Share via

Assigned Service Principal (Enterprise application) Sharepoint Admin role and it still can't perform sharepoint tasks with runbook. Status 'Unauthorized'

ASaurdiff 101 Reputation points
2021-02-12T18:22:11.677+00:00

I am creating a process for with Azure Automation. I would like the process to be fully void of user credential (as expected). When I log into PnPonline with the Service Principal I try and run an operation that a Sharepoint Admin can do. My account is Sharepoint Admin, I can do it (tested already). The Service Principal that I have ALSO given Sharepiont Admin role too cannot.

When I look at the Enterprise Application or App registration, the Sharepoint Admin role doesn't appear. If I go to the "Roles and Administrators" tab and look under "Assigned Users" for the at role the application is there. I am unaware of what I am missing, but this is one of the last steps I have in this project (is to secure and pull out all credentials) I hope someone can help me soon.
Here is the output error: 

get-PnpUserProfileProperty : The remote server returned an error: (401) Unauthorized.
At line:32 char:13
+ $userUrl = (get-PnpUserProfileProperty -Account $UserPrincipalName |  ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (:) [Get-PnPUserProfileProperty], WebException
    + FullyQualifiedErrorId : EXCEPTION,PnP.PowerShell.Commands.UserProfiles.GetUserProfileProperty
You cannot call a method on a null-valued expression.
At line:32 char:1
+ $userUrl = (get-PnpUserProfileProperty -Account $UserPrincipalName |  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,171 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Koen Zomers MSFT 1 Reputation point Microsoft Employee
    2021-02-18T22:48:40.587+00:00

    Hi @ASaurdiff . Sounds like you're mixing up a few things. To confirm, can you share your Connect-PnPOnline line that you use. Please replace actual values such as client id, client secret, base 64 endoded certificate, client credentials and tenant name with dummy information.

    Have a look at using Register-PnPAzureADApp to create a new App Registration in your Azure Active Directory and use that with Conntect-PnPOnline -Url https://tenant-admin.sharepoint.com -ClientId <clientId> -CertificatePath <path to the PFX file> -Tenant tenant.onmicrosoft.com