSite = [string]::Format('https://graph.microsoft.com/v1.0/sites/{0}:{1}',$domain,$AbsolutePath) $site = Invoke-MgGraphRequest -Method GET $uriSite #Create Body for Post request $body = @' { "value": [ { "id": "{$SiteID}" } ] } '@.Replace('{$SiteID}',$site.id) #Graph call that include user to follow site $uriFollow = [string]::Format('https://graph.microsoft.com/v1.0/users/{0}/followedSites/add',$user.Id) #Include follow option from user to SharePoint Site try{ $response = Invoke-MgGraphRequest -Method POST $uriFollow -Body $body -ContentType "application/json" Write-Host "User '$($user.DisplayName)' is following site '$($AbsolutePath)'" -f Green } catch { Write-Error $_.Exception } } $count += 1 #progress bar Write-Progress -Activity 'Add users to follow site(s)' -Status "Adding user '$($user.DisplayName)' to follow sites... ($($count)/$($UsersMail.Count))" -PercentComplete (($count / $UsersMail.Count) * 100) } } End { Disconnect-MgGraph Write-Host "Finished" -ForegroundColor Green } Any help would be greatly appreciated.
Assigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.
Purview -> Powershell
i need to export some users their data before their licenses are removed. It is about 60 users, so i would rather user powershell instead of the purview portal to automate the job. So i have been playing around with the commandlets, to get an idea to build the script. The strange thing is what i see in Powershell is not represented in the Purview portal. We had an older compliance case which was no longer used. I tried to remove the compliance case by the Purview portal, but nothing happens when clicking "delete case" or "close case". i then reverted back to PowerShell by using the Remove-ComplianceCase "$CaseName", where the compliance case was successfully removed. When running the Get-ComplianceCase, i can see that the old compliance case is indeed removed, however the removed compliance case is still present in the Purview portal even several hours after deleting the case with PowerShell. Then started to play around with a new compliance search New-ComplianceSearch -Name "$($TargetMailbox.displayName) License Cleanup" -ExchangeLocation "$($TargetMailbox.PrimarySmtpAddress)" -Case "License Cleanup" -SharePointlocation "$($PNPPersonalSite.url)" after refreshing a couple of times i could see the compliance search in the purview portal. Then started the compliance search by using the Start-ComplianceSeacrh commandlet and verified that the search status was completed: Get-compliancesearch "$($TargetMailbox.displayName) License Cleanup" | select status However in the Purview portal no statistics were shown (not available yet). Didn't spend to much attention as i already saw discrepancies between the purview portal and what i saw in Powershell, so continued exporting compliance search with a compliance search action to export the data in the process manager New-ComplianceSearchAction -SearchName ""$($TargetMailbox.displayName)" -Export Can successfully retrieve the compliancesearch action in Powershell and can see that the status is completed, but fail to retrieve the export in the purview portal. Get-ComplianceSearchAction -case "License CleanUp" -includecredential | fl Did not achieve a way in downloading the export results via PowerShell, but would already be pretty pleased if i could achieve the first two steps via PowerShell. But as i am unable to retrieve the export in the Purview portal, i am afraid that i am still stuck. I can create an export in the Purview portal from the compliance search i created in Powershell. Can anyone please explain me the issue with the discrepancies between what i see in PowerShell and the Purview Portal and is it possible to see the exports created in powershell in the purview portal? And is it feasible to download the export from Powershell as well (Start-Process)?
