microsoft
Getting errors during compile of: Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
Description of the issue
After upgrading to Release 1.24.1113.1, when I tried to run the DSC .ps1 to compile, all AADServicePrincipal blocks threw these types of errors: Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'. At C:\Users\rick\Documents\files\My Documents\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12151 char:9 In the ConfigurationData.psd1 file I do have the Application ID in " quotes: NonNodeData = @( @{ # Tenant's default verified domain name OrganizationName = "XXX.onmicrosoft.com"
# Azure AD Application Id for Authentication
ApplicationId = "d6289338-xxxxx"
# The Id or Name of the tenant to authenticate against
TenantId = "XXX.onmicrosoft.com"
# Azure AD Application Secret for Authentication
ApplicationSecret = "xxx"
}
)
I couldn't figure out how to fix it in this line in the .ps1: ApplicationId = $ConfigurationData.NonNodeData.ApplicationId;
So I ended up having to comment out ALL of the blocks in order to get the ps1 file to compile successfully. Is there a fix or workaround for this?
Thanks, Rick
Microsoft 365 DSC Version
1.24.1113.1
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
Verbose logs showing the problem
PS C:\Users\rick\Documents\files\My Documents\scripts\Microsoft365DSC_More_AAD> cd "C:\Users\rick\Documents\files\My Documents\scripts\Microsoft365DSC_More_AAD\"
. .\M365TenantConfig_M365x648977_Backup.ps1
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12131 char:9
+ AADServicePrincipal "AADServicePrincipal-3eb2b82f-db5c-4631-a ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12151 char:9
+ AADServicePrincipal "AADServicePrincipal-ead21ab2-6575-4c7c-8 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12171 char:9
+ AADServicePrincipal "AADServicePrincipal-6686d539-4dc9-4659-9 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12200 char:9
+ AADServicePrincipal "AADServicePrincipal-7182a742-e561-4c2b-a ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12220 char:9
+ AADServicePrincipal "AADServicePrincipal-078dc035-d009-416a-8 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12240 char:9
+ AADServicePrincipal "AADServicePrincipal-6ce8fd29-38ff-46c9-a ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12260 char:9
+ AADServicePrincipal "AADServicePrincipal-e9f6f7cc-5a1a-4582-8 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12284 char:9
+ AADServicePrincipal "AADServicePrincipal-d7e4770d-79eb-4f1e-9 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12304 char:9
+ AADServicePrincipal "AADServicePrincipal-ee23e8c1-1793-47f5-9 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
At C:\Users\rick\Documents\files\My Documents\Security and Compliance\Azure
AD\scripts\Microsoft365DSC_More_AAD\M365TenantConfig_M365x648977_Backup.ps1:12325 char:9
+ AADServicePrincipal "AADServicePrincipal-4323bd8b-c682-44be-9 ...
+ ~~~~~~~~~~~~~~~~~~~
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : MissingValueForMandatoryProperty
Environment Information + PowerShell Version
OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 26100.1.amd64fre.ge_release.240331-1435
OsLanguage : en-US
OsMuiLanguages : {en-US}
Key : PSVersion
Value : 5.1.26100.2161
Name : PSVersion
Key : PSEdition
Value : Desktop
Name : PSEdition
Key : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name : PSCompatibleVersions
Key : BuildVersion
Value : 10.0.26100.2161
Name : BuildVersion
Key : CLRVersion
Value : 4.0.30319.42000
Name : CLRVersion
Key : WSManStackVersion
Value : 3.0
Name : WSManStackVersion
Key : PSRemotingProtocolVersion
Value : 2.3
Name : PSRemotingProtocolVersion
Key : SerializationVersion
Value : 1.1.0.1
Name : SerializationVersion
This resource has both AppId, which refers to the app associated with the Service Principal, and ApplicationId, which is normally pulled from your configdata file. The error you listed above refers to the former. Make sure AppId is provided as string.
But @NikCharlebois , in the errors listed in the verbose output, they are all pointing to lines that look like this line in the .ps1: ApplicationId = $ConfigurationData.NonNodeData.ApplicationId;
Those lines don't refer to AppId, only ApplicationId. Can you give me a bigger hint as to where I find where AppId is not properly typed as a string? And is this fixup a workaround? The code generates the .ps1 script not me so I didn't specifically type AppId anywhere I can think of.
Thanks, Rick
@NikCharlebois I'm getting the same error and it looks like AppId is no longer extracted in the AADServicePrincipal config files. The PR #5335 has changed how the AppId attribute is populed, from $AADServicePrincipal.AppId to $appInstance.DisplayName. (Line 312 - MSFT_AADServicePrincipal.psm1)
Can we get this fixed? Thanks!
Well. I have just upgraded to version 1.25.115.1, and the error is still there:
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'. At C:\Users\Administrator\Downloads\DSC\Configurations\01. AAD\M365TenantConfig-AAD.ps1:8648 char:9
-
AADServicePrincipal "AADServicePrincipal-10" -
~~~~~~~~~~~~~~~~~~~
What makes things worse is that previously each 'AADServicePrincipal' section contained the ApplicationId parameter, and to fix the issue it was enough to rename it to AppId. Now these sections don't have either ApplicationId or AppId, but AppId is still required for some reason.
I am having the same problem with Microsoft365DSC version 1.25.115.1. I am unable to execute the M365TenantConfig.ps1 file.
Error: Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'.
There is no property included in the AADServicePrincipal sections for AppID
The AppId is the key property that uniquely identifies the resource. It can be the AppId of the associated Service Principal, or it can be the display name of it. But it must be specified in the M365TenantConfig.ps1 file.
I have the same issue... some of the Service Principals do not have "AppID" exported and others do. Both SPs have a displayname, but for some reason the export doesn't add the DisplayName to the AppID value
I have the same issue since updating to 1.25.430.1, about a third of our Service Principals have no AppID, but do have an ApplicationID
Comparing the same app (note same object ID) between a config file from a previous DSC version and 1.25.430.1, the new version is not recording the appID for some apps. In every app that is missing an AppID, it is also identifying them as AADServicePrincipal-XX (with XX being a arbitrary number starting from 1), rather than AADServicePrincipal-AppID
DSC 1.25.129.3
DSC 1.25.430.1
@Sheep-NZ Question here: If you authenticate to Microsoft Graph manually with PowerShell and then run the following commands, do you receive a value for it?
$AADServicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $ObjectId `
-Expand 'AppRoleAssignedTo' `
-ErrorAction Stop
$AADServicePrincipal.AppDisplayName # Should output the app id
This was changed in https://github.com/microsoft/Microsoft365DSC/commit/dd6679e76923c7ea5db5a552e2e8368b5169865d about two months ago. This would match with your description that it was working previously. I just cross-checked on my tenant and I found a couple of apps that don't have such an AppDisplayName set... Now trying to figure out how we can "fix" this.
@NikCharlebois Maybe you can shed some light here, I don't quite understand why you changed the export to use AppDisplayName instead of AppId. In my opinion, this should still be AppId and not the other. AppDisplayName can sometimes be empty, and this is e.g. the case for the following service principals:
- Microsoft Developer Sample Data Packs
- Microsoft Developer Sample Packs for SharePoint
- O365 LinkedIn Connection
But they do have a corresponding AppId, and the documentation of AADServicePrincipal doesn't quite say if this is the id or the display name here. But the name AppId implies that it's the application id and not the display name.
Hi Fabien When running your command using the objectID I used in the example above, I do not get an output for AppDisplayName. There is an AppID though. Same as your examples. This the same for quite a few of our Service Principals.
Would it break things if the code was to substitute AppID in for AppDisplayName if AppDisplayName is empty?
@Sheep-NZ I don't know. That would be a workaround, but I'd rather have a feedback of @NikCharlebois on this matter since he was the last one to change it. But if it comes to it, I'll open a PR that checks if the AppDisplayName is empty and in the case of yes, it'll be replaced by the AppId (as it was previously).
Hi Fabien When running your command using the objectID I used in the example above, I do not get an output for AppDisplayName. There is an AppID though. Same as your examples. This the same for quite a few of our Service Principals.
Would it break things if the code was to substitute AppID in for AppDisplayName if AppDisplayName is empty?
Before we get too far down the road I wanted to clarify something: I'm seeing that the "Displayname" property of an SP is ALWAYS populated and exported (present in M365TenantConfig.ps1) and sometimes the APPID isn't exported (which is the opposite of what @Sheep-NZ is suggesting)... which causes other issues when trying to work with the exported M365TenantConfig.ps1 file (e.g. generate HTML report is the action that I was doing).
I just wanted to confirm that's what y'all were seeing or if we have variances with both attributes/values.
Hey @andypituch you might have misread what I was saying.
What I am seeing is that many applications do not have an AppDisplayName attribute when querying them with MSGraph. They all have an AppID when querying them with MSGraph.
However, it looks like the DSC module was recently updated to use AppDisplayName as the mapping for the AppID value in M365TenantConfig.ps1, instead of mapping the AppID attribute to the AppID value (this seems very odd to me, almost like a mistake was made?)
The result of this change is
- When the AppDisplayName attribute is blank (from MSGraph), the AppID value in M365TenantConfig.ps1 is blank. This breaks the export.
- The heading given to the name of the app is appended with an arbitrary number, eg "6" in the example I posted above. Presumably because it is looking for an AppID.
@Sheep-NZ Gotcha. I didn't look at the output of the Graph Cmdlet for the SP, but we're good and we're talking about the same issue! :)
When trying to run the following
#Use Microsoft365DSC to Compare Microsoft 365 Settings Over Time New-M365DSCDeltaReport –Source C:\M365\M365TenantConfig1.ps1 -Destination C:\M365\M365TenantConfig2.ps1 -OutputPath C:\M365\Report\DiscrepancyReport.html
Getting the below error:
Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'. Any fix for this?
