Access is denied. Check credentials and try again.

[SPNass]

Hi @12Knocksinna ,

Thanks ! Awesome work !

I’m trying to took over your script to replace a process that was based on EWS and to cover the below needs: – Org contacts based on a DL – Create contacts on a specific contacts folder (not the default one) – Create Specific contacts folder for new joiners

Things revamped: (to avoid Invoke-WebRequest) – Using MSAL.PS to generate the Token based on a app (service principle) – Using module Microsoft.Graph.Authentication to connect Graph – Using module Microsoft.Graph.PersonalContacts to manage contacts and contacts folders

The issue that I’m facing is with permissions to be granted to make this all work. Despite having granted the permissions “Contacts.ReadWrite”,”Contacts.Read” (Graph API) to the App registered and the Token seems to embed the right scopes (e.g. “Contacts.ReadWrite”,”Contacts.Read”), I’m getting Access denied while trying to manage contacts.

Here are the commands for which I’m getting the error message: “Access is denied. Check credentials and try again.” – Get-MgUserContactFolder – New-MgUserContactFolder – Get-MgUserContactFolderContact – New-MgUserContactFolderContact

I even tried the below command but it does not seems to work with service principles: – Add-MailboxFolderPermission

Do you have an idea of what permission is missing to the app reg ?

Thanks in advance. Cheers, Patrick script.txt

[12Knocksinna]

I answered this question on Practical365.com