EWS-Office365-Contact-Sync
EWS-Office365-Contact-Sync copied to clipboard
grahamr975
ERROR Failed to Sync-ContactList for [email protected] A constructor was not found. Cannot find an appropriate constructor for type Microsoft.Exchange.WebServices.Data.OAuthCredentials.
Hi,
I got this error ERROR Failed to Sync-ContactList for [email protected] A constructor was not found. Cannot find an appropriate constructor for type Microsoft.Exchange.WebServices.Data.OAuthCredentials.
Can someone help me with this?
I got the same issue, issue with modernauth.
if i disable modernauth it connects
!update!
It seems to be happening in:
$AADcredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential" -ArgumentList $Credentials.UserName.ToString(), $Credentials.GetNetworkCredential().password.ToString() $token = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($Context,"https://outlook.office365.com",$ClientId,$AADcredential).result $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken)
I did notice that the exchange api is now missing in office 365, while this application is calling that api (outlook.office365.com) with guid d3590ed6-52b3-4102-aeff-aad2292ab01c
The strange thing is that negotiaite auth is still working, while i expect Microsoft to first end that type of authentication. before closing the exchange api and forcing us to Graph
ModernAuth still works in my environment just fine (Exchange Online). Unfortunately, I don't have the resources or time to test in other environments. Can you confirm that you followed the new README instructions and manually unblocked the included .dll files?
I am thinking of redesigning this script in Graph API, but just don't currently have the time.
I have the same issue.
ERROR Failed to Sync-ContactList for [email protected] Cannot convert argument "ctx", with value: "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext", for "AcquireTokenAsync" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext": "Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext"."
The weird thing is that it worked fine a couple of days ago.
Hi Graham, first, thanks for providing your work and your efforts!
I do have the same issue, that login to EWS via ModernAuth is failing.
Yes, I have read redme and unblocked the DLLs and exported the credentials of the service account to a xml. the svc has got ApplicationImpersonation in Exchange.
I ran: .\EWSContactSync.ps1 -FolderName 'testsync' -LogPath 'C:\temp\EWS-Office365-Contact-Sync' -MailboxList '[email protected]' -ClientID 'my-Azure-EWS-App-ID' -ModernAuth -ExcludeContactsWithoutPhoneNumber -ExcludeSharedMailboxContacts -CredentialPath "C:\temp\svc-acc.xml"
The first error I got was: Failed to Sync-ContactList for [email protected] No constructor found. No suitable constructor can be found for the Microsoft.Exchange.WebServices.Data.OAuthCredentials type. As I said, DLLs are unblocked.
I did some research and found this line in Connect-EXCExchange.ps1: 104: $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken) I changed it to: 104: $service.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token.AccessToken It was just a try, as I found this way in another script.
Then the error turned into: ERROR Failed to Sync-ContactList for [email protected] Exception when calling "AutodiscoverUrl" with 2 argument(s): "Credentials are required to make a service request."
So this didn't work out. I hope this helps in some way, and I hope you have a suggestions for me, what I can still try..?
Btw., you are checking for EWS dll files this way: $EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Web Services'|Sort-Object Name -Descending| Select-Object -First 1 -ExpandProperty Name)).'Install Directory') + "Microsoft.Exchange.WebServices.dll")
This doesn't return a path, if you have installed the EWS API via "Install-Package Exchange.WebServices.Managed.Api -Version 2.2.1.2". This way it does: $EWSDLL = (Get-ChildItem -Path "$(split-path $((Get-Package -Name 'Exchange.WebServices.Managed.Api').Source) -Parent)\Microsoft.Exchange.WebServices.dll" -Recurse).FullName Just for your information and for a future version. :)
Cheers, Csarly
@Csarly Can you try to bypass MFA via trusting the IP of the server you're running the script on, per the guide below? Let me know.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-adfs#trusted-ips-for-federated-users
Hi @grahamr975 , I was trying to use the script with cloud only users and mailboxes. The admin account with ApplicationImpersonation permission in Exchange is not activated for MFA. I was running the script from my notebook and desktop pc. Was it intended to run on a on-premises member server? Thanks, regards, Csarly
Hi @grahamr975 , I just discovered it was a layer8 issue ( me ;) ). In the azure application, in the authentication screen, Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !
This wasn't mentioned here: https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/
Thanks Ryan!
Hi @grahamr975 , I just discovered it was a layer8 issue ( me ;) ). In the azure application, in the authentication screen, Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !
This wasn't mentioned here: https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/
Thanks Ryan!
Can you maybe write an little manual how to get it work with api connection?
For now its working for me onprem. But i want to deactivade basic auth. So want to use also the api connection.
How did you write your ps1 script can you share it?
hi @nldenic , I'm new to GitHub, I am trying to find my way around to provide you with my version... Thanks for your patience.
Hello all,
I just wrote up a guide on how to apply certificate-based authentication to the script, which should resolve this error. See commit 9fcfe1f06192848882564615dd9aa05e71d69970.