m365-gender-pronoun-kit
m365-gender-pronoun-kit copied to clipboard
merill
Issue running invoke-pronounsync.psq
Hello, I've run everything up to the invoke script. The pronoun field shows up in SharePoint custom properties, I confirmed the app and API permissions were set. When I run the script I get the below error for every user. Can anyone help?
Get-PnPUserProfileProperty : Attempted to perform an unauthorized operation. At E:\Invoke-PronounSync.ps1:48 char:20
- ... $pnpUser = Get-PnPUserProfileProperty -Account $aadUser.UserPrincipa ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : WriteError: (:) [Get-PnPUserProfileProperty], ServerUnauthorizedAccessException
- FullyQualifiedErrorId : EXCEPTION,PnP.PowerShell.Commands.UserProfiles.GetUserProfileProperty
Thanks
Looks like a permission issue. Do you have access to the SharePoint tenant admin?
See https://pnp.github.io/powershell/cmdlets/Get-PnPUserProfileProperty.html
Hi Merill, That's what everything points to. I'm a global/Sharepoint admin and can open the SharePoint admin site.
In the same boat here. Same error, same global/SP admin permissions.
So I was getting the issue that @MschnyderISDSI and @curthendzell-lbbs. I was able to get past that after running the Connect-PnPOnline -Url 'https://tenantadmin-admin.sharepoint.com' -Interactive
But now when it runs and catches someone who updated their Pronoun
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
+ $res = Invoke-RestMethod -Headers @{Authorization = "Bearer $acce ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
So, I've tried to run the Invoke-pronunsync powershell, but it's still coming back Get-PnPUserProfileProperty : Attempted to perform an unauthorized operation. I've got Sharepoint Admin access, as well as global 365 admin rights on the same account. Everything else seems to have worked okay I even tried following what jrollmann suggested, using the connect-pnponline first, but still errored out
Are you connecting to the nnnnn-admin.sharepoint.com site when calling Connect-PnPOnline?
Are you connecting to the nnnnn-admin.sharepoint.com site when calling Connect-PnPOnline?
Yes, and it connects fine
Does this happen with all users or just some?
BTW Are your users synced from on-prem AD or are these cloud users?
Ah, got it. So the script to update the extension attribute in Azure AD will only work for cloud users. If your users are synced from on-prem you will need to tweak the script to make it update Active Directory.
Set-ADUser –Identity $ThisUser -add @{"extensionattribute1"="MyString"}
Ah, got it. So the script to update the extension attribute in Azure AD will only work for cloud users. If your users are synced from on-prem you will need to tweak the script to make it update Active Directory.
Set-ADUser –Identity $ThisUser -add @{"extensionattribute1"="MyString"}
Hi,
Sorry, to ask a silly question, but where abouts in the invoke script does this need adding?
Cheers
You can comment out lines 54-59 (which updates AAD) and instead use the Set-ADUser.
Hi,
Sorry I’m being a pain now. I’ve tried to change the code but it still wasn’t running correctly, hence the attached file.
Just wondering, if you could take a look, and advise where I’m going wrong.
Thanks
Jeremy Brooks Invoke-PronounSync - Copy.txt
Hi. I am also getting errors when running invoke-pronounsync. I ran Powershell ISE as Admin using on-prem domain admin account and elevated my Azure role to Global Admin. I have verified the app permissions in Azure Enterprise Apps. On initial run, I received this error for every user: Get-PnPUserProfileProperty : Attempted to perform an unauthorized operation. Invoke-PronounSync.ps1:48 char:20
- ... $pnpUser = Get-PnPUserProfileProperty -Account $aadUser.UserPrincipa ...
- CategoryInfo : WriteError: (:) [Get-PnPUserProfileProperty], ServerUnauthorizedAccessException
I thought that odd because a "get" operation should not be trying to write anything, but following advise in the above thread I ran connect-pnponline -interactive.
I am now getting the above error for every user, and for some users I am also getting: Invoke-RestMethod : The remote server returned an error: (400) Bad Request. Invoke-PronounSync.ps1:32 char:12
-
$res = Invoke-RestMethod -Headers @{Authorization = "Bearer $acce ... - CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
My users are on-prem and sync'd to Azure, so I tried adjusting the script as indicated above. However, I'm getting the same result. Any help or direction on this would be much appreciated!
@merill still getting issues trying to get this to work, with the lines commented out, I get this: At C:\pronoun\Invoke-PronounSync.ps1:52 char:79
- ... -ADUser –Identity $aadUser -add @{"extensionattribute1"="MyString"}
-
~~
The string is missing the terminator: ". At C:\pronoun\Invoke-PronounSync.ps1:46 char:42
-
foreach ($aadUser in $aadUsers.value){ -
~
Missing closing '}' in statement block or type definition. At C:\pronoun\Invoke-PronounSync.ps1:45 char:3
- do{
- ~ Missing closing '}' in statement block or type definition. At C:\pronoun\Invoke-PronounSync.ps1:55 char:49
- } while ($null -ne $aadUsers.'@odata.nextLink')
-
~
Missing while or until keyword in do loop. + CategoryInfo : ParserError: (:) [], ParseException + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString
Hello All, Please see a working script for on premise Azure AD Sync attatched. Also ensure your App has the following permissions (Picture Attatched) in Azure AD.
[https://github.com/merill/m365-gender-pronoun-kit/files/9490079/Invoke-PronounSync.txt]
This is excellent @CabbageandBean. Thanks a lot for sharing!
Would you like to submit a PR to add this script to the repository?
Hi @CabbageandBean I've tested your script, and it's running through my directory without an issue, though I'm sure I tried what you've done, and couldn't get it to run, one thing I've noticed, is that it's not updating accounts, if there is an entry in the cloud, wonder if anyone has any thoughts?
What Version of windows server are you running? Also please replace "-add" with "-replace" on line 54. No errors when running it no? Have your users set their pronouns via the Sharepoint contact card?
@CabbageandBean running on a Win 22 Server, running as a DC. Even with the replace, it just scrolls through, it's like it's not reading the Pronoun field, that was setup through Sharepoint / Delve.
When it runs through, it just shows checking, when it gets to my account, which I've amended the Pronoun in the cloud, it just shows checking
When it runs through, it just shows checking, when it gets to my account, which I've amended the Pronoun in the cloud, it just shows checking
So it appears that it isn't getting past the Write Host - Checking part of the script. Log into PNP powershell manually and see if you can run Get-PnPUserProfileProperty -Account "your email" and make sure it retuns the correct value without error
I've found out what the issue was, when I'd created the field to alter in Sharepoint, I'd called it UserPronoun, so it couldn't pick up the field, I removed that field, and re-created it calling it Pronoun and updated the field on Sharepoint and when I ran the script it worked and updated my Account. Thanks for the pointers.