New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Executing the New-AzureAdServiceAppRoleAssignment step returns a Forbidden error #22700
Comments
@johndowns Thanks for your feedback! We will investigate and update as appropriate. |
Turns out I'm being hit by the same. Any updates @SaurabhSharma-MSFT ? :) |
@kacperryniec I will be updating this thread by EOD today after testing as I have taken this over from Saurabh. Thanks. |
@shashishailaj any news? :) |
@kacperryniec @johndowns My apologies for the delay. I tested it and got the same error. We have escalated this internally to Product engineering team . Looks like there is some issue from the backend due to which we are unable to perform the operation . I tried adding the ownership of the managed Identity service principal to the tenant Admin using the cmdlet Add-AzureADServicePrincipalOwner but I get the following . PS C:\WINDOWS\system32> $OwnerId = Get-AzureADUser -Filter "Userprincipalname eq 'administrator@.onmicrosoft.com'"
We will have the right people involved for a review of the article content on this. We may need more time on this. I will engage the authors on this as well to have this looked into. Thank you. |
@daveba Could you please have a look into this and have the powershell cmdlet below in this section of the article reviewed.
I have started an internal thread on this and will loop you in. |
@shashishailaj Please assign this issue to @priyamohanram. She's the content writer for this space now. Also @arluca for visibility. |
Hi, I see the issue is still assigned to @daveba... |
@arluca @priyamohanram Could one of you please update this thread as to when the article can be updated ? |
Any update on this? |
This is a known issue. It is an intermittent error. You'll may or may not receive the error message, but as @johndowns states, the operation does succeed. I'll add this to the backlog and we'll update the doc accordingly with messaging. #please-close |
I'm experiancing the same issue but this happens only if |
When I follow the instructions in the section Grant your VM access to the Azure AD Graph API, I get the following error:
It appears to grant the access, though, since subsequent requests return the Bad Request response mentioned in the article, and calls to
Get-AzureADServiceAppRoleAssignment -ObjectId $GraphServicePrincipal.ObjectId
show the permission was assigned.Is this a known issue? Is there something I should do to avoid getting the Forbidden error?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: