I am currently writing an Azure Powershell function to reset an AD Users password.
I have a Registered App with the Microsoft Graph User.ReadWrite.All and UserAuthenticationMethod.ReadWrite.All permissions.
I am trying to connect to Azure Active Directory using the app with the following code.
$AzurePassword = ConvertTo-SecureString $ApplicationSecret -AsPlainText -Force
$ADCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $AzurePassword
Connect-AzAccount -TenantId $TenantId -Credential $ADCredential -ServicePrincipal
$aadToken = Get-AzAccessToken -Resource "https://graph.windows.net/"
Connect-AzureAD -AadAccessToken $aadToken -AccountId $ApplicationId -TenantId $TenantId
The above code doesn't error, but as soon as I try to retrieve a user I get an error.
$User = Get-AzureADUser -ObjectId $Email
The error...
2021-05-15T14:00:28.385 [Error] ERROR: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedOriginInfo : localhostException :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord : …Message : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMicrosoft.Azure.WebJobs.Script.Workers.Rpc.RpcException : Result: ERROR: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedOriginInfo : localhostException :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord :Exception :Type : System.Management.Automation.RemoteExceptionSerializedRemoteException : Microsoft.Open.AzureAD16.Client.ApiException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: Completedat Microsoft.Open.AzureAD16.Client.Configuration.<>c.<.cctor>b__47_0(String methodName, IRestResponse response) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Client\Configuration.cs:line 188at Microsoft.Open.AzureAD16.Api.UserApi.GetUserWithHttpInfo(String tenantId, String objectId, String authorization, String cmdletName, String clientRequestId, String apiVersion, Nullable`1 all, Nullable`1 top, String skiptoken, String filter, String orderby) in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.Client\Api\UserApi.cs:line 2154at Microsoft.Open.AzureAD16.PowerShell.GetUser.ProcessRecord() in X:\bt\1205398\repo\src\dev\PowerShell.V2\AzureAD16.PowerShell\AzureAD16.PowerShell.AutoGen\API\UserApi.cs:line 258at System.Management.Automation.CommandProcessor.ProcessRecord()SerializedRemoteInvocationInfo : System.Management.Automation.InvocationInfoErrorRecord : …Message : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserMessage : Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedHResult : -2146233087CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiExceptionFullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUserException: Error occurred while executing GetUserCode: Authentication_MissingOrMalformedMessage: Access Token missing or malformed.HttpStatusCode: UnauthorizedHttpStatusDescription: UnauthorizedHttpResponseStatus: CompletedStack:
Using https://jwt.io/ I can see that the access token has the expected appid, tid and aud (https://graph.windows.net/).
I have followed the docs on connecting to AD, I am not to sure why I am getting the error, any help would be appreciated.
Regards,
Richard Tasker
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 69%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 68%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)