Get-EXREMailAppUsageAppsUserCounts

Question

Get-EXREMailAppUsageAppsUserCounts

ISIITAdmin opened this issue 6 years ago · 3 comments

Hi,

Really loving this module,

However, I'm having some trouble running the cmdlet in the title.

I'm able to get a token that is using an App in Azure and my admin mailbox but whenever I run the cmdlet i get this error.

Is this something I am doing wrong?

PS C:\windows\system32> Get-EXREmailAppUsageAppsUserCounts | FT
https://graph.microsoft.com/v1.0/reports/getEmailAppUsageAppsUserCounts(period='D7')?$format=text/csv

Error making REST Get :
RequestURL : https://graph.microsoft.com/v1.0/reports/getEmailAppUsageAppsUserCounts(period='D7')?$format=text/csv
You cannot call a method on a null-valued expression.
At line:25 char:9

    $OutPutStream = $Output.ReadAsStreamAsync().Result

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:26 char:16

... return ConvertFrom-Csv ([System.Text.Encoding]::UTF8.GetString($ ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull

Answer 1 · 2019-03-31T23:48:49.000Z

Are you getting a 403 error ? it looks to me like whatever your using for your application registration doesn't have the grants to be able to access the reporting operations. Its not just about being an administrator you need to have the report grants eg Reports.Read.All (and example if option 4 in the connection menu)

Answer 2 · 2019-04-01T07:34:29.000Z

Hi, Token seems to be generated ok and the scope of the token looks ok (token below) token_type : Bearer scope : Calendar.ReadWrite Calendars.Read.Shared Calendars.ReadWrite Contacts.ReadWrite DeviceManagementConfiguration.Read.All DeviceManagementConfiguration.ReadWrite.All Directory.AccessAsUser.All Directory.Read.All Files.Read Files.Read.All Group.Read.All Group.ReadWrite.All Mail.ReadWrite People.Read People.Read.All User.Read.All Users.Read expires_in : 3600 ext_expires_in : 3600 expires_on : 1554107230 not_before : 1554103330 resource : https://Graph.Microsoft.com access_token : System.Security.SecureString refresh_token : System.Security.SecureString foci : 1 id_token : System.Security.SecureString clientid : redirectUrl : urn%3aietf%3awg%3aoauth%3a2.0%3aoob mailbox : Cached : True The full PS output is Get-EXREmailAppUsageAppsUserCounts https://graph.microsoft.com/v1.0/reports/getEmailAppUsageAppsUserCounts(period='D7')?$format=text/csv StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Transfer-Encoding: chunked request-id: d5c6e295-d126-4f7c-9a46-bdceecc987ac client-request-id: d5c6e295-d126-4f7c-9a46-bdceecc987ac x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"SliceC","Ring":"5","ScaleUnit":"003","RoleInstance":"AGSFE_IN_0","ADSiteName":"WEU"}} Duration: 169.4064 Strict-Transport-Security: max-age=31536000 Cache-Control: private Date: Mon, 01 Apr 2019 07:32:44 GMT Content-Type: application/json } { "error": { "code": "S2SUnauthorized", "message": "Invalid scope claims/roles.", "innerError": { "request-id": "d5c6e295-d126-4f7c-9a46-bdceecc987ac", "date": "2019-04-01T07:32:44" } } } Error making REST Get Forbidden : Forbidden RequestURL : https://graph.microsoft.com/v1.0/reports/getEmailAppUsageAppsUserCounts(period='D7')?$format=text/csv You cannot call a method on a null-valued expression. At line:25 char:9 + $OutPutStream = $Output.ReadAsStreamAsync().Result + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull You cannot call a method on a null-valued expression. At line:26 char:16 + ... return ConvertFrom-Csv ([System.Text.Encoding]::UTF8.GetString($ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull Have I missed something in the preliminary set up? Steve From: Glen Scales <notifications@github.com> Sent: 01 April 2019 00:49 To: gscales/Exch-Rest <Exch-Rest@noreply.github.com> Cc: Tomney, Steven <stomney@idealstandard.com>; Author <author@noreply.github.com> Subject: Re: [gscales/Exch-Rest] Get-EXREMailAppUsageAppsUserCounts (#19) Are you getting a 403 error ? it looks to me like whatever your using for your application registration doesn't have the grants to be able to access the reporting operations. Its not just about being an administrator you need to have the report grants eg Reports.Read.All (and example if option 4 in the connection menu) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_gscales_Exch-2DRest_issues_19-23issuecomment-2D478397150&d=DwMFaQ&c=WfG7Pd9vZiuRc-IC5Ul2cw5rqjS0Z94ThzDqtGW54I0&r=UtaQWvrQ0hLPEJkDV5co2NtyfNC4RrQU-09Y7DcBPUw&m=JgdSziHZCk4QzZfg4oPc2A-PUF-g2vjJQcotN9FD85w&s=4dc_0WG2C2jMSGSb7Ti-6GL2i3avTh0iYuCKK60OsNA&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AuyqtTzfc3JTOPmb-2DVWvVV9taIE09sF5ks5vcUligaJpZM4cSLk0&d=DwMFaQ&c=WfG7Pd9vZiuRc-IC5Ul2cw5rqjS0Z94ThzDqtGW54I0&r=UtaQWvrQ0hLPEJkDV5co2NtyfNC4RrQU-09Y7DcBPUw&m=JgdSziHZCk4QzZfg4oPc2A-PUF-g2vjJQcotN9FD85w&s=D35O2hf5CE_YgsKJPnXbuCkpRunPCINSsJUY_doD__8&e=>.

Answer 3 · 2019-04-03T02:02:33.000Z

You can see from the Scopes in the Token you posted

scope : Calendar.ReadWrite Calendars.Read.Shared Calendars.ReadWrite Contacts.ReadWrite
DeviceManagementConfiguration.Read.All DeviceManagementConfiguration.ReadWrite.All
Directory.AccessAsUser.All Directory.Read.All Files.Read Files.Read.All Group.Read.All
Group.ReadWrite.All Mail.ReadWrite People.Read People.Read.All User.Read.All Users.Read

This it doesn't contain the Reports.Read.All Scope which is why the error message tells you

message": "Invalid scope claims/roles.",

You need to fix whatever application registration you using to include the scope for Reports.Read.All and then make sure you consent to the updated Grants