Connect-MsolService -AdGraphAccessToken $token

Question

I am planning for automation that requires to frequently fetch DELETED users using the below command line. With the collected data I perform cleanup in AzDO.

$deletedUsersfromAAD = (Get-MsolUser -ReturnDeletedUser -EnabledFilter EnabledOnly -MaxResults 500 | Where-Object { $_.SoftDeletionTimestamp.ToString("MM-dd-yyyy") -gt $limit } | Sort-Object -Property $_.SoftDeletionTimestamp)

But when I running the pipeline it stuck at Connect-MsolService because everytime login window pop-up for authentication. How can I bypass the pop-up authentication while using ¨Connect-MsolService¨.

Or it will be great if there is alternative to fetch only deleted (soft deleted) AAD users list, instead of indexing entire AAD.

vasilmichev · Answer

Last time I toyed with this, you needed to use both&nbsp;-AdGraphAccessToken and -MsGraphAccessToken to make it work.

nexor · Answer

...how to generate these tokens? any link for document or something that help to understand the process?thx

nexor · Answer

VasilMichev&nbsp;after reviewing numerous articles i was able to write some code, i have no problem with MSGraphToken but it fails on ADGraphToken. i'm not sure if i create it correctly. if you managed to somehow use this method i'd appreciate if you share code.&nbsp;i as well found that:&nbsp;https://github.com/Azure/azure-docs-powershell-azuread/issues/246 but i don't understand if you can logon using both tokens or it is not working any more...&nbsp;what i was able to do:$TenantId&nbsp;=&nbsp;'********'$ClientId&nbsp;=&nbsp;'*********'$ClientSecret&nbsp;=&nbsp;'**********'$MSGraphBody&nbsp;=&nbsp;@{&nbsp;&nbsp;&nbsp;&nbsp;'tenant'&nbsp;=&nbsp;$TenantId&nbsp;&nbsp;&nbsp;&nbsp;'client_id'&nbsp;=&nbsp;$ClientId&nbsp;&nbsp;&nbsp;&nbsp;'scope'&nbsp;=&nbsp;'https://graph.microsoft.com/.default'&nbsp;&nbsp;&nbsp;&nbsp;'client_secret'&nbsp;=&nbsp;$ClientSecret&nbsp;&nbsp;&nbsp;&nbsp;'grant_type'&nbsp;=&nbsp;'client_credentials'}$MSParams&nbsp;=&nbsp;@{&nbsp;&nbsp;&nbsp;&nbsp;'Uri'&nbsp;=&nbsp;"https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"&nbsp;&nbsp;&nbsp;&nbsp;'Method'&nbsp;=&nbsp;'Post'&nbsp;&nbsp;&nbsp;&nbsp;'Body'&nbsp;=&nbsp;$MSGraphBody&nbsp;&nbsp;&nbsp;&nbsp;'ContentType'&nbsp;=&nbsp;'application/x-www-form-urlencoded'}$ADGraphBody&nbsp;=&nbsp;@{&nbsp;&nbsp;&nbsp;&nbsp;'tenant'&nbsp;=&nbsp;$TenantId&nbsp;&nbsp;&nbsp;&nbsp;'client_id'&nbsp;=&nbsp;$ClientId&nbsp;&nbsp;&nbsp;&nbsp;'scope'&nbsp;=&nbsp;'https://graph.windows.net/.default'&nbsp;&nbsp;&nbsp;&nbsp;'client_secret'&nbsp;=&nbsp;$ClientSecret&nbsp;&nbsp;&nbsp;&nbsp;'grant_type'&nbsp;=&nbsp;'client_credentials'}$ADParams&nbsp;=&nbsp;@{&nbsp;&nbsp;&nbsp;&nbsp;'Uri'&nbsp;=&nbsp;"https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"&nbsp;&nbsp;&nbsp;&nbsp;'Method'&nbsp;=&nbsp;'Post'&nbsp;&nbsp;&nbsp;&nbsp;'Body'&nbsp;=&nbsp;$ADGraphBody&nbsp;&nbsp;&nbsp;&nbsp;'ContentType'&nbsp;=&nbsp;'application/x-www-form-urlencoded'}$ADAuthResponse&nbsp;=&nbsp;Invoke-RestMethod&nbsp;@ADParams$MSAuthResponse&nbsp;=&nbsp;Invoke-RestMethod&nbsp;@MSParamsConnect-MsolService&nbsp;-AdGraphAccessToken&nbsp;$ADAuthResponse.access_token&nbsp;-MsGraphAccessToken&nbsp;$MSAuthResponse.access_token&nbsp;+ Connect-MsolService -AdGraphAccessToken $ADAuthResponse.access_token ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Administration.Automation.ConnectMsolService

sgbjrn · Answer

nExoR&nbsp;&nbsp;Did you (or anyone else) find a solution to this issue?I'm trying to run a few msol commands in a script to collect information, and need to use a spn/access token to authenticate.

nexor · Answer

Sgbjrn&nbsp;I have not, and no suppor found 😞

Forum Discussion

Connect-MsolService -AdGraphAccessToken $token

6 Replies

Resources