search

timmcmic / DLConversionV2

MIT License
44 stars 9 forks source link

Unable to migrate Multiple DL #155

Closed lsborroto closed 5 months ago

lsborroto commented 9 months ago

I connected using: Connect-MgGraph -TenantId "a9" -AppId "14" -CertificateThumbprint "96" for the app I assigned the following provilegies: image

Then run: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE ALthough I get an error during the migration: BEGIN NEW-msGraphADPowershellSession [12/19/2023 11:45:54 AM] - **** [12/19/2023 11:45:54 AM] - Making MS Graph connection using interactive credentials. [12/19/2023 11:45:54 AM] - Unable to make ms graph connection using interactive authentication. [12/19/2023 11:45:54 AM] - https://timmcmic.wordpress.com/2023/04/11/office-365-distribution-list-migrations-version-2-0-part-33/ connect-mgGraph : Key not valid for use in specified state.

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\new-msGraphPowershellSession.ps1:88 char:17

It works for singlemigrations.

timmcmic commented 9 months ago

Just went ahead and ran a bulk test and do not have a repro on this version. Does it reproduce from other machines?

From: lsborroto @.> Sent: Tuesday, December 19, 2023 5:54 PM To: timmcmic/DLConversionV2 @.> Cc: Subscribed @.***> Subject: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

I connected using: Connect-MgGraph -TenantId "a9" -AppId "14" -CertificateThumbprint "96" for the app I assigned the following provilegies: image.png (view on web)https://github.com/timmcmic/DLConversionV2/assets/59449977/f38027cf-1176-49ca-a97f-c465d17246b0

Then run: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE ALthough I get an error during the migration: BEGIN NEW-msGraphADPowershellSession [12/19/2023 11:45:54 AM] - **** [12/19/2023 11:45:54 AM] - Making MS Graph connection using interactive credentials. [12/19/2023 11:45:54 AM] - Unable to make ms graph connection using interactive authentication. [12/19/2023 11:45:54 AM] - https://timmcmic.wordpress.com/2023/04/11/office-365-distribution-list-migrations-version-2-0-part-33/ connect-mgGraph : Key not valid for use in specified state.

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\new-msGraphPowershellSession.ps1:88 char:17

It works for singlemigrations.

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6ISJ3QOD4PDJHZBNRDYKILJVAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA2DSNJVHE3DMMI. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

lsborroto commented 9 months ago

Sorry I uploaded the wrong log, The error that I am getting is BEGIN GET-AZUREADDLCONFIGURATION [12/19/2023 4:27:46 PM] - **** get-mgGroup : Insufficient privileges to complete the operation.

Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-19T22:27:47

Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 12063aa0-ea23-4c68-af3a-eeec3688e8bd client-request-id : 1d6c325a-e8c2-4411-bbbc-f7c8402ed3bc x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"DS1PEPF0000D102"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Tue, 19 Dec 2023 22:27:46 GMT

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\get-msGraphDLConfiguration.ps1:46 char:13

timmcmic commented 9 months ago

When you make the graph connection - can you execute get-mgGroup and get-MGGroupMembership

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 1:13 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

Sorry I uploaded the wrong log, The error that I am getting is BEGIN GET-AZUREADDLCONFIGURATION [12/19/2023 4:27:46 PM] - **** get-mgGroup : Insufficient privileges to complete the operation.

Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-19T22:27:47

Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 12063aa0-ea23-4c68-af3a-eeec3688e8bd client-request-id : 1d6c325a-e8c2-4411-bbbc-f7c8402ed3bc x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"DS1PEPF0000D102"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Tue, 19 Dec 2023 22:27:46 GMT

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\get-msGraphDLConfiguration.ps1:46 char:13

lsborroto commented 9 months ago

nop I got the same error: Get-MgGroup : Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-20T18:22:36 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 56830ec8-214c-4ef6-98f5-9b9698fe33d6 client-request-id : 80219716-01dd-4a54-8787-ec59be476a17 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"DS1PEPF0000D102"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 20 Dec 2023 18:22:36 GMT At line:1 char:1

How do you perform the authentication with Microsoft Graph

timmcmic commented 9 months ago

Then something is wrong with the permissions applications.

Make sure you're connecting with -scopes User.Read.All and Group.Read.All

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 1:24 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

nop I got the same error: Get-MgGroup : Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-20T18:22:36 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 56830ec8-214c-4ef6-98f5-9b9698fe33d6 client-request-id : 80219716-01dd-4a54-8787-ec59be476a17 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"DS1PEPF0000D102"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 20 Dec 2023 18:22:36 GMT At line:1 char:1

How do you perform the authentication with Microsoft Graph

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1864934780, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6PQ7YPMNRLBIGOIJJDYKMUMZAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRUHEZTINZYGA. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

How can you connect with the scopes? I added the command line used. Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE -msGraphTenantID "9" -msGraphCertificateThumbprint "6" -msGraphApplicationID "4"

timmcmic commented 9 months ago

Connect-MGGraph -scopes {User.Read.All,Group.Read.All} and then the rest of your certificate information.

See if you get prompted for authorization.

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 2:10 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

How can you connect with the scopes? I added the command line used. Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE -msGraphTenantID "9" -msGraphCertificateThumbprint "6" -msGraphApplicationID "4"

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1864999220, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6PG5JAYWE4RYKZF7PTYKMZYBAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRUHE4TSMRSGA. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

AS there is not way to link both steps on just one, I did: Connect-MgGraph -Scopes "Group.Read.All,AuditLog.Read.All,Group.ReadWrite.All,MailboxSettings.Read,Organization.Read.All,User.Read.All" (entered my global admin credentials) then I run: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE -msGraphTenantID "9" -msGraphCertificateThumbprint "6" -msGraphApplicationID "4" I checked the get-mgcontect: ClientId : 14d82eec-204b-4c2f-b7e8-296a70dab67e Although the application that I registered is: msGraphApplicationID: 101a11a2-ac89-4f12-9f41-9cb9c2fb1e34 I am trying to get how does the script perform the authentication. I was able to run get-mggroup, but when I performed the migration the issue persists. Error: BEGIN GET-AZUREADDLCONFIGURATION [12/20/2023 12:36:44 PM] - **** get-mgGroup : Insufficient privileges to complete the operation.

Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-20T18:36:45

Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 7732eb79-c811-4c84-b97e-c005419d13eb client-request-id : 0b094482-78bb-4330-a1dd-e2eb1c28e03a x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"DS3PEPF0000273D"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 20 Dec 2023 18:36:44 GMT

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\get-msGraphDLConfiguration.ps1:46 char:13

timmcmic commented 9 months ago

No - the first step is to ensure the scopes are valid that you need.

Connect-MgGraph -Scopes "Group.Read.All,AuditLog.Read.All,Group.ReadWrite.All,MailboxSettings.Read,Organization.Read.All,User.Read.All" (entered my global admin credentials)

You have to connect using the same method as you do in the script. Since you're using certificate auth - connect to graph using cert auth and specify the scopes. If you're prompted to consent to them - you're consent was not good and that's why you're getting a 403.

From: lsborroto @.> Sent: Wednesday, December 20, 2023 2:41 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

AS there is not way to link both steps on just one, I did: Connect-MgGraph -Scopes "Group.Read.All,AuditLog.Read.All,Group.ReadWrite.All,MailboxSettings.Read,Organization.Read.All,User.Read.All" (entered my global admin credentials) then I run: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE -msGraphTenantID "9" -msGraphCertificateThumbprint "6" -msGraphApplicationID "4" I checked the get-mgcontect: ClientId : 14d82eec-204b-4c2f-b7e8-296a70dab67e Although the application that I registered is: msGraphApplicationID: 101a11a2-ac89-4f12-9f41-9cb9c2fb1e34 I am trying to get how does the script perform the authentication. I was able to run get-mggroup, but when I performed the migration the issue persists. Error: BEGIN GET-AZUREADDLCONFIGURATION [12/20/2023 12:36:44 PM] - **** get-mgGroup : Insufficient privileges to complete the operation.

Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2023-12-20T18:36:45

Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 7732eb79-c811-4c84-b97e-c005419d13eb client-request-id : 0b094482-78bb-4330-a1dd-e2eb1c28e03a x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Central US","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"DS3PEPF0000273D"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 20 Dec 2023 18:36:44 GMT

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.20\get-msGraphDLConfiguration.ps1:46 char:13

lsborroto commented 9 months ago

how can you do that? "You have to connect using the same method as you do in the script. Since you're using certificate auth - connect to graph using cert auth and specify the scopes. If you're prompted to consent to them - you're consent was not good and that's why you're getting a 403." On my case do not allow me to combine Connect-MgGraph -TenantId "a572642d-a487-465d-b3b3-8528f6693f69" -AppId "101a11a2-ac89-4f12-9f41-9cb9c2fb1e34" -CertificateThumbprint "904BCD02E8C46BDDD149FCBD1AA118195330E806" and add the scopes. I can specify the scopes using the user name and password, or authenticate with the certificate without prompting for the scopes

timmcmic commented 9 months ago

Ok - when you run the this command:

Connect-MgGraph -TenantId "a572642d-a487-465d-b3b3-8528f6693f69" -AppId "101a11a2-ac89-4f12-9f41-9cb9c2fb1e34" -CertificateThumbprint "904BCD02E8C46BDDD149FCBD1AA118195330E806" -scopes "User.Read.All,Group.Read.All"

Tell me if this works and does not prompt for consent.

From: lsborroto @.> Sent: Wednesday, December 20, 2023 2:48 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

how can you do that? "You have to connect using the same method as you do in the script. Since you're using certificate auth - connect to graph using cert auth and specify the scopes. If you're prompted to consent to them - you're consent was not good and that's why you're getting a 403." On my case do not allow me to combine Connect-MgGraph -TenantId "a572642d-a487-465d-b3b3-8528f6693f69" -AppId "101a11a2-ac89-4f12-9f41-9cb9c2fb1e34" -CertificateThumbprint "904BCD02E8C46BDDD149FCBD1AA118195330E806" and add the scopes. I can specify the scopes using the user name and password, or authenticate with the certificate without prompting for the scopes

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1865043240, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6KN5VZI3PEF7AYXZXDYKM6FLAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGA2DGMRUGA. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

PS C:\Users\administrador.FTC365> Connect-MgGraph -TenantId "69" -AppId "4" -CertificateThumbprint "96" -scopes "User.Read.All,Group.Read.All" Connect-MgGraph : Parameter set cannot be resolved using the specified named parameters. At line:1 char:1

lsborroto commented 9 months ago

Connect-MgGraph doesn't allow to combine the app, certificate and tenant with the scopes.

timmcmic commented 9 months ago

It should because that's the structure of the command I use in the script.

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 2:52 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

Connect-MgGraph doesn't allow to combine the app, certificate and tenant with the scopes.

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1865047568, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6IBIBPOKDGYKGFAOSDYKM6UVAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGA2DONJWHA. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

I am trying to get it done, should i run on this way: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE Connect-MgGraph -TenantId "69" -AppId "4" -CertificateThumbprint "96" -scopes "User.Read.All,Group.Read.All"

timmcmic commented 9 months ago

No!

The connect-MGGraph command is just a test. It has nothing to do with the start-* command of the module.

The 403 means the permissions necessary have not been authorized. So you use connect-MGGraph with scopes and cert auth to ensure that the permission are granted. I'm not sure why it's failing beyond that.

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 3:01 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

I am trying to get it done, should i run on this way: Start-MultipleDistributionListMigration -globalCatalogServer dc.ftc365.local -activeDirectoryCredential $onpremcred -groupSMTPAddresses $groups -aadConnectServer DC.ftc365.local -aadConnectCredential $onpremcred -logFolderPath c:\multiple -exchangeOnlineCredential $cloudCredc -exchangeServer exc2016.ftc365.local -exchangeCredential $onpremcred -exchangeAuthenticationMethod Kerberos -enableHybridMailflow:$TRUE -dnNoSyncOU "OU=NoSync,DC=ftc365,DC=local" -overrideCentralizedMailTransportEnabled:$TRUE Connect-MgGraph -TenantId "69" -AppId "4" -CertificateThumbprint "96" -scopes "User.Read.All,Group.Read.All"

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1865057811, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6JGOZJTA4OYXZTB5BTYKM7YBAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGA2TOOBRGE. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

Do you have those permissions ? "The 403 means the permissions necessary have not been authorized. " You are right I am trying to understand how does the tool call the permissions

timmcmic commented 9 months ago

The tool does not call the permissions. The permissions are granted to the enterprise app by first connecting to graph and consenting.

Once the consent is done - then the script uses the same information (cert / tenant / etc) to handle it.

Tim

From: lsborroto @.> Sent: Wednesday, December 20, 2023 3:04 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

Do you have those permissions ? "The 403 means the permissions necessary have not been authorized. " You are right I am trying to understand how does the tool call the permissions

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1865061519, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6PXMAGAQVWNSU2ZXV3YKNAENAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGA3DCNJRHE. You are receiving this because you commented.Message ID: @.**@.>>

lsborroto commented 9 months ago

In addition of the permission assigned through the App directly, you must add the application on one of the administrative roles. image

It was the step missing.

lsborroto commented 9 months ago

Imdo not recommend the global admin role, but it worked on my case.

timmcmic commented 9 months ago

I’ve not had to add any administrative roles for graph.

Tim

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday – Wednesday 08:00 – 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

From: lsborroto @.> Sent: Wednesday, December 20, 2023 5:43 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Unable to migrate Multiple DL (Issue #155)

In addition of the permission assigned through the App directly, you must add the application on one of the administrative roles. image.png (view on web)https://github.com/timmcmic/DLConversionV2/assets/59449977/8ddb5332-1afa-4af9-9359-ab0059eca512

It was the step missing.

— Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/155#issuecomment-1865240212, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6IBBTKCSVF7ZFILWMDYKNS2DAVCNFSM6AAAAABA35ACSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGI2DAMRRGI. You are receiving this because you commented.Message ID: @.***>