Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MgBetaDirectoryAdministrativeUnit: beta graph remains broken after one year #5815

Open
bartvermeersch opened this issue Feb 20, 2025 · 0 comments
Open

MgBetaDirectoryAdministrativeUnit: beta graph remains broken after one year #5815

bartvermeersch opened this issue Feb 20, 2025 · 0 comments

Comments

@bartvermeersch
Copy link
Contributor

Description of the issue

New-MgBetaDirectoryAdministrativeUnit (and probably Update- remains broken in the beta graph. Its been already more than one year. I understand the issue is in the PowerShell graph, not in DSC. but after waiting another year, it would be nice to see some progress, hence I hope DSC can implement one of the two workarounds.

(It seems the workaround was implemented for Delete-)

Microsoft365DSC/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1

Lines 784 to 788 in dc91e11

# Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1
# https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
#Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id

microsoftgraph/msgraph-sdk-powershell#2529

Is it possible to switch to the v1.0 or use the invoke-mgGraphRequest workaround for New and Update as well?

DSC error:

2025-02-20T15:50:50.4968034Z ##[error][InternalServerError] : {"Message":"The OData path is invalid."}
    + CategoryInfo          : InvalidOperation: ({ Headers = , b...istrativeUnit }:) [], CimException
    + FullyQualifiedErrorId : InternalServerError,Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDirectoryAdministra 
   tiveUnit_CreateExpanded
    + PSComputerName        : localhost

If taken out the code from the DSC module to manually reproduce the issue:

$params = @{                                                                                             
>> description = 'Dynamic AU containing all System accounts'
>> displayName = 'System Accounts'
>> membershipRule = 'user.memberof -any (group.objectId -in ["9130000-0000-0000-0000-00008ca3c4ec"])'
>> membershipRuleProcessingState = 'on'
>> membershipType = 'Dynamic'
>> }
PS C:\> $t = New-MgBetaDirectoryAdministrativeUnit @params -debug
DEBUG: [CmdletBeginProcessing]: - New-MgBetaDirectoryAdministrativeUnit begin processing with parameterSet 'CreateExpanded'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [AdministrativeUnit.ReadWrite.All, Application.Read.All, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, AuditLog.Read.All, DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All, Domain.Read.All, Group.ReadWrite.All, OnPremDirectorySynchronization.ReadWrite.All, openid, Policy.ReadWrite.AuthenticationMethod, profile, Sites.FullControl.All, User.Read, User.Read.All, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All, email].

Confirm
Are you sure you want to perform this action?
Performing the operation "New-MgBetaDirectoryAdministrativeUnit_CreateExpanded" on target "Call remote 'POST
/directory/administrativeUnits' operation".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/beta/directory/administrativeUnits

Headers:
FeatureFlag                   : 00000043
Cache-Control                 : no-store, no-cache
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; en-BE),PowerShell/7.5.0
Accept-Encoding               : gzip
SdkVersion                    : graph-powershell-beta/2.25.0
client-request-id             : 071c323a-dd1c-4e1e-840b-c2708856924c

Body:
{
  "description": "Dynamic AU containing all System accounts",
  "displayName": "System Accounts",
  "membershipRule": "user.memberof -any (group.objectId -in [\"9130000-0000-0000-0000-00008ca3c4ec\"])",
  "membershipRuleProcessingState": "on",
  "membershipType": "Dynamic"
}


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NotFound

Headers:
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 5e91c1a5-beab-4ae4-9066-7d3ffeb20778
client-request-id             : 071c323a-dd1c-4e1e-840b-c2708856924c
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"009","RoleInstance":"AM1PEPF00027E5F"}}
Date                          : Thu, 20 Feb 2025 16:01:47 GMT

Body:
{
  "error": {
    "code": "InternalServerError",
    "message": "{\"Message\":\"The OData path is invalid.\"}",
    "innerError": {
      "date": "2025-02-20T16:01:47",
      "request-id": "5e91c1a5-beab-4ae4-9066-7d3ffeb20778",
      "client-request-id": "071c323a-dd1c-4e1e-840b-c2708856924c"
    }
  }
}


New-MgBetaDirectoryAdministrativeUnit_CreateExpanded: {"Message":"The OData path is invalid."}

Status: 404 (NotFound)
ErrorCode: InternalServerError
Date: 2025-02-20T16:01:47

Headers:
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 5e91c1a5-beab-4ae4-9066-7d3ffeb20778
client-request-id             : 071c323a-dd1c-4e1e-840b-c2708856924c
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"009","RoleInstance":"AM1PEPF00027E5F"}}
Date                          : Thu, 20 Feb 2025 16:01:47 GMT


  Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
DEBUG: [CmdletEndProcessing]: - New-MgBetaDirectoryAdministrativeUnit end processing.

The code works properly when using the v1.0 command New-MgBetaDirectoryAdministrative or when using the direct endpoint https://graph.microsoft.com/beta/administrativeUnits via Invoke-MgRestMethod

Microsoft 365 DSC Version

1.25.219.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration



Verbose logs showing the problem




Environment Information + PowerShell Version



      		
    

      
  





        

            


            

              
            

        

      


      
    








      

    







  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

    None yet







      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          
  

    

      

        
          

            
    

    Development
  




              
    
No branches or pull requests







        
      

    

  


      

    

  
      

  

    

      1 participant
    

    

        
          @bartvermeersch