search

EvotecIT / O365Synchronizer

O365Synchronizer is a PowerShell module that allows you to synchronize users/contacts to user mailboxes contact list. It can also be used to synchronize users between tenants as contacts or guests.
23 stars 5 forks source link

Problem with working #11

Closed Xartek-art closed 28 minutes ago

Xartek-art commented 2 hours ago

Some time ago I came across your script, the so-called O365Synchronizer. Unfortunately, my problem is that when executing the script I get a "no permissions" message (as I understand it, the application itself).

Application added to the tenant, permissions according to your entry as below: User.Read.All - to read users OrgContact.Read.All - to read contacts Contacts.ReadWrite - to write contacts

I have problem with permission. I paste error below: 0365Synchronizer.psm1* X

Import-Module 0365 Synchronizer
2
3 $ClientID = 'e4540c94
*Rez4C8E1
5
6
7
8
4 $TenantID = 'b98a5480
$ClientSecret = 'aHD8Q
$Credentials = [pscredential]::new($ClientID, (ConvertTo-SecureString SClientSecret -AsPlainText -Force))
Connect-MgGraph -ClientSecretCredential $Credentials -TenantId $TenantID -Nowelcome
9
10
11
# Synchronization per user or multiple users in one
Sync-0365 Personal Contact -UserId 'b
-Verbose -Member Types 'Contact', 'Member' -GuidPrefix '0365 Synchronizer
Format-Table*
VERBOSE: Filtering out user Warranty
VERBOSE: Filtering out user y.
VERBOSE: Filtering out user z.
VERBOSE: Filtering out user zakupy.
VERBOSE: Filtering out user zgloszenia
[!] Getting user contacts for b
by no assigned licenses
by no assigned licenses
by account is disabled
-propo
[i] Processing
Cannot index into a null array.
va
m by no assigned licenses
by no assigned licenses
failed. Error: [ErrorAccessDenied] : Access is denied. Check credentials and try again.
n
At C:\Program Files\WindowsPowerShell\Modules\0365 Synchronizer\1.0.2\0365Synchronizer.psm1:1821 char:9
$Contact = $Existing Contacts [$Entry]
: InvalidOperation: (:) [], RuntimeException
+ CategoryInfo
+ FullyQualifiedErrorId : NullArray
[+] Creating
[!] Failed to create
or
[i] Processing
Cannot index into a null array.
va because: [Error AccessDenied] : Access is denied. Check credentials and try again.
At C:\Program Files\Windows PowerShell\Modules\0365 Synchronizer\1.0.2\0365 Synchronizer.psm1:1821 char:9
$Contact = $Existing Contacts [$Entry]
+
+ CategoryInfo
: InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray

What type of permission I miss ?

PrzemyslawKlys commented 1 hour ago

Hey,

Please provide cleaned up log without those broken lines, and some weird formatting. Did you "admin" accepted those permissions in Graph? Maybe a screenshot would be worth it?

Xartek-art commented 1 hour ago

Thanks for fast response.

Now I have another problem but maybe you can diagnose it. aaa

Xartek-art commented 1 hour ago

Hey,

Please provide cleaned up log without those broken lines, and some weird formatting. Did you "admin" accepted those permissions in Graph? Maybe a screenshot would be worth it?

image

PrzemyslawKlys commented 1 hour ago

Your problem comes from using Delegated vs Application. If you are using Delegated the rights are probably a bit different. The Application rights I gave on webpage are the ones that provide full functionality. For delegated rights you most likely need to look at Contacts.ReadWrite.All or something, because you can see in your picture that the "admin" right is not required for that permission so it probably just applies your very own user.

Xartek-art commented 28 minutes ago

That's true. This solution solve my problem ! Another way, perfect solution for tenants where admins don't have enrolled intune or doesn't have too much skills. Biggest congratulations for you. Thanks for fast response and recognize problem.