DuplicateKey: There is already a duplicated entity

[aaronparker]

The following error is encountered recently - this wasn't occuring a couple of weeks ago, so permissions should be OK (I think). The target environment is my lab, so not many Azure AD configuration changes.

The export is running on PowerShell Core on Windows or macOS with AzureADExporter 1.0.957478.

IdentityGovernance/EntitlementManagement/Settings
Export-AzureAD: /Users/aaron/projects/azuread-export/scripts/Export-AzureAD.ps1:16
Line |
  16 |  Export-AzureAD -Path "/Users/aaron/projects/azuread-export/azuread"
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/settings HTTP/1.1 409 Conflict
     | Transfer-Encoding: chunked Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 request-id:
     | 56214806-d0a8-4d7b-99f8-9b407f71d4df client-request-id: 56214806-d0a8-4d7b-99f8-9b407f71d4df x-ms-ags-diagnostic:
     | {"ServerInfo":{"DataCenter":"Australia
     | Southeast","Slice":"E","Ring":"4","ScaleUnit":"002","RoleInstance":"ML1PEPF000058C8"}} Date: Mon, 01 Aug 2022 10:52:23 GMT
     | Content-Type: application/json Content-Encoding: gzip  {"error":{"code":"DuplicateKey","message":"There is already a
     | duplicated
     | entity.","innerError":{"date":"2022-08-01T10:52:24","request-id":"56214806-d0a8-4d7b-99f8-9b407f71d4df","client-request-id":"56214806-d0a8-4d7b-99f8-9b407f71d4df"}}}

This is the currently exported data at `IdentityGovernance/EntitlementManagement/Settings/singleton/singleton.json. Note that the result of this error is that this file is not exported:

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/entitlementManagement/settings/$entity",
  "daysUntilExternalUserDeletedAfterBlocked": 30,
  "externalUserLifecycleAction": "BlockSignInAndDelete",
  "id": "singleton"
}

Authn to Azure AD is via an app registration with the following permissions:

API / Permissions name	Type	Description
AccessReview.Read.All	Application	Read all access reviews
AdministrativeUnit.Read.All	Application	Read all administrative units
Agreement.Read.All	Application	Read all terms of use agreements
APIConnectors.Read.All	Application	Read API connectors for authentication flows
Directory.Read.All	Application	Read directory data
EntitlementManagement.Read.All	Application	Read all entitlement management resources
Group.Read.All	Application	Read all groups
GroupMember.Read.All	Application	Read all group memberships
IdentityProvider.Read.All	Application	Read identity providers
IdentityUserFlow.Read.All	Application	Read all identity user flows
Organization.Read.All	Application	Read organization information
Policy.Read.All	Application	Read your organization's policies
Policy.Read.PermissionGrant	Application	Read consent and permission grant policies
PrivilegedAccess.Read.AzureAD	Application	Read privileged access to Azure AD roles
PrivilegedAccess.Read.AzureResources	Application	Read privileged access to Azure resources
RoleManagement.Read.Directory	Application	Read all directory RBAC settings
User.Read	Delegated	Sign in and read user profile
User.Read.All	Application	Read all users' full profiles
UserAuthenticationMethod.Read.All	Application	Read all users' authentication methods

[merill]

Can you please try the new EntraExporter module and re-open this issue if it is still occuring? Tx.