Comments (6)
clement75000
commented on August 29, 2024
1
Hello,
In my tenant, roles IDs seem to be different from the official documentation, not sure why yet :
https://learn.microsoft.com/fr-fr/azure/active-directory/roles/permissions-reference
I have these roles and IDs :
$adminRoles = @("9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", "58a13ea3-c632-46ae-9ee0-9c0d43cd7f3d", "892c5842-a9a6-463a-8041-72aa08ca3cf6", "158c047a-c907-4556-b7ef-446551a6b5f7", "f28a1f50-f6e7-4571-818b-6a12f2af6b6c", "d37c8bed-0711-4417-ba38-b4abe66ce4c2", "9f06204d-73c1-4d4c-880a-6edb90606fd8", "7be44c8a-adaf-4e2a-84d6-ab2649e08a13", "c430b396-e693-46cc-96f3-db01bf8bb62a", "729827e3-9c14-49f7-bb1b-9608f156bbb8", "62e90394-69f5-4237-9190-012177145e10", "69091246-20e8-4a56-aa4d-066075b2a7a8", "17315797-102d-40b4-93e0-432062caca18", "b0f54661-2d74-4c50-afa3-1ec803f12efe", "29232cdf-9323-42fd-ade2-1d097af3e4de", "194ae4cb-b126-40b2-bd5b-6091b380977d")
$adminRoles doesn't contain any of my tenant roles IDs, hence $RID get empty and Get-MgDirectoryRoleMember throw the error.
As I want to audit all roles, I'm using this for now :
from 365inspect.
ThoughtContagion
commented on August 29, 2024
1
Interesting. Thank you for that explanation.
We will change the way that the RID's are defined to compensate for this.
from 365inspect.
ThoughtContagion
commented on August 29, 2024
Hi there!
Thank you for using our tool, we hope it provides you with valuable insight into your tenant!
We are unable to replicate this issue in any of our testing tenants.
Would you be able to provide the version of the Graph module you are using?
This can be most easily identified using the following command:
Get-command Get-MgDirectoryRoleMember
Can you also make sure that there are no conflicting modules installed?
Get-InstalledModule -Name Microsoft.Graph
You generally only want one version installed (if you are using version 2.0+, Microsoft.Graph and Microsoft.Graph.Beta are perfectly fine to have installed together.)
from 365inspect.
patrickbartley
commented on August 29, 2024
***@***.***
Freshly imaged machine. This is the first time interacting with MS365 through Powershell on this image.
I will try running the script again and send you an update.
*** Removed identifiable information ***
from 365inspect.
clement75000
commented on August 29, 2024
Ok I got it, I mixed ID and RoleTemplateId attributes :
But in this case if any of $adminRoles RoleTemplateId value doesn't exist in the tenant (Get-MgDirectoryRole returns only 5 roles in my test tenant) , the foreach loop stops and throw the error.
To quickly fix it I can either modify $adminRoles values with RoleTemplateId that exist in my tenant or not to use any role filter as previously showed.
Now I can go to sleep :-)
from 365inspect.
CountlessNumber
commented on August 29, 2024
I also had this same error. I fixed it using the above solution by setting the Get-MgDirectoryRole to just return all roles.
After that fix I had another error - "Error message: The term 'Get-MgReportAuthenticationMethodUserRegistrationDetail' is not recognized as the name of a cmdlet"
I was able to fix this error by setting the script to use the beta endpoint - Select-MgProfile -Name "beta"
After that, it ran successfully and returned the correct list of admin accounts as expected.
from 365inspect.
Related Issues (20)
- CSV and XML Problems with various columns HOT 3
- Could not connect to SharePoint Online HOT 2
- Bug running script on PowerShell 7.3.4 HOT 3
- Script does not work in pwsh 7.3.4 HOT 7
- Sharepoint Module may not connect if Exchange Hybrid is present
- Inspect-AZPSAssignment and Inspect-AZPSModules: Microsoft Graph PowerShell renamed to Microsoft Graph Command Line Tools
- Module Loading Errors HOT 6
- Report HTML contains broken links to txt-files HOT 1
- Parameter incorrectly set
- When excuting The term 'Select-MgProfile' is not recognized HOT 13
- Excessive Privilege -> Not Using Microsoft Graph HOT 2
- Using Oauth access token to run script on behalf of client HOT 1
- Does this work in M365 GCC High? HOT 4
- Connecting to Exchange Online Failed
- Output Report.html: no work in oder device HOT 6
- Error executing main script HOT 6
- Unable to run script - complains that Connect-PnPOnline is not recognised, even though it has been verified earlier in the script HOT 8
- bug due to exchange online update
- Microsoft 365 Assessment can't export the data HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 365inspect.