search

pnp / PnP-PowerShell

SharePoint PnP PowerShell CmdLets
https://pnp.github.io/powershell
Other
987 stars 665 forks source link

[BUG] Apply-PnPTenantTemplate suddenly throwing AAD Errors #2848

Closed acksoft closed 3 years ago

acksoft commented 3 years ago

This may be a "core" issue, but I am not sure so I am cross-posting

Expected behavior

Apply-PnPTenantTemplate should apply the template to the tenant

Actual behavior

After working without issue for several weeks, Apply-PnPTenant Template is now throwing an AAD Error:

Apply-PnPTenantTemplate : AADSTS500011: The resource principal named https://https://graph.microsoft.com// was not found in the tenant 
named <tenant>.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or 
consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: b3936d45-f62a-46cd-a4bd-93419e996900
Correlation ID: 1703aca4-2433-4b4f-b159-6017e44ec262
Timestamp: 2020-08-17 17:44:29Z
At line:1 char:1
+ Apply-PnPTenantTemplate -Path .\Output\AT02_20200817094222.xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (:) [Apply-PnPTenantTemplate], MsalServiceException
    + FullyQualifiedErrorId : EXCEPTION,PnP.PowerShell.Commands.Provisioning.Tenant.ApplyTenantTemplate

Steps to reproduce behavior

The code reads in an empty tenant template, adds some team definitions, exports the .xml and then attempts to apply the generated xml to the tenant. The empty tenant template starts out like this:

<?xml version="1.0"?>
<pnp:Provisioning xmlns:pnp="http://schemas.dev.office.com/PnP/2020/02/ProvisioningSchema">
  <pnp:Preferences Generator="OfficeDevPnP.Core, Version=3.23.2007.0, Culture=neutral, PublicKeyToken=5e633289e95c321a" />
  <pnp:Templates ID="CONTAINER-DUMMY-a3f13435-a9e4-48b4-97cd-0924665fd37f" />
</pnp:Provisioning>

When my processing is complete, the template in memory generates this seemingly correct output (references to our tenant have been obscured):

<?xml version="1.0"?>
<pnp:Provisioning xmlns:pnp="http://schemas.dev.office.com/PnP/2020/02/ProvisioningSchema">
  <pnp:Preferences Generator="OfficeDevPnP.Core, Version=3.24.2008.0, Culture=neutral, PublicKeyToken=5e633289e95c321a" />
  <pnp:Templates ID="CONTAINER-DUMMY-073d0fea-980f-4153-ae8a-8b2bb69af82a" />
  <pnp:Teams>
    <pnp:Team DisplayName="Team Joe" Description="Team that promotes all things Joe" Visibility="Public" Specialization="None" MailNickname="TeamJoe">
      <pnp:FunSettings />
      <pnp:GuestSettings AllowCreateUpdateChannels="false" />
      <pnp:MembersSettings AllowCreatePrivateChannels="false" />
      <pnp:MessagingSettings />
      <pnp:Security>
        <pnp:Owners>
          <pnp:User UserPrincipalName="Joe@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="Alex@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="<tenant>@<tenant>.onmicrosoft.com" />
        </pnp:Owners>
        <pnp:Members>
          <pnp:User UserPrincipalName="DiegoS@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="AdeleV@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="LeeG@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="PattiF@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="AlexW@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="MiriamG@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="NestorW@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="GradyA@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="HenriettaM@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="IsaiahL@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="JohannaL@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="MeganB@<tenant>.onmicrosoft.com" />
        </pnp:Members>
      </pnp:Security>
      <pnp:DiscoverySettings ShowInTeamsSearchAndSuggestions="false" />
      <pnp:Channels>
        <pnp:Channel DisplayName="Soccer" Description="Soccer Channel" ID="TeamJoeSoccer" />
        <pnp:Channel DisplayName="TV" Description="TV Channel" ID="TeamJoeTV" />
        <pnp:Channel DisplayName="Knitting" Description="Knitting Channel" ID="TeamJoeKnitting" Private="true" />
      </pnp:Channels>
    </pnp:Team>
    <pnp:Team DisplayName="Team Alex" Description="Team that promotes all things Alex" Visibility="Public" Specialization="None" MailNickname="TeamAlex">
      <pnp:FunSettings />
      <pnp:GuestSettings AllowCreateUpdateChannels="false" />
      <pnp:MembersSettings AllowCreatePrivateChannels="false" />
      <pnp:MessagingSettings />
      <pnp:Security>
        <pnp:Owners>
          <pnp:User UserPrincipalName="Joe@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="Alex@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="<tenant>@<tenant>.onmicrosoft.com" />
        </pnp:Owners>
        <pnp:Members>
          <pnp:User UserPrincipalName="AlexW@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="MiriamG@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="NestorW@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="GradyA@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="HenriettaM@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="IsaiahL@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="JohannaL@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="MeganB@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="PradeepG@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="LynneR@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="LidiaH@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="JoniS@<tenant>.onmicrosoft.com" />
          <pnp:User UserPrincipalName="vivek@<tenant>.onmicrosoft.com" />
        </pnp:Members>
      </pnp:Security>
      <pnp:DiscoverySettings ShowInTeamsSearchAndSuggestions="false" />
      <pnp:Channels>
        <pnp:Channel DisplayName="Baseball" Description="Baseball Channel" ID="TeamAlexBaseball" />
        <pnp:Channel DisplayName="Movies" Description="Movies Channel" ID="TeamAlexMovies" />
      </pnp:Channels>
    </pnp:Team>
  </pnp:Teams>
</pnp:Provisioning>

As I mentioned above, I have been using this same code and its output for weeks, but now I am receiving the error listed at the top of this message, which pretty clearly is a Azure AD problem. Perhaps something has changed in the way that the command is calling MS-Graph? In any case, please let me know if this is something that others are experiencing -- I've been applying this template in the same way for some time but now am getting this error I cannot explain.

Thanks.

Which version of the PnP-PowerShell Cmdlets are you using?

What is the version of the Cmdlet module you are running?

3.24.2008.0

How did you install the PnP-PowerShell Cmdlets?

erwinvanhunen commented 3 years ago

I can confirm this to be an issue. We are currently looking into what is causing this.

erwinvanhunen commented 3 years ago

We found the reason causing this issue and we most likely will do an updated release of PnP Sites Core and PnP PowerShell on Thursday.