This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 98%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Hello Everyone
I am trying to set up a Powershell-Script as a scheduled task that automatically updates Contacts in the Azure Database unattended, without having to add a Password to the Script. I unfortunately receive an Error-Message, despite having the necessary rights for it (im Using an AppOnly Authentication Method for it with a self signed certificate):
]1]1
The error message is "Insufficient Privileges to complete the operation"
Now, someone from this forum already helped me by telling me that "Update-MGContact" is ReadOnly, but is there a way to update a Contact with an Unattended connection?
Thank you for your help.
Kind regards,
Gabe
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
Using Microsoft.Graph scripts with a Service account should be possible. Maybe you did not grant all necesarry permisions to the App Registration account.
More info at:
https://tech.nicolonsky.ch/exploring-the-new-microsoft-graph-powershell-modules/
Hope this helps!
Dear Cristian
Thank you for your answer. I should have the required permissions:
Kind regards,
Gabe
Hi,
I see that you have permissions.
What I found strange is that there are both application and delegated permissions. I would expect only application. Delegated means that you action on behalf of a user which is not the case according to your description.
I would add directory.readwrite.all permision at application level and see if that fix the issue.
Hope this helps!
Dear Cristian
Oh gosh...i missclicked, thank you for the info. The permission error now dissappeared but I receive another error:
Update-MgContact : Property 'givenName' is read-only and cannot be set.
Is there another query to change these settings?
Kind regards,
Gabe
Hi,
I don't know what to say about that. There are some properties that cannot be updated by an App. GivenName is not one of them according to documentation. Maybe the powershell cmdlet has a bug...
Sorry that I cannot help you with that.
Hello @Gabe
I would like to recommend you the next official articles, that can help you to review the permissions and account types for Microsoft Graph:
Permissions:
https://learn.microsoft.com/en-us/graph/permissions-reference
Application vs Seivice principals:
https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
Hope this helps with your query,
---------
--If the reply is helpful, please Upvote and Accept as answer--