The export steps work fine until it gets to some DirectoryRoles.
I have run the Connect-AzureADExporter command, I am running as a Global Administrator, and the user does not need MFA?
In this run it is the Attribute Assignment Reader role.
Invoke-MgGraphRequest : Code: generalException
Message: Unexpected exception returned from MSAL.
At C:\Program Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\internal\Invoke-Graph.ps1:116 char:48
+ ... $results = Invoke-MgGraphRequest -Method GET -Uri $uriQueryEndpointF ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-MgGraphRequest], AuthenticationException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
PS C:\> $Error[0] | Select-Object *
writeErrorStream : True
PSMessageDetails :
Exception : Microsoft.Graph.Auth.AuthenticationException: Code: generalException
Message: Unexpected exception returned from MSAL.
---> Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50196: The server terminated an
operation because it encountered a client request loop. Please contact your app vendor.
Trace ID: 4c78c73f-bb81-41f6-a2ba-7d0b2fd1a100
Correlation ID: aa47e6ed-c509-4025-a912-e486ee7d3029
Timestamp: 2022-07-22 14:11:17Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse
response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response,
RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__11`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at
Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at
Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__
11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at
Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.Mov
eNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at
Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<GetNewAccessTokenAsync>d__18.MoveNext()
--- End of inner exception stack trace ---
at
Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<GetNewAccessTokenAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<AuthenticateRequestAsync>d__17.Mo
veNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Graph.AuthenticationHandler.<SendAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest.<GetResponseAsync>
d__105.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)
at Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest.<ProcessRecordAsyn
c>d__120.MoveNext()
TargetObject :
CategoryInfo : NotSpecified: (:) [Invoke-MgGraphRequest], AuthenticationException
FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at Invoke-Graph<Process>, C:\Program
Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\internal\Invoke-Graph.ps1: line 116
at Export-AzureAD, C:\Program
Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\Export-AzureAD.ps1: line 112
at Export-AzureAD, C:\Program
Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\Export-AzureAD.ps1: line 140
at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {0, 1}
The export steps work fine until it gets to some DirectoryRoles. I have run the
Connect-AzureADExporter
command, I am running as a Global Administrator, and the user does not need MFA?In this run it is the Attribute Assignment Reader role.