microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.59k stars 500 forks source link

AADConditionalAccessPolicy: Could not load file or assembly 'Microsoft.Graph.Authentication.Core, Version=1.20.0.0 #2846

Closed JABlueSC closed 1 year ago

JABlueSC commented 1 year ago

Details of the scenario you tried and the problem that is occurring

Trying to export existing DSC config for AADCondtionalAccessPolicy and the export is empty. export-m365dscconfiguration -credential $creds -components "AADConditionalAccessPolicy" -path c:\temp366dsc

Verbose logs showing the problem

[2023/01/24 05:26:24] {NotSpecified} System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Graph.Authentication.Core, Version=1.20.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. at Microsoft.Graph.PowerShell.Module.d5.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Microsoft.Graph.PowerShell.Module.OnCmdletBeginProcessing(String id, CancellationToken cancellationToken, Func1 getEventData, Func4 signal, InvocationInfo invocationInfo) at Microsoft.Graph.PowerShell.Module.d4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.PowerShell.Module.d35.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.PowerShell.Cmdlets.GetMgIdentityConditionalAccessPolicy_List.d__78.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at Microsoft.Graph.PowerShell.Cmdlets.GetMgIdentityConditionalAccessPolicy_List.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin() ---> (Inner Exception #0) System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Graph.Authentication.Core, Version=1.20.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. File name: 'Microsoft.Graph.Authentication.Core, Version=1.20.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.Graph.PowerShell.Module.d5.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Microsoft.Graph.PowerShell.Module.OnCmdletBeginProcessing(String id, CancellationToken cancellationToken, Func1 getEventData, Func4 signal, InvocationInfo invocationInfo) at Microsoft.Graph.PowerShell.Module.d4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.PowerShell.Module.d35.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.PowerShell.Cmdlets.GetMgIdentityConditionalAccessPolicy_List.d__78.MoveNext()

Suggested solution to the issue

NA

The DSC configuration that is used to reproduce the issue (as detailed as possible)


# insert configuration here
export-m365dscconfiguration -credential $creds -components "AADConditionalAccessPolicy" -path c:\temp366dsc

#### The operating system the target node is running
<!--

OsName               : Microsoft Windows 10 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US}
-->

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.23.118.1
andikrueger commented 1 year ago

Could you please run

Update-M365DSCModule

This will update the module and remove old dependencies.

JABlueSC commented 1 year ago

After running update I now get this: 2023/01/27 01:45:04] {InvalidOperation} Microsoft.Graph.PowerShell.Runtime.RestException`1[Microsoft.Graph.PowerShell.Models.IMicrosoftGraphODataErrorsOdataError]: You cannot perform the requested operation, required scopes are missing in the token. "Error during Export:" at Get-MgIdentityConditionalAccessPolicy, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.20.0\exports\v1.0-beta\ProxyCmdletDefinitions.ps1: line 6160 at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\DSCResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.psm1: line 1647 at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\modules\M365DSCReverse.psm1: line 615 at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\modules\M365DSCUtil.psm1: line 1193 at , : line 1

NikCharlebois commented 1 year ago

What version of PowerShell are you using and where are your modules installed (what path)?

JABlueSC commented 1 year ago

Name Value


PSVersion 5.1.19041.2364 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.19041.2364 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1

PS C:\WINDOWS\system32> export-m365dscconfiguration -credential $creds -components "AADConditionalAccessPolicy" -path c:\temp\365dsc1 -verbose VERBOSE: No existing connections to Microsoft Graph Exporting Microsoft 365 configuration for Components: AADConditionalAccessPolicy

Authentication methods specified:

VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\DSCResources\MSFT_AADAdministrativeUnit\MSFT_AADAdministrati veUnit.psm1'. VERBOSE: Importing function 'Export-TargetResource'. VERBOSE: Importing function 'Get-TargetResource'. VERBOSE: Importing function 'Set-TargetResource'. VERBOSE: Importing function 'Test-TargetResource'. VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\DSCResources\MSFT_AADApplication\MSFT_AADApplication.psm1'. VERBOSE: Importing function 'Export-TargetResource'. VERBOSE: Importing function 'Get-TargetResource'. VERBOSE: Importing function 'Set-TargetResource'. VERBOSE: Importing function 'Test-TargetResource'. VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\DSCResources\MSFT_AADAuthorizationPolicy\MSFT_AADAuthorizati onPolicy.psm1'. VERBOSE: Importing function 'Export-TargetResource'. VERBOSE: Importing function 'Get-TargetResource'. VERBOSE: Importing function 'Set-TargetResource'. VERBOSE: Importing function 'Test-TargetResource'. VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.125.1\DSCResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditi onalAccessPolicy.psm1'. VERBOSE: Importing function 'Export-TargetResource'. VERBOSE: Importing function 'Get-TargetResource'. VERBOSE: Importing function 'Set-TargetResource'. VERBOSE: Importing function 'Test-TargetResource'.

NikCharlebois commented 1 year ago

Looks like you have a conflicting dependency somewhere. What I would do is run the following lines to see if you have any conflicting modules and ensure you only have 1 instance of each module. If you find you have multiple ones, I would manually remove them.

    $manifest = Import-PowerShellDataFile "C:\program files\windowspowershell\modules\Microsoft365DSC\1.23.125.1\Dependencies\Manifest.psd1"
    $dependencies = $manifest.Dependencies

    foreach ($dependency in $dependencies)
    {
        Get-Module $dependency.ModuleName -ListAvailable
    }
JABlueSC commented 1 year ago

[2023/02/01 03:53:58] {InvalidOperation} Microsoft.Graph.PowerShell.Runtime.RestException`1[Microsoft.Graph.PowerShell.Models.IMicrosoftGraphODataErrorsOdataError]: You cannot perform the requested operation, required scopes are missing in the token. "Error during Export:" at Get-MgIdentityConditionalAccessPolicy, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.21.0\exports\v1.0-beta\ProxyCmdletDefinitions.ps1: line 6160 at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.201.1\DSCResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.psm1: line 1647 at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.201.1\modules\M365DSCReverse.psm1: line 615 at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.201.1\modules\M365DSCUtil.psm1: line 1193 at , : line 1

JABlueSC commented 1 year ago

PS C:\WINDOWS\system32> $manifest = Import-PowerShellDataFile "C:\program files\windowspowershell\modules\Microsoft365DSC\1.23.201.1\Dependencies\Manifest.psd1" PS C:\WINDOWS\system32> $dependencies = $manifest.Dependencies PS C:\WINDOWS\system32> PS C:\WINDOWS\system32> foreach ($dependency in $dependencies)

{
    Get-Module $dependency.ModuleName -ListAvailable
}
Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version Name ExportedCommands


Manifest 1.3.0.6 DSCParser ConvertTo-DSCObject Script 3.1.0 ExchangeOnlineManagement {Get-ConnectionInformation, Get-EXOCasMailbox, Get-EXOMail... Script 1.21.0 Microsoft.Graph.Applications {Add-MgApplicationKey, Add-MgApplicationPassword, Add-MgSe... Script 1.21.0 Microsoft.Graph.Authentication {Connect-MgGraph, Disconnect-MgGraph, Get-MgContext, Get-M... Script 1.21.0 Microsoft.Graph.DeviceManagement {Get-MgDeviceManagement, Get-MgDeviceManagementAdvancedThr... Script 1.21.0 Microsoft.Graph.DeviceManagement... {Get-MgDeviceManagementApplePushNotificationCertificate, G... Script 1.21.0 Microsoft.Graph.DeviceManagement... {Get-MgDeviceManagementAndroidDeviceOwnerEnrollmentProfile... Script 1.21.0 Microsoft.Graph.Devices.Corporat... {Clear-MgDeviceAppMgtWindowInformationProtectionDeviceRegi... Script 1.21.0 Microsoft.Graph.Groups {Add-MgGroupDriveListContentTypeCopy, Add-MgGroupDriveList... Script 1.21.0 Microsoft.Graph.Identity.Directo... {Complete-MgDirectoryImpactedResource, Complete-MgDirector... Script 1.21.0 Microsoft.Graph.Identity.Governance {Add-MgAccessReviewDecision, Add-MgAccessReviewInstanceDec... Script 1.21.0 Microsoft.Graph.Identity.SignIns {Confirm-MgInformationProtectionSignature, Confirm-MgRisky... Script 1.21.0 Microsoft.Graph.Planner {Get-MgGroupPlanner, Get-MgGroupPlannerPlan, Get-MgGroupPl... Script 1.21.0 Microsoft.Graph.Teams {Add-MgChatMember, Add-MgTeamChannelMember, Add-MgTeamMemb... Script 1.21.0 Microsoft.Graph.Users {Get-MgUser, Get-MgUserCreatedObject, Get-MgUserDirectRepo... Script 1.21.0 Microsoft.Graph.Users.Actions {Add-MgUserChatMember, Add-MgUserDriveListContentTypeCopy,... Script 2.0.155 Microsoft.PowerApps.Administrati... {New-AdminPowerAppCdsDatabase, Get-AdminPowerAppCdsDatabas... Script 4.9.3 MicrosoftTeams {Add-TeamChannelUser, Add-TeamUser, Connect-MicrosoftTeams... Script 1.0.103 MSCloudLoginAssistant {Test-MSCloudLogin, Connect-M365Tenant, Invoke-MSCloudLogi... Manifest 1.12.0 PnP.PowerShell {Add-PnPAdaptiveScopeProperty, Add-PnPPropertyBagValue, Ad... Manifest 2.0.0.13 ReverseDSC {Get-DSCParamType, Get-DSCBlock, Get-DSCFakeParameters, Ge...

PS C:\WINDOWS\system32>

andikrueger commented 1 year ago

Are you still seeing this issue with the latest version of M365DSC? You can run Update-M365DSCModule to get the latest version.

JABlueSC commented 1 year ago

No I still get following error: [2023/02/15 02:38:36] {InvalidOperation} Microsoft.Graph.PowerShell.Runtime.RestException`1[Microsoft.Graph.PowerShell.Models.IMicrosoftGraphODataErrorsOdataError]: You cannot perform the requested operation, required scopes are missing in the token. "Error during Export:" at Get-MgIdentityConditionalAccessPolicy, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.21.0\exports\v1.0-beta\ProxyCmdletDefinitions.ps1: line 6160 at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.208.1\DSCResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.psm1: line 1647 at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.208.1\modules\M365DSCReverse.psm1: line 615 at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.208.1\modules\M365DSCUtil.psm1: line 1193 at , : line 1

NikCharlebois commented 1 year ago

Can you please share the output of running the following with us?

Get-Module "Microsoft.Graph.*" -ListAvailable  
JABlueSC commented 1 year ago

PS C:\WINDOWS\system32> Get-Module "Microsoft.Graph.*" -ListAvailable

Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version Name ExportedCommands


Script 1.21.0 Microsoft.Graph.Applications {Add-MgApplicationKey, Add-MgApplicationPassword, Add-MgServicePrincipalKey, Add-MgServicePrincipalPa... Script 1.21.0 Microsoft.Graph.Authentication {Connect-MgGraph, Disconnect-MgGraph, Get-MgContext, Get-MgProfile...}
Script 1.21.0 Microsoft.Graph.DeviceManagement {Get-MgDeviceManagement, Get-MgDeviceManagementAdvancedThreatProtectionOnboardingStateSummary, Get-Mg... Script 1.21.0 Microsoft.Graph.DeviceManagement... {Get-MgDeviceManagementApplePushNotificationCertificate, Get-MgDeviceManagementAuditEvent, Get-MgDevi... Script 1.21.0 Microsoft.Graph.DeviceManagement... {Get-MgDeviceManagementAndroidDeviceOwnerEnrollmentProfile, Get-MgDeviceManagementAndroidForWorkEnrol... Script 1.21.0 Microsoft.Graph.Devices.Corporat... {Clear-MgDeviceAppMgtWindowInformationProtectionDeviceRegistration, Get-MgDeviceAppMgt, Get-MgDeviceA... Script 1.21.0 Microsoft.Graph.Groups {Add-MgGroupDriveListContentTypeCopy, Add-MgGroupDriveListContentTypeCopyFromContentTypeHub, Add-MgGr... Script 1.21.0 Microsoft.Graph.Identity.Directo... {Complete-MgDirectoryImpactedResource, Complete-MgDirectoryRecommendation, Confirm-MgAdministrativeUn... Script 1.21.0 Microsoft.Graph.Identity.Governance {Add-MgAccessReviewDecision, Add-MgAccessReviewInstanceDecision, Add-MgIdentityGovernanceAccessReview... Script 1.21.0 Microsoft.Graph.Identity.SignIns {Confirm-MgInformationProtectionSignature, Confirm-MgRiskyServicePrincipalCompromised, Confirm-MgRisk... Script 1.21.0 Microsoft.Graph.Planner {Get-MgGroupPlanner, Get-MgGroupPlannerPlan, Get-MgGroupPlannerPlanBucket, Get-MgGroupPlannerPlanDeta... Script 1.21.0 Microsoft.Graph.Teams {Add-MgChatMember, Add-MgTeamChannelMember, Add-MgTeamMember, Add-MgTeamPrimaryChannelMember...}
Script 1.21.0 Microsoft.Graph.Users {Get-MgUser, Get-MgUserCreatedObject, Get-MgUserDirectReport, Get-MgUserExtension...}
Script 1.21.0 Microsoft.Graph.Users.Actions {Add-MgUserChatMember, Add-MgUserDriveListContentTypeCopy, Add-MgUserDriveListContentTypeCopyFromCont...

NikCharlebois commented 1 year ago

Something, somewhere is causing a conflict. At this stage, I would recommend manually removing all the dependencies specified in the manifest file and then running Update-M365DSCModule to start with a clean slate.

andikrueger commented 1 year ago

Recently I have seen a similar issue with dependencies not being properly available. Please run Get-Module and check if all modules are under c:\program file\windowspowershell\modules

NikCharlebois commented 1 year ago

Closing due to inactivity