search

michelderooij / Remove-DuplicateItems

Script to remove duplicate items from Exchange mailboxes.
https://eightwone.com/2013/06/21/removing-duplicate-items-from-a-mailbox/
MIT License
50 stars 16 forks source link

Cannot bind to MsgFolderRoot & ArchiveMsgFolderRoot #9

Closed Dalong0 closed 1 year ago

Dalong0 commented 2 years ago

Hello,

Tying running this script with modern Auth : .\Remove-DuplicateItems.ps1 -Mailbox mail@domain.tld -Type Mail -DeleteMode HardDelete -Mode Full -Retain Oldest -Verbose -Server outlook.office365.com -TenantId "TenantID" -ClientId "ClientID" -Secret $secret

I am getting this error: WARNING: Cannot bind to MsgFolderRoot: Exception calling "Bind" with "2" argument(s): "Credentials are required to make a service request." WARNING: Cannot bind to ArchiveMsgFolderRoot: Exception calling "Bind" with "2" argument(s): "Credentials are required to make a service request." image

Permissions gived to the application here : image

Can you help ?

Thanks

michelderooij commented 1 year ago

The full_access_as_app should suffice. You granted consent for the application?

michelderooij commented 1 year ago

Closed to to age - feel free to reopen

JoshBritton5544 commented 1 year ago

Hello,

I am seeing this error as well. I have confirmed the full_access_as_app permisson, as well as the admin consent on the app registration. Do you have any additional troubleshooting steps for this issue?

michelderooij commented 1 year ago

Pushed 2.44, which sets credentials when using OAuth, which according to other reports might prevent this anomaly. Please report any feedback as I could not repro the issue.

joshuawi99 commented 1 year ago

Pushed 2.44, which sets credentials when using OAuth, which according to other reports might prevent this anomaly. Please report any feedback as I could not repro the issue.

Im still having this Issue were this error appears:

AUSFÜHRLICH: Module Microsoft.Exchange.WebServices v2.2.1.0 already loaded AUSFÜHRLICH: Module Microsoft.Identity.Client v4.25.0.0 already loaded AUSFÜHRLICH: Will use provided secret to authenticate AUSFÜHRLICH: Authentication token acquired AUSFÜHRLICH: Cleanup Mode: Mailbox Processing mailbox ** AUSFÜHRLICH: Using for impersonation AUSFÜHRLICH: Using Exchange Web Services URL https://outlook.office365.com/EWS/Exchange.asmx AUSFÜHRLICH: Constructing folder matching rules WARNUNG: Cannot bind to MsgFolderRoot: Ausnahme beim Aufrufen von "Bind" mit 2 Argument(en): "Credentials are required to make a service request." WARNUNG: Cannot bind to ArchiveMsgFolderRoot: Ausnahme beim Aufrufen von "Bind" mit 2 Argument(en): "Credentials are required to make a service request." AUSFÜHRLICH: Processing finished

Do you have any feedback for me to try out?

tylerwasick commented 1 year ago

I am having a similar issue.

Permissions

image

Parameters

.\Remove-DuplicateItems.ps1 -Server outlook.office365.com -TenantId $tenantId -ClientId $clientId -Secret $secretKey -Identity $User -Type Mail -DeleteMode "MoveToDeletedItems" -Report -WhatIf

Error

Processing mailbox **@*.com (**@*.com) WARNING: Cannot bind to MsgFolderRoot: Exception calling "Bind" with "2" argument(s): "The request failed. The remote server returned an error: (403) ." WARNING: Cannot bind to ArchiveMsgFolderRoot: Exception calling "Bind" with "2" argument(s): "The request failed. The remote server returned an error: (403) ."

joshuawi99 commented 1 year ago

You have to set "full_access_as_app" API Permissions

michelderooij commented 1 year ago

What Joshua said - you need to have proper API permissions assigned to the App

tylerwasick commented 1 year ago

Can you provide information on setting that?

michelderooij commented 1 year ago

This is an Exchange Web Services script. For that to work with Exchange Online and OAuth, you need to grant the registered app (Azure AD portal), after configuring App permissions and authentication method (cert/secret), configure the following API permission: Office 365 Exchange Online > full_access_as_app

For more step-by-step, check this older article on the same for Exchange Online Management access, but where it states you need to grant "Exchange and check Exchange.ManageAsApp", replace it with " Office 365 Exchange Online > full_access_as_app"

joshuawi99 commented 1 year ago

I did excactly what you described. These are my API Settings: grafik

This is my command to run the skript:

$blub="***" // Secret as plain text

$Secret = ConvertTo-SecureString -String $blub -AsPlainText -Force

.\Remove-DuplicateItems.ps1 -Server outlook.office365.com -Identity ***** -Impersonation -CleanupMode Mailbox -DeleteMode MoveToDeletedItems -Mode Full -Retain Oldest -Verbose -TenantId '****' -ClientId '**' -Secret $Secret

But im still getting the error as shown by others above: grafik

I guess it is not a problem with the API Permission configuration or my Secret. I think it has something to do with the "dummy creds".

joshuawi99 commented 1 year ago

Ok quick update from my side. I used the wrong secret key. But I am still getiing a 403 error now:

grafik

joshuawi99 commented 1 year ago

Okay I got it running now thank you!