[英]The remote server returned an error : (401) Unauthorized - PowerShell - Microsoft Graph API
I am trying to get the list of all groups where the resourceProvisioningOptions = Team, here is the url which gets all the data through API call:我正在尝试获取 resourceProvisioningOptions = Team 的所有组的列表,这里是 url,它通过 API 调用获取所有数据:
$clientID = xxxx
$tenantName = xxxx
$ClientSecret = xxxx
$resource = "https://graph.microsoft.com/"
$ReqTokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientID
Client_Secret = $clientSecret
}
$authheader = @{
'Authorization' = "Bearer $($Tokenresponse.access_token)"
'Content-Type'='application\json'
}
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$test = "'Team'"
$apiUrl = 'https://graph.microsoft.com/beta/groups?$filter=resourceProvisioningOptions/Any(x:x eq {0})' -f $test
$Data = Invoke-RestMethod -Uri $apiUrl -Headers $authheader -Body $ReqTokenBody -Method Get
$Groups = ($Data | select-object Value).Value | Select-Object displayName, id, description, mail | Out-File .\texxtfile.txt
However, I am getting a 401 error when I try to run the script even though I have all the permissions required to make the API call.但是,即使我拥有进行 API 调用所需的所有权限,当我尝试运行脚本时仍会收到 401 错误。
You may have picked application permissions in your AAD application.您可能在 AAD 应用程序中选择了应用程序权限。 There is an additioanl step.还有一个额外的步骤。 You will need to admin consent your application in the app registration portal to use Group.Read.All to run this.您需要在应用程序注册门户中管理员同意您的应用程序才能使用 Group.Read.All 来运行它。 If you have not done this in the UI this will fail.如果您尚未在 UI 中执行此操作,则会失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.