Get-MgDirectoryOnPremiseSynchronization : Insufficient privileges to complete the operation as the Global Administrator?

EnterpriseArchitect 4,741 Reputation points
2024-04-18T12:41:45.9966667+00:00

What are the additional required permissions on top of the Global Administrator to execute the below read only command?

Connect-MgGraph -Scopes OnPremDirectorySynchronization.ReadWrite.All 

Get-MgDirectoryOnPremiseSynchronization

The error I am getting is:

Get-MgDirectoryOnPremiseSynchronization : Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied

  • Get-MgDirectoryOnPremiseSynchronization
  •     + CategoryInfo          : InvalidOperation: ({ Top = , Skip ... , Headers =  }:<>f__AnonymousType13`9) [Get-MgDirectory...ronization_List], Exception
    + FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgDirectoryOnPremiseSynchronization_List
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,530 questions
0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 28,061 Reputation points Microsoft Employee
    2024-04-24T11:59:12.54+00:00

    @EnterpriseArchitect Apologies for the delayed response, as per this documentation - https://learn.microsoft.com/en-us/graph/api/onpremisesdirectorysynchronization-update?view=graph-rest-1.0&tabs=http the user needs to be assigned the Global Administrator role. Even after this role, you are facing the above mentioned error ?

    1 person found this answer helpful.