Get-PnPList e on SharePoint 2019 will return this error "(403)Forbidden"

john john 946 Reputation points
2022-09-29T11:19:03.967+00:00

I have SharePoint on-premises 2019 and using Site collection administrator i am trying to get a list using PnP Power Shell, the Connect-PnPOnline worked fine, but trying to get any list or site will return this error :-

246024-image.png

any advice ? i read about this error, and most articles mentioned that it is a permission issue, but i am using the site collection administrator.

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,839 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,406 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Tong Zhang_MSFT 9,121 Reputation points
    2022-09-30T06:19:19.217+00:00

    Hi @john john ,

    According to my research and testing, I can use Get-PnPList successfully ,here is my test result:
    246354-01.png

    As a troubleshooting, please follow this checklist to check Executequery 403 forbidden error in SharePoint Online PowerShell:

    1. You may have provided the credentials of another tenant, which would end up with this error message (Happens when working with multiple tenants!) So make sure the URL and credentials are correct.
    2. You may be missing the SharePoint Online Client Component SDK on your client computer. Make sure you have the latest version installed and the referenced DLL paths are correct.
    3. You may be attempting to access a site that you don’t have access to! Verify your access to the site by browsing to it. Having Tenant Admin or SharePoint Online Administrator roles doesn’t gain your access to SharePoint sites automatically. You have to add yourself to the site explicitly: How to Add Site collection Administrator to SharePoint Online using PowerShell?
    4. The site may be in locked state! You can check the lock status and unlock: How to Lock/Unlock Sites in SharePoint Online?
    5. You may need to be in your organization network with a compliant device as per the conditional access policies of your tenant.
    6. The credential you pass must be of type “SharePointOnlineCredentials”.

    More information for reference: SharePoint Online: Fix “The remote server returned an error: (403) Forbidden.” Error in PowerShell

    Hope it can help you. Thanks for your understanding.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



  2. Limitless Technology 44,001 Reputation points
    2022-09-30T08:51:38.797+00:00

    Hello there,

    The “403 Forbidden” error might occur because of one of the following conditions:

    -Your browser cache has to be cleared.
    -Your permissions to the file haven’t replicated correctly on the server.
    -Your OneDrive site is locked.
    -An issue affects your organization’s SharePoint Online services.

    Follow this checklist to resolve Executequery 403 forbidden error in SharePoint Online PowerShell:

    -You may have provided the credentials of another tenant, which would end up with this error message (Happens when working with multiple tenants!) So make sure the URL and credentials are correct.
    -You may be missing the SharePoint Online Client Component SDK on your client computer. Make sure you have the latest version installed and the referenced DLL paths are correct.
    -The site may be in a locked state! You can check the lock status and unlock: How to Lock/Unlock Sites in SharePoint Online?
    -You may need to be in your organization network with a compliant device as per the conditional access policies of your tenant.
    -The credential you pass must be of type “SharePointOnlineCredentials”.

    ----------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  3. Lark Hawk 1 Reputation point
    2022-11-03T00:15:00.737+00:00

    Both the previous answers ignore that your SharePoint is on-prem, not online, and have some steps that only apply to SharePoint Online (logged in with another tenant's credentials?). But it is the on-prem that is key in understanding your issue. The PnP.PowerShell module doesn't support on-premise installations. There is some confusion about this, and there were attempts made to get PnP.PowerShell to work with on-prem (the -TransformationOnPrem flag). But Microsoft documentation as of May 2022 says that PnP.PowerShell doesn't support on-premise farms: benefits-of-using-powershell-with-sharepoint.

    My solution was to Uninstall PnP.PowerShell module and install the legacy SharePointPnPPowerShell2019 module. The legacy module is no longer being maintained or updated, but at least it works with on-premise farms.

    From PowerShell, run "Uninstall-Module PnP.PowerShell". Once that completes, run "Install-Module SharePointPnPPowerShell2019" (or 2016 or 2013, depending on your version of SharePoint).

    After I got the legacy module installed, I was able to successfully run commands like Get-PnPList without the 403 errors.

    0 comments No comments