if (!(Test-MsGraphBatchError $results)) {Value cannot be null. Parameter name: source
schmarrap opened this issue · 12 comments
Have been doing some testing and trying to run through the process against my demo CDX environment and there seems to be a few issues.
- if (!(Test-MsGraphBatchError $results)) {Value cannot be null. Parameter name: source
I got the script to complete as there was a few null values which the script didn't expect by using try and removing remarking the following out:
$ReferencedIdCache.roleGroup.guid | Get-MsGraphResults 'groups/{0}/transitiveMembers/microsoft.graph.group?$count=true&$select=id' -Top 999 -TotalRequests $ReferencedIdCache.roleGroup.Count -DisableUniqueIdDeduplication `
#| ForEach-Object { [void]$ReferencedIdCache.group.Add($_.id) }
- It gave the following error but was able to generate the zip file Get-AADAssessRoleAssignmentReport -Offline -RoleAssignmentSch …| Use of the offline parameter requires that all data be provided using the data parameters.
- Opening PowerBI I've got data issues as some files are empty as i guess is related to the export not working as expected.
I can provide access to my demo tenant for testing to confirm it's not environmental but my collogue also tried against his own CDX environment and also gave errors. When I executed against an production tenant it failed.
I've added rough quick debugging results that might help
AADAssessmentDebug31-05-2022.docx
.
Hi Alan,
Trying to decouple the few issues you seem to point at.
1/ Getting roleAssignementSchedules
Could you get me the request id and correlation id of the request?
As i see you tested that via graph explorer, you should be able to get those from the response headers.
If you have the same for the batch query it would be nice too.
As far as i can see "Test-MsGraphBatchError" returns correctly the error provided by Graph "Value cannot be null. Parameter name: source"
2/ Getting group memberships transitive members
Can we confirm, you did get some null values from the script while getting groups transitive members?
If so do you have more details of this?
PS: i think there was a mistyping at the end of your file but it doesn't change per se the issue. You checked "$BatchResponse.body.code", it should have been "$BatchResponse.body.error.code"
I did a quick debug session and got some sample reports to work, did a fork and showed the changes I made . a45150f
I found a few more issues to get the reporting to work.
I'll give you the details you requested a bit later today or tomorrow.
As far as i can see "Test-MsGraphBatchError" returns correctly the error provided by Graph "Value cannot be null. Parameter name: source"
So we can assume the error we are receiving can be ignored as you stated it's doing what you accept? I saw the script continued but only halted with the transitive member error.
The goal of "Test-MsGraphBatchError" is to handle errors returned by graph so the command per se works.
What i want to look at with the correlationid and requestid is why the graph request gave an error.
Could you get me the request id and correlation id of the request?
Looks I'm not getting the error anymore, maybe it was an issue with the demo tenant?
Once you sorted GUID, i'll do another clean slate and go through the process of generating a report against my demo tenant and we can see if i don't get errors anymore.
As per #49, guid and userType should be solved in the preview version of the module.
Concerning references to "roleAssignments.csv" vs "RoleAssignmentReport.csv" please be sure to leverage the PowerBI template bellow. It does not rely on "roleAssignements.csv":
https://github.com/AzureAD/AzureADAssessment/raw/master/assets/AzureADAssessment.pbit
The update i pushed today should solve:
- Conditional Access PowerBI not handling assignments (for Break glass account exclusion)
- Automated recommendations still using roleAssignements.csv
Can you confirm it works now?
@schmarrap can you give an update to those issues. We have released the new version to production (2.2.47)
Sorry was a bit stuck in a few things, will try to look at next week.
Thanks @schmarrap, i'll proceed an close this issue.