Configure.ps1 fails in powershell (project: '2. Web API now calls Microsoft Graph')

[jranxb70]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

In project '2. Web API now calls Microsoft Graph' try to utilize Configure.ps1 in AppCreationScripts. Any of the "Four ways to run the script" will do.

Any log messages given by the failure

The script will fail:

Get-AzureADUser : Error occurred while executing GetUser Code: Request_ResourceNotFound Message: Resource '[email protected]' does not exist or one of its queried reference-property objects are not present. RequestId: fbc2ba74-0509-499a-9da6-ced5cbdf82ea DateTimeStamp: Fri, 07 Apr 2023 18:53:59 GMT HttpStatusCode: NotFound HttpStatusDescription: Not Found HttpResponseStatus: Completed At line:1 char:1

• Get-AzureADUser -ObjectId "[email protected]"

•   + CategoryInfo          : NotSpecified: (:) [Get-AzureADUser], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser
  
  

Expected/desired behavior

Creating the AAD application (TodoListService(ms-identity-dotnet-native-aspnetcore-v2)) 'first.last_email.com#EXT#@organization.onmicrosoft.com' added as an application owner to app 'TodoListService(ms-identity-dotnet-native-aspnetcore-v2)' Done creating the service application (TodoListService(ms-identity-dotnet-native-aspnetcore-v2)) Getting access from 'service' to 'Microsoft Graph' Granted permissions. Creating the AAD application (TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)) 'first.last_email.com#EXT#@organization.onmicrosoft.com' added as an application owner to app 'TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)' Done creating the client application (TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)) Getting access from 'client' to 'service' Granted permissions. Configure known client applications for the 'service' Configured. Updating the sample code (C:\Users\name\source_2022\repository\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\AppCreationScripts..\TodoListService\appsettings.json) Updating the sample code (C:\Users\name\source_2022\repository\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\AppCreationScripts..\TodoListClient\App.Config)

---

IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal :

• For 'service'
  • Navigate to 'https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/09170e0c-895a-495f-a0d8-k88Grel56121/objectId/fb57304b-83ba-465d-bb15-alsha982h112/isMSAApp/'
  • Navigate to the Manifest page and change 'signInAudience' to 'AzureADandPersonalMicrosoftAccount'.
• For 'client'
  • Navigate to 'https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/2ff1469f-9edf-4450-9eb3-tup984581206/objectId/390b941e-3135-4a95-83cd-bo491aao9886/isMSAApp/'
  • Navigate to the Manifest page and change 'signInAudience' to 'AzureADandPersonalMicrosoftAccount'.
  • [Optional] If you are a tenant admin, you can navigate to the API Permissions page and select 'Grant admin consent for (your tenant)'

---

PS C:\Users\name\source_2022\repository\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\AppCreationScripts>

OS and Version?

Windows 10 Pro

Versions

21H2

Mention any other details that might be useful

I was able to pass the problem by using my object id in the script instead of the content of $creds.Account.Id :

# Get the user running the script to add the user as the app owner
write-host $creds.Account.Id
$user = Get-AzureADUser -ObjectId 2e77dddd-aaaa-bbbb-1111-xxxxxxxxxxxxx

#$creds.Account.Id

---

Thanks! We'll be in touch soon.