search

microsoft / EntraExporter

PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
https://aka.ms/EntraExporter
MIT License
572 stars 92 forks source link

403 Forbidden when used in PowerShell Core 7.3.7 (Azure DevOps pipeline) #57

Closed ztrhgf closed 10 months ago

ztrhgf commented 1 year ago

I've created an Azure application, grant it a "Global reader" role + all graph permission needed.

If used in PowerShell 5.1 on my local computer like:

$ApplicationId = "appid"
$SecuredPassword = "password"
$tenantID = "tenant.onmicrosoft.com"

$SecuredPasswordPassword = ConvertTo-SecureString -String $SecuredPassword -AsPlainText -Force
$ClientSecretCredential = New-Object `
    -TypeName System.Management.Automation.PSCredential `
    -ArgumentList $ApplicationId, $SecuredPasswordPassword

Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential -NoWelcome

Export-Entra "C:\prod-backup" -All

everything works fine and Azure settings are backed up. If the same code is called inside the Azure DevOps pipeline, it throws an error err3

Any ideas what is going on? The same Graph and EntraExported modules version are used.

ztrhgf commented 1 year ago

OK so I have narrowed this issue down and the problem is with PowerShell Core 7.3.7. Even on local device when using this PSH version export fails err4

kenxukordia commented 11 months ago

I am having the same issue with PS 7, I used graph explorer to call the same endpoint and received same error.

This will work https://graph.microsoft.com/beta/organization/tenantID

When you add settings to the end like below. it starts erroring out https://graph.microsoft.com/beta/organization/tenantID/settings

I am now thinking that "settings" is not a valid after / as per graphexplorer

Screenshot 2023-11-09 at 12 55 27

merill commented 10 months ago

This has been fixed now. Please update to the latest version