How can I run the Azure AD Export in Linux?

[versionleung]

Hello,

I can execute the following PowerShell script in Windows 10 PC without error.

Write-Host 'Installing modules...'
Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force
Install-Module AzureADExporter -Scope CurrentUser -Force

Write-Host 'Connecting to AzureAD...'
Connect-AzureADExporter -TenantId $tenantId

Write-Host 'Starting backup...'
Export-AzureAD $tenantPath -All

But I encountered the following error in Linux:

 Organization/Settings.json
Export-AzureAD: GET https://graph.microsoft.com/beta/organization/dd9b9e36-a5e2-448f-bbfd-ca66896e065e/settings
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 39aaa35d-fcf8-4276-9f8a-486754d1fcf1
client-request-id: 39aaa35d-fcf8-4276-9f8a-486754d1fcf1
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Japan East","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"TY1PEPF0000355B"}}
Date: Mon, 20 Dec 2021 07:19:16 GMT
Content-Type: application/json
Content-Encoding: gzip
{"error":{"code":"UnknownError","message":"{\r\n  \"errorCode\": \"ErrorAccessDeniedForUser\",\r\n  \"message\": \"Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileUnauthorizedException' was thrown.\",\r\n  \"target\": null,\r\n  \"details\": null,\r\n  \"innerError\": null,\r\n  \"instanceAnnotations\": []\r\n}","innerError":{"date":"2021-12-20T07:19:16","request-id":"39aaa35d-fcf8-4276-9f8a-486754d1fcf1","client-request-id":"39aaa35d-fcf8-4276-9f8a-486754d1fcf1"}}}

 Policies/FeatureRolloutPolicies
Export-AzureAD: GET https://graph.microsoft.com/v1.0/policies/featureRolloutPolicies
HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: cfe03996-e3bb-4460-82e4-f5ecbcf08040
client-request-id: cfe03996-e3bb-4460-82e4-f5ecbcf08040
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Japan East","Slice":"E","Ring":"2","ScaleUnit":"001","RoleInstance":"TYO1EPF00000B5A"}}
Date: Mon, 20 Dec 2021 07:48:09 GMT
Content-Type: application/json
Content-Encoding: gzip
{"error":{"code":"InsufficientScope_UnauthorizedAccess","message":"User doesn't have sufficient scope to access resource.","innerError":{"date":"2021-12-20T07:48:10","request-id":"cfe03996-e3bb-4460-82e4-f5ecbcf08040","client-request-id":"cfe03996-e3bb-4460-82e4-f5ecbcf08040"}}}

May I know how to solve it? Many Thanks!

[SamErde]

This looks like you're getting an "access denied" error (part 2) due to the Azure AD application configuration not having the scope of permissions set correctly (part 3). I don't believe it has anything to do with you using Linux right now. Have you setup an enterprise application in Azure AD and configured its permissions? (I'm still looking for the walkthrough that I think @merill wrote about this.)

[SamErde]

Here's the closest walkthrough that I've been able to find specifically for this tool: https://sean.mcgrath.nz/post/github-aad-export/