Error occurred while executing GetServicePrincipalOAuth2PermissionGrants
My requirement is to fetch permissions granted to Azure ad application from powershell. I have an application with few delegated permissions like this:
I found Get-AzureADServicePrincipalOAuth2PermissionGrant command to achieve my scenario.
But I am facing this error, when I ran the above command:
Get-AzureADServicePrincipalOAuth2PermissionGrant : Error occurred while executing GetServicePrincipalOAuth2PermissionGrants
Code: Request_ResourceNotFound
Message: Resource 'XXXXXXXX does not exist or one of its queried reference-property objects are not present.
RequestId: d0ed46b9-e8ea-47c0-b575-10ba67863ac6
DateTimeStamp: Wed, 10 Aug 2022 05:59:54 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADServicePrincipalOAuth2PermissionGrant -ObjectId XXXXX...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADServ...PermissionGrant], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetServicePrincipalOAuth2PermissionGrants
I have given the correct ObjectId of the application and I have admin role.
Help me with suggestions on how to avoid this error?
I tried to reproduce the same in my environment and got the below results:
I created an Azure AD Application and granted same Api permissions like below:
I tried to fetch delegated permissions by using the below command and got the same error as below:
Get-AzureADServicePrincipalOAuth2PermissionGrant -ObjectId 6bd87ba1-29ad-4596-XXXXX
Please note that, Service principal of ObjectID means you have to give ObjectID of your Enterprise Application:
When I gave ObjectID of Enterprise Application in the below command, got the response successfully:
Get-AzureADServicePrincipalOAuth2PermissionGrant -ObjectId e6029623-d410-4d8c-82ea-XXXXX | fl
Reference:
Get-AzureADServicePrincipalOAuth2PermissionGrant (AzureAD) | Microsoft Docs
- AAD groups claim missing in JWT token for some users
- How do I add claims from my custom claims provider to Entra External ID/Azure AD access tokens?
- Azure ADB2C Signup Page Customization
- Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
- Azure Active Directory B2B Pending and Accepted User Reports
- Azure AD B2B API failing for sovereign cloud
- Property 'onPremisesSyncEnabled' does not exist as a declared property or extension property
- unable to list the properties of azure ad user (createddatetime)
- Azure Go SDK - Guide for Multi Tenant Authentication
- How to enforce MFA only where the home directory requires it
- Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file
- Can't find Powershell command to grant admin consent
- Using Azure AD with ASP.NET Core Identity
- Azure AD and Azure AD B2C using same JWT token
- Azure Active Directory: Difference between adding multiple platforms as Web and SPA to single applications instead of an application for each?
- The client id '<my_client_id>' specified in the request is not registered in tenant '<myB2cDomain>.onmicrosoft.com'
- Is it possible to revoke Mfa sessions from graph
- AddMicrosoftIdentityWebApp with two providers isn't setting IsAuthenticated
- Updating mobileNumber using graph giving { }
- Unable to revoke admin consent for added permissions: Powershell
- Valid parameters for New-AzureADGroupAppRoleAssignment PowerShell
- Get groups user is memberof azure cli
- Error occurred while executing GetServicePrincipalOAuth2PermissionGrants
- Grant admin consent failed for office 365 api permissions
- Unable to create client secret from Powershell
- How to work with GO SDK while Azure AD user creation?
- Add User as owner of Azure AD Group through REST API
- Getting 400 Bad Request error while trying to move Azure resources via Postman
- Can't get ID token even with Auth code flow via Postman
- Unable to fetch ID of SharePoint API permissions