question

SumanthCh-8692 avatar image
3 Votes"
SumanthCh-8692 asked DamaniaHarsh-9949 commented

Connect-Microsoft Teams With AadAccessToken Parameter

I have an issue while connecting Microsoft teams with -AadAccessToken. Error details are provided below:

Is there any solution or alternative approach available in Microsoft-Teams PowerShell Module to execute CS commands after making connection using Token?

Connect-MicrosoftTeams -AadAccessToken $token -AccountId $acctName
Account Environment Tenant TenantId


<Email ID> AzureCloud <Tenant Id> <Tenant Id>

PS C:\Users\ensar> Get-CsOnlineUser
Exception calling "GetSteppablePipeline" with "1" argument(s): "Exception calling "GetRemoteNewCsOnlineSession" with "1" argument(s): "Run either Connect-MicrosoftTeams or new-csonlinesession before running cmdlets.""
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.0.0\net472\SfBORemotePowershellModule.psm1:9474 char:13
+ $steppablePipeline = $scriptCmd.GetSteppablePipeline($myI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : CmdletInvocationException

office-teams-windows-itprowindows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GanapathiRallapalli-5865 avatar image
0 Votes"
GanapathiRallapalli-5865 answered PatrickBayUllstrmFlexfoneAS-8540 commented

Version 2.3.2-preview is just released. Looks like the unified Access Token is now accepted as input. May be the solution for the issue finally!

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I also spotted this. When testing this I found I'm getting an error when using a Graph token.

 Connect-MicrosoftTeams : Please provide the both MsGraph and Teams Configuration Resource token. Please refer to -Help for more infomation.

It's unclear on the permission required for this & the configuration resource referenced

Any ideas or detail based on your testing?

Thanks





0 Votes 0 ·

Try assigning your app this permission and see if it works -

https://api.interfaces.records.teams.microsoft.com/user_impersonation

You may have to obtain a token for this resource from what I'm reading on the console as output. I couldn't make it to work though.

Let me know if you could make it to work.

Thanks

0 Votes 0 ·
MattClegg-9040 avatar image MattClegg-9040 GanapathiRallapalli-5865 ·

I can't get this to work and I'm still unsure about the permission mentioned.

Did you get it working?

0 Votes 0 ·
Show more comments
JimmyYang-MSFT avatar image
0 Votes"
JimmyYang-MSFT answered SajeewaWarnakulasuriya-1263 commented

Hi @SumanthCh-8692

Are there any error messages when you running the command “Connect-MicrosoftTeams -AadAccessToken $token -AccountId $acctName”?

According to your error message, Teams module is not connected correctly in PowerShell.

As a workaround, if you want to use Cs Command, you can try to run the following command as below:

Connection to Skype for Business Online and import into Ps session

$session = New-CsOnlineSession
Import-PsSession $session

Then you can run “Get-CsOnlineUser” normally.


If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JimmyYang-MSFT

Thank you for your response!

I did not see any error message after running the command “Connect-MicrosoftTeams -AadAccessToken $token -AccountId $acctName”.

After running the command “Connect-MicrosoftTeams -AadAccessToken $token -AccountId $acctName” i seen the response as below:

Account Environment Tenant TenantId
<Email ID> AzureCloud <Tenant Id> <Tenant Id>

And also i am able to run the commands like Get-Teams etc.. except the CS commands after running "Connect-MicrosoftTeams" command.

We already using SkypeOnlineConnector powershell module to open Ps Session & run CS commands but after July 31st Microsoft is going to terminate that module. So, we are working on migrating to Teams PowerShell Module.

Note:- CS commands is working fine if we connect using command "Connect-MicrosoftTeams" and give the credentials on the prompted Microsoft login page.

0 Votes 0 ·

Hi @SumanthCh-8692

Please make sure you have Teams service admin right when you using this way to connect Teams Module. Teams Service admin can access everything in the Microsoft Teams admin center and associated PowerShell controls. For more details about it, you can refer to:

https://docs.microsoft.com/en-us/microsoftteams/using-admin-roles#teams-roles-and-capabilities

0 Votes 0 ·

Hi @SumanthCh-8692

It has been a while, how is everything going?
If you have any update about this issue, please feel free to post back.

1 Vote 1 ·
Show more comments

Has there been any update on this? i have ran into the same problem

0 Votes 0 ·

I am having the same problem, any updates?

0 Votes 0 ·
mark3grahams-9689 avatar image
0 Votes"
mark3grahams-9689 answered

Same issue. I am using an app registration.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GanapathiRallapalli-5865 avatar image
1 Vote"
GanapathiRallapalli-5865 answered DamaniaHarsh-9949 commented

Hi Matt,

In case you are still working it out - here is how we are able to make it work -

  1. Get an Access Token for Grant Type password and scope - "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/user_impersonation offline_access openid profile" and store it in $TeamsTokenResponse

  2. Get an Access Token for Grant Type client_credentials and scope - "https://graph.microsoft.com/.default" and store it in $ReqTokenForGraphBody

Now call the following:

Connect-MicrosoftTeams -AccountId $username -AccessTokens @($GraphTokenResponse.access_token, $TeamsTokenResponse.access_token) -Verbose

Thanks

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much for this. it works for me now

1 Vote 1 ·

Hello @GanapathiRallapalli-5865 could you please share the part of the script you are using to get the Teams and Graph token? I keep getting "Invalid audiences 48ac35b8-9aa8 -4d74-927d-1f4a14a0b239 found in the provided tokens." Thank you for your help!

0 Votes 0 ·

Hi @Shar88-5433 - we are getting the token using Authorization Code flow with scope including all the required scopes(graph, 48ac35b8-9aa8-4d74-927d-1f4a14a0b239/user_impersonation). This now becomes graph token. You then use the token to get a token for 48ac35b8-9aa8-4d74-927d-1f4a14a0b239/user_impersonation using the Silent flow. If you do a JWT Parser on token one - you should see MS Graph as the audience. If you do the same on the second token you should see - 48ac35b8-9aa8-4d74-927d-1f4a14a0b239

Thanks

0 Votes 0 ·
RyanJacobs-5712 avatar image RyanJacobs-5712 GanapathiRallapalli-5865 ·

@GanapathiRallapalli-5865 can you please share the exact code you are using to get the teams token? I have run up against a wall as to how to do this once I have the graph token (which I am getting using MSAL.PS, if that matters).

Thanks.

0 Votes 0 ·

Can you please provide a sample of the code used to obtain the token for resource ID 48ac35b8-9aa8-4d74-927d-1f4a14a0b239 ?

0 Votes 0 ·

Thanks, this works correctly, but not all cmdlets seem to have the correct permissions. I can use eg. Get-Team which is one of the newer ones, but eg. Get-CsOnlineUser gives me a permissions error although I have given all possible permissions. Any idea why this is?

0 Votes 0 ·

can you share code

0 Votes 0 ·