search

microsoft / powerbi-powershell

PowerShell community for Microsoft PowerBI. Here you will find resources and source for PowerShell modules targeting PowerBI.
MIT License
346 stars 120 forks source link

Connect-PowerBIServiceAccount: issue connecting #80

Closed MichaelDotEarly closed 5 years ago

MichaelDotEarly commented 6 years ago

I am trying connecting in PS using the cmd: Connect-PowerBIServiceAccount -Environment Public -Credential (Get-Credential) -ServicePrincipal

I tried with my account, PowerBI Admin for our tenant and I am getting error.

When looking at the details, it's like the domain part @domainname.com has got removed.

Here are the details: PS C:\WINDOWS\system32> Connect-PowerBIServiceAccount -Credential (Get-Credential) -ServicePrincipal cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Connect-PowerBIServiceAccount : One or more errors occurred. At line:1 char:1

PS C:\WINDOWS\system32> Resolve-PowerBIError -Last

HistoryId: 43

Message : AADSTS70001: Application with identifier 'adm-blabla' was not found in the directory analysis.windows.net Trace ID: 2dd34999-9fd3-4521-863b-22e8ac011c00 Correlation ID: 36c2570a-5452-4ee9-bafd-23bd11409a57 Timestamp: 2018-09-10 14:49:34Z StackTrace : at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.d22`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.d21`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.d72.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.d69.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.d59.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.d57.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d33.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d59.MoveNext() Exception : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException InvocationInfo : {Connect-PowerBIServiceAccount} Line : Connect-PowerBIServiceAccount -Credential (Get-Credential) -ServicePrincipal Position : At line:1 char:1

Message : Response status code does not indicate success: 400 (BadRequest). StackTrace : Exception : System.Net.Http.HttpRequestException InvocationInfo : {Connect-PowerBIServiceAccount} Line : Connect-PowerBIServiceAccount -Credential (Get-Credential) -ServicePrincipal Position : At line:1 char:1

Message : {"error":"unauthorized_client","error_description":"AADSTS70001: Application with identifier 'adm-blabla' was not found in the directory analysis.windows.net\r\nTrace ID: 2dd34999-9fd3-4521-863b-22e8ac011c00\r\nCorrelation ID: 36c2570a-5452-4ee9-bafd-23bd11409a57\r\nTimestamp: 2018-09-10 14:49:34Z","error_codes":[70001],"timestamp":"2018-09-10 14:49:34Z","trace_id":"2dd34999-9fd3-4521-863b-22e8ac011c00","correlation_id":"36c2570a-5452-4ee9-bafd-23bd11409a57"}: Unknown error StackTrace : Exception : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException InvocationInfo : {Connect-PowerBIServiceAccount} Line : Connect-PowerBIServiceAccount -Credential (Get-Credential) -ServicePrincipal Position : At line:1 char:1

CodeCyclone commented 6 years ago

We don't support passing user crendentials in that cmdlet when -ServicePrincipal switch is added. This is meant for AAD App-Only authentication where you create an AAD application, with the username being the client ID of the AAD application and the password is the secret key of the AAD application. Power BI APIs currently don't support App-Only authentication but that is actively being worked on. So the PowerShell cmdlets are ahead of the curve on this.

We are considering adding support for passing in user credentials into the cmdlet (where -ServicePrincipal isn't specified). Or exposing a switch parameter to force device code authentication.

MichaelDotEarly commented 6 years ago

So how would one use PowerShell script to pull PowerBI Workspace/Dataset information? My goal is to have, as an admin, knowledge of who is owning our PowerBI Worksapces and Dataset so that we can rout incoming access request to the right persons. To do so I was planning in collecting all Workspaces/Datasets using the appropriate PowerBI cmdlets, then leverage Get-UnifiedGroupLinks to get the Owners. Thanks. I have an admin powerBI Account different from my standard login in my company. Also my plan is to run this effort as regular scheduled job, so that I can expose this to end users to make life easier for everyone.

shietpas commented 6 years ago

Based on a separate issue, it also appears that the ServicePrincipal authentication is also not working...results in Unauthorized (401) error. Based on this, is there any way to run the Admin API commands in unattended mode, or must we wait for this expanded support (for stored credentials) or a fix to the ServicePrincipal?

MichaelDotEarly commented 6 years ago

Any update on this? Thank you.

dfaa502 commented 6 years ago

@CodeCyclone any update on passing in user credentials into the Connect-PowerBIServiceAccount (where -ServicePrincipal isn't specified)

fmms commented 5 years ago

@dfaa502 seems to be work ongoing at https://github.com/Microsoft/powerbi-powershell/tree/cc/UserNameAndPassword which should be about the issue in #49 and #59 .

CodeCyclone commented 5 years ago

Correct this will be in the next release which will be out later this week. You can call Connect-PowerBIServiceAccount -Credential (Get-Credential)

CodeCyclone commented 5 years ago

Update to Connect-PowerBIServiceAccount -Credential was released in https://www.powershellgallery.com/packages/MicrosoftPowerBIMgmt/1.0.342