azure-activedirectory-powershell icon indicating copy to clipboard operation
azure-activedirectory-powershell copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Revoke-AzureADUserAllRefreshToken fails

Open Acenl12 opened this issue 4 years ago • 0 comments

I tried to Revoke-AzureADUserAllRefreshToken for a user but that fails while I have the authentication administrator and user administrator elevated by PIM. That fails with the following error:

 Get-AzureADUser -All:$true -SearchString username | Revoke-AzureADUserAllRefreshToken 
Revoke-AzureADUserAllRefreshToken : Error occurred while executing RevokeUserAllRefreshTokens
Code: Authorization_RequestDenied
Message: Access to invalidate refresh tokens operation is denied.
RequestId: 863a01c8-84bc-443d-815b-e09cb7a633e7
DateTimeStamp: Mon, 21 Dec 2020 12:35:15 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:82
 | Revoke-AzureADUserAllRefreshToken | 
+                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Revoke-AzureADUserAllRefreshToken], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RevokeUserAllRefreshTokens

Environment data

$PSVersionTable

Name Value

PSVersion 5.1.19041.610 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.19041.610 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1

Acenl12 avatar Dec 21 '20 12:12 Acenl12