You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When leveraging the Get-MgUserDefaultDrive -UserId to retrieve the default Onedrive of a user, the API seems to fail on recent default accounts. When logged in as a Global Admin I can retrieve the data of all named domains we have in our company (multiple operating companies in the same tenant, each with their own @Company address).
While doing a tenant migration we wanted to leverage the Get-MgUserDefaultDrive -UserId to see if Onedrive preprovision had succeeded after calling Request-SPOPersonalSite -UserEmails but this was not possible as all recent accounts throw a 403 error.
As a test I've used the API to call longer lasting accounts with an @Company extension as well as a @defaultdomain.onmicrosoft.com and only the recent accounts (provisioned yesterday) throw a 403
Expected behavior
As a global admin I expect that I am able to leverage Get-MgUserDefaultDrive -UserId and always have a value returned.
How to reproduce
Recent users
Execute Get-MgUserDefaultDrive -UserId with a recent provisioned account
Considering this behavior is both on the SDK as well as the graph API explorer itself, it seems to be on the API side. This test was run by two different global admins. In both cases the
SDK Version
2.4.0
Latest version known to work for scenario above?
No response
Known Workarounds
We can leverage the Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" but this commandlet is extremely slow (when checking 80 accounts we spend around 30-45 minutes to get all responses in.
Describe the bug
When leveraging the Get-MgUserDefaultDrive -UserId to retrieve the default Onedrive of a user, the API seems to fail on recent default accounts. When logged in as a Global Admin I can retrieve the data of all named domains we have in our company (multiple operating companies in the same tenant, each with their own @Company address).
While doing a tenant migration we wanted to leverage the Get-MgUserDefaultDrive -UserId to see if Onedrive preprovision had succeeded after calling Request-SPOPersonalSite -UserEmails but this was not possible as all recent accounts throw a 403 error.
As a test I've used the API to call longer lasting accounts with an @Company extension as well as a @defaultdomain.onmicrosoft.com and only the recent accounts (provisioned yesterday) throw a 403
Expected behavior
As a global admin I expect that I am able to leverage Get-MgUserDefaultDrive -UserId and always have a value returned.
How to reproduce
Recent users
Other users
Considering this behavior is both on the SDK as well as the graph API explorer itself, it seems to be on the API side. This test was run by two different global admins. In both cases the
SDK Version
2.4.0
Latest version known to work for scenario above?
No response
Known Workarounds
We can leverage the Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" but this commandlet is extremely slow (when checking 80 accounts we spend around 30-45 minutes to get all responses in.
Debug output
Click to expand log
```DEBUG: [CmdletBeginProcessing]: - Get-MgUserDefaultDrive begin processing with parameterSet 'Get'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, AuditLog.Read.All, ChannelMessage.Read.All, ChannelMessage.ReadWrite, ChannelSettings.Read.All, DelegatedPermissionGrant.ReadWrite.All, Device.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, email, Group.Read.All, Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, Organization.Read.All, Policy.Read.All, Policy.ReadWrite.AuthenticationMethod, profile, Reports.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, Sites.FullControl.All, Sites.Read.All, Team.ReadBasic.All, TeamMember.Read.All, TeamMember.ReadWrite.All, TeamsApp.ReadWrite.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, TeamworkAppSettings.ReadWrite.All, User.Read, User.Read.All, User.ReadBasic.All, User.ReadWrite.All, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://graph.microsoft.com/v1.0/users/recentuser/drive
Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Macintosh; Darwin 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000; en-NL),PowerShell/7.2.5
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.4.0
client-request-id : ce0a2802-6552-4eef-b6ac-fad19d040c9
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
Forbidden
Headers:
Cache-Control : no-store, no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : e0d086d6-8d89-4cff-8bdf-119a57dcb01a
client-request-id : ce0a2802-6552-4eef-b6ac-fad19d040c96
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00015143"}}
Date : Sat, 29 Jun 2024 11:52:59 GM
Body:
{
"error": {
"code": "accessDenied",
"message": "Access denied",
"innerError": {
"date": "2024-06-29T11:52:59",
"request-id": "e0d086d6-8d89-4cff-8bdf-119a57dcb01a",
"client-request-id": "ce0a2802-6552-4eef-b6ac-fad19d040c96"
}
}
}
Get-MgUserDefaultDrive_Get: Access denied
Status: 403 (Forbidden)
ErrorCode: accessDenied
Date: 2024-06-29T11:52:59
Headers:
Cache-Control : no-store, no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : e0d086d6-8d89-4cff-8bdf-119a57dcb01a
client-request-id : ce0a2802-6552-4eef-b6ac-fad19d040c96
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00015143"}}
Date : Sat, 29 Jun 2024 11:52:59 GM
DEBUG: [CmdletEndProcessing]: - Get-MgUserDefaultDrive end processing.
Configuration
Run from Powershell version 7.2.5 as a global admin on Sanoma 14.5 Mac OSX (ARM)
Other information
No response
The text was updated successfully, but these errors were encountered: