search

microsoft / EntraExporter

PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
https://aka.ms/EntraExporter
MIT License
568 stars 91 forks source link

Unable to connect to non-Global instances #15

Closed SamErde closed 2 years ago

SamErde commented 2 years ago

Trying to connect to a USGov instance with the current Connect-AzureADExporter results in an error. 

Connect-MgGraph : Returned state(_____) from authorize endpoint is not the same as the one
sent(_____). See https://aka.ms/msal-statemismatcherror for more details.
At C:\Program Files\WindowsPowerShell\Modules\azureadexporter\1.0.908740\Connect-AzureADExporter.ps1:20 char:5
+     Connect-MgGraph -TenantId $TenantId -Scopes 'Directory.Read.All',
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-MgGraph], MsalClientException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph

The property 'TenantId' cannot be found on this object. Verify that the property exists.
At C:\Program Files\WindowsPowerShell\Modules\azureadexporter\1.0.908740\Connect-AzureADExporter.ps1:35 char:5
+     $global:TenantID = (Get-MgContext).TenantId
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], PropertyNotFoundException
    + FullyQualifiedErrorId : PropertyNotFoundStrict

I'm not sure if you want to go down the route of supporting different instance logins with the Connect-AzureADExporter module, or if you just want to direct people to manually connecting with Connect-MgGraph if they use an instance other than Global.

PR #14 has been submitted with a simple change to allow the instance\environment name to be specified. I have tested this with a GCC-High instance successfully so far.

Thanks! Sam

merill commented 2 years ago

Merged PR and a new build is being published.