powershell
powershell copied to clipboard
pnp
[BUG] - Unable to groupify site with Azure Function and Managed Identity
I try to groupify a SharePoint site by an Azure function under an managed identity. I can do many actions by a managed identity like create a new site, provision a pnp template, set theme, add group owners and members. But I cannot groupify a SharePoint team site. I got this error:
2024-07-09T18:46:25Z [Error] ERROR: An error occurred while processing this request.
Exception :
Type : System.Management.Automation.PSInvalidOperationException
ErrorRecord :
Exception :
Type : System.Management.Automation.ParentContainsErrorRecordException
Message : An error occurred while processing this request.
HResult : -2146233087
CategoryInfo : InvalidOperation: (:) [], ParentContainsErrorRecordException
FullyQualifiedErrorId : InvalidOperation
TargetSite :
Name : ProcessRecord
DeclaringType : PnP.PowerShell.Commands.Base.PnPConnectedCmdlet
MemberType : Method
Module : PnP.PowerShell.dll
Message : An error occurred while processing this request.
Source : PnP.PowerShell
HResult : -2146233079
StackTrace :
at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPConnectedCmdlet.cs:line 101
at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPSharePointCmdlet.cs:line 131
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
CategoryInfo : InvalidOperation: (:) [Add-PnPMicrosoft365GroupToSite], PSInvalidOperationException
FullyQualifiedErrorId : InvalidOperation,PnP.PowerShell.Commands.Admin.AddMicrosoft365GroupToSite
InvocationInfo :
MyCommand : Add-PnPMicrosoft365GroupToSite
ScriptLineNumber : 28
OffsetInLine : 1
HistoryId : 1
ScriptName : C:\home\site\wwwroot\ModifyExistingSite\run.ps1
Line : Add-PnPMicrosoft365GroupToSite -Url $targetProjectSiteURL -Alias "contosokhha" -DisplayName "contosokhha" -KeepOldHomePage
PositionMessage : At C:\home\site\wwwroot\ModifyExistingSite\run.ps1:28 char:1
+ Add-PnPMicrosoft365GroupToSite -Url $targetProjectSiteURL -Alias "con …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSScriptRoot : C:\home\site\wwwroot\ModifyExistingSite
PSCommandPath : C:\home\site\wwwroot\ModifyExistingSite\run.ps1
InvocationName : Add-PnPMicrosoft365GroupToSite
CommandOrigin : Internal
ScriptStackTrace : at <ScriptBlock>, C:\home\site\wwwroot\ModifyExistingSite\run.ps1: line 28
Expected behavior I expect no errors, and a group based SharePoint site
Steps to reproduce behavior
Connect-PnPOnline -ManagedIdentity -Url "[https://myCompany-admin.sharepoint.com" Add-PnPMicrosoft365GroupToSite -Url "https://myCompany.sharepoint.com/teams/someNonGroupBasedTeamSite" -Alias "someNonGroupBasedTeamSite" -DisplayName "someNonGroupBasedTeamSite" -KeepOldHomePage
What is the version of the Cmdlet module you are running? 2.5.0
Which operating system/environment are you running PnP PowerShell on? Azure Functions
I implemented these API permissions on my managed itentity/azure function. Do I miss some API permission?
I can confirm the same issue when connecting with app id and certificate:
When connecting with -Interactive , somehow I get a different error:
Add-PnPMicrosoft365GroupToSite: User does not have permissions to Groupify
Is this still an issue ? The user running this needs to be the site collection admin of the site which is to be groupified. If possible, please try with tomorrow's or later nightly builds and let us know .
Hello, we investigated this.
It is a backend API issue. You need to use delegated permissions for this cmdlet and ensure that you are the site collection admin of the site getting groupified . Application permissions wont work in this case. We can't fix it from PnP PowerShell side as we are consuming SPO endpoints.