Hi Gents,
I'm trying to use the Graph SDK to manage organization contacts for internal employees via a runbook.
I see from the MS documentation that app-only authentication is supported:
https://learn.microsoft.com/en-us/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=powershell
Therefore, I’m connecting as follows:
$Connection = Get-AutomationConnection -Name “AzureRunAsConnectionGraph”
Connect-MgGraph -ClientID $Connection.ApplicationId -TenantId $Connection.TenantId -CertificateThumbprint $Connection.CertificateThumbprint
$context = Get-MgContext
$context.Scopes
Here is the output:
Welcome To Microsoft Graph!
TeamMember.Read.All
User.ReadWrite.All
Group.Read.All
Directory.Read.All
GroupMember.Read.All
Team.ReadBasic.All
MailboxSettings.Read
Contacts.ReadWrite
Mail.Send
MailboxSettings.ReadWrite
Contacts.Read
Despite using the app-only authentication and having "Contacts.ReadWrite" permission, I’m getting "access is denied" errors on all below commands:
- Get-MgUserContactFolder $folderStaffDirectory = Get-MgUserContactFolder -UserId $Mbx.UserPrincipalName | Where-Object {$_.DisplayName -eq $folderName}
- New-MgUserContactFolder New-MgUserContactFolderContact -UserId $Mbx.UserPrincipalName -BodyParameter $params -ContactFolderId $folderStaffDirectory.Id -DisplayName $Contact.DisplayName -CompanyName $Contact.CompanyName -Department $Contact.Department -JobTitle $Contact.JobTitle -PersonalNotes $OrgNotes -MobilePhone $Contact.Mobile
- Get-MgUserContactFolderContact [array]$ContactsInMbx = Get-MgUserContactFolderContact -UserId $Mbx.UserPrincipalName -ContactFolderId $folderStaffDirectory.Id -All
- New-MgUserContactFolderContact $folderStaffDirectory = New-MgUserContactFolder -UserId $Mbx.UserPrincipalName -BodyParameter $paramsFolder
Error example:
Get-MgUserContactFolder : Access is denied. Check credentials and try again. At line:91 char:2 + $folderStaffDirectory = Get-MgUserContactFolder -UserId $Mbx.User ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ UserId = conf..., Property = }:<>f__AnonymousType317) [Get-MgUserContactFolder_List1], RestException1 + FullyQualifiedErrorId : ErrorAccessDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgUserContactFolder_List1
Is there anything wrong that I'm doing ?
Please feel free whether you need more details.
Thanks in advance.
Cheers,
Patrick