Closed DeanGross closed 2 years ago
AlexFilipin
commented
2 years ago Hi @DeanGross, I assume you get this error after calling .\Deploy-Policies.ps1 ? Can you provide your full call ( .\Deploy-Policies.ps1 -Prefix "CA" -Ring "ALL" -PoliciesFolder "C:\Repos\ConditionalAccess\Policies" - ....) or at least which Policy Set you are trying to deploy?
DeanGross
commented
2 years ago @AlexFilipin I used .\Deploy-policies.ps1 -Prefix "CA" -Ring "ALL" -PoliciesFolder 'C:\Users\me\OneDrive - mycompany\Scripts\azuread\CAPolicies\P1P2Mix'
AlexFilipin
commented
2 years ago @DeanGross I assume P1P2Mix are the JSONs from "Category structure for AADP1 and AADP2 mixture" or did you change anything there?
I just did a deployment of "Category structure for AADP1 and AADP2 mixture" and it worked fine, usually I would expect an output similar to this:
When do you get that error? After the first "Template does not include policy id - creating new policy" when it tries to create the first policy?
DeanGross
commented
2 years ago Yes, I copied all of your files into my own folder. It occurs when the first CA policy is getting created. I elevate my account to GA using PIM. the groups got created without any issues
AlexFilipin
commented
2 years ago Hmm strange, I just made sure I am on the same Microsoft.Graph.Identity.SignIns PowerShell Module Version as you are and my deployment continues to work.
The script uses: New-MgIdentityConditionalAccessPolicy -BodyParameter $requestBody to create the new policies and based on the initial error your posted it seems to have a problem with the content of $requestBody.
If you are familiar with PowerShell troubleshooting you may want to inspect content of $requestBody before it tries to make the create call. The call happens in Line 295 of the script.
Alternatively you could try to construct a request body on your own and manually make a New-MgIdentityConditionalAccessPolicy -BodyParameter $requestBody call (completely outside of my script/solution) to see if something else is wrong unrelated to this repo.
AlexFilipin
commented
2 years ago One step earlier you could also check that the JSON are getting imported successfully, the script does this via:
$Templates = Get-ChildItem -Path $PoliciesFolder
$Policies = foreach($Item in $Templates){
$Policy = Get-Content -Raw -Path $Item.FullName | ConvertFrom-Json
$Policy
}So just set the $PoliciesFolder variable to your folder beforehand C:\Users\me\OneDrive - mycompany\Scripts\azuread\CAPolicies\P1P2Mix
And inspect the $Policies afterwards, should look like this:
AlexFilipin
commented
2 years ago Oh and went you say
I copied all of your files
Just to be sure, these are all files from the policy set and NOT literally all files from the policy repository ?
While I usually try to keep only JSONs that can be deployed in the repository it can happen that JSONs are in there that no longer work. I usually only test the Policy Sets that are meant to be deployed.
DeanGross
commented
2 years ago Yes, I copied the 23 files from the Category Structure for AADP1 and AADP2 mixture folder
DeanGross
commented
2 years ago Thanks for your help, after extensive and time consuming PowerShell debuging, I learned alot about the inner workings of your script and the cmdlets I had no luck, so I did what I should have done yesterday - REBOOTED, problem solved :)
AlexFilipin
commented
2 years ago Uff - glad you got it working!
DeanGross
commented
2 years ago @AlexFilipin I am running into this same problem again, however, I found a workaround. The script fails hard in VSCode, but works in PS IDE. It shows the same error but keeps on going. Very weird
I am getting the following error and have no idea why. I am using Powershell 7.1.5, any help would be greatly appreciated PS C:\Users\me\OneDrive - company\Scripts\azuread\CAPolicies> New-MgIdentityConditionalAccessPolicy_Create: C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.9.3\exports\v1.0-beta\ProxyCmdletDefinitions.ps1:14655:37 Line | 14655 | $scriptCmd = {& $wrappedCmd @PSBoundParameters} |
~~~~~~ | Cannot bind parameter 'BodyParameter'. Cannot convert the "Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessPolicy" value of type | "Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessPolicy" to type "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphConditionalAccessPolicy".