andrew-s-taylor / windowsautopilotinfo Goto Github PK

Running: Get-WindowsAutopilotInfoCommunity -Online -TenantId $tenantId -AppId $appId -AppSecret $StoredSecret -GroupTag $GroupTagValue

Invoke-MGGraphRequest : GET https://graph.microsoft.com/beta/devices%3F%24skiptoken%XXXXXXXXX
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: XXXXXXX
client-request-id: XXXXXXXXX
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"AM4PEPF0001511F"}}
Date: Mon, 11 Dec 2023 16:27:42 GMT
Content-Encoding: gzip
Content-Type: application/json
{"error":{"code":"BadRequest","message":"Resource not found for the segment 'devices?$skiptoken=XXXXXXXXXXXXX'.","innerError":{"date":"2023-12-11T16:27:43","request-id":"XXXXXXXXXX","client-request
-id":"XXXXXXXXXXXX"}}}
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:1933 char:35

• ... Response = (Invoke-MGGraphRequest -Uri $alloutputNextLink -Method Get ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (Method: GET, Re...870d14de1b29
    }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
  • FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
    Adding New Device serial XXXXXXXX
    Waiting for 1 of 1 to be imported

When I try to run Get-AutopilotDevice I get the following output:

Get-AutopilotDevice : Microsoft.Graph.PowerShell.Authentication.Helpers.HttpResponseException: Response status code
does not indicate success: Forbidden (Forbidden).
   at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
At line:1 char:1
+ Get-AutopilotDevice
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-AutopilotDevice

I'm authenticated as a Global Admin and use Connect-MgGraph to sign in

all parameters are working fine for brand new devices

if we run
; brand new devices to windows autopilot
.\get-windowsautopilotinfo-v1.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -GroupTag HYBRID -Verbose

; existing devices in windows autopilot (we want only update existing GroupTag)
;brand new device to windows autopilot
.\get-windowsautopilotinfo-v1.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -Assign -GroupTag HYBRID -Verbose

if we run the functions separately works

Get-AutopilotDevice | Where-Object { $.serialnumber -eq "VM" }
Set-AutopilotDevice -id 58bdc576-d87f-41a3-aec4-9cba1177a19c -groupTag "HYBRID"
Invoke-AutopilotSync
Get-AutopilotDevice | Where-Object { $.serialnumber -eq "VM" }

The Function Get-AutopilotDevice() is throwing an error: Invoke-MgGraphRequest: The pipeline has been stopped.

its with line 304 https://github.com/andrew-s-taylor/WindowsAutopilotInfo/blob/7fe10613188b71c6319331eb24cd2ed79258a519/Community%20Version/get-windowsautopilotinfocommunity.ps1#L304C13-L304C89

Currently a cleanup of the device records (if they exist after some previous import attempt), in deviceManagement/importedWindowsAutopilotDeviceIdentities is handled in Import-AutopilotCSV.

In case someone would find it useful to do it outside of this function, I suggest to add -serial parameter to the Get-AutopilotImportedDevice() function and then the cleanup would be performed by calling Get-AutopilotImportedDevice -serial "ABCDEFGH" | Remove-AutopilotImportedDevice

Function Get-AutopilotImportedDevice() {
<#
.SYNOPSIS
Gets information about devices being imported into Windows Autopilot.
 
.DESCRIPTION
The Get-AutopilotImportedDevice cmdlet retrieves either the full list of devices being imported into Windows Autopilot for the current Azure AD tenant, or information for a specific device if the ID of the device is specified. Once the import is complete, the information instance is expected to be deleted.
 
.PARAMETER id
Optionally specifies the ID (GUID) for a specific Windows Autopilot device being imported.

.PARAMETER serial
Optionally specifies the serial number of the specific Windows Autopilot device being imported
 
.EXAMPLE
Get a list of all devices being imported into Windows Autopilot for the current Azure AD tenant.
 
Get-AutopilotImportedDevice
#>
    [cmdletbinding()]
    param
    (
        [Parameter(Mandatory = $false)] $id = $null,
        [Parameter(Mandatory = $false)] $serial
    )

    # Defining Variables
    $graphApiVersion = "beta"
    if ($id) {
        $uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/$id"
    } 
    elseif ($serial) {
        # handles also serial numbers with spaces    
        $uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/?`$filter=contains(serialNumber,'$serial')"
    }
    else {
        $uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities"
    }

    Write-Verbose "GET $uri"

    try {
        $response = Invoke-MGGraphRequest -Uri $uri -Method Get -OutputType PSObject
        if ($id) {
            $response
        }
        else {
            $devices = $response.value
    
            $devicesNextLink = $response."@odata.nextLink"
    
            while ($null -ne $devicesNextLink) {
                $devicesResponse = (Invoke-MGGraphRequest -Uri $devicesNextLink -Method Get -OutputType PSObject)
                $devicesNextLink = $devicesResponse."@odata.nextLink"
                $devices += $devicesResponse.value
            }
    
            $devices
        }
    }
    catch {
        Write-Error $_.Exception 
        break
    }

}

Hello,

Maybe I do something wrong but when I run this during OOBE :
get-windowsautopilotinfocommunity -GroupTag "HAADJ" -Assign -AssignedUser "[email protected]" -Preprov -Online

Everything works except redirecting to the white glove options.

If I physically do the 5 times on windows key, it works.

I have a french computer but I don't there is an impact on this.

Thanks for your work done on this script. ;-)

Hi,

I work in education so might be a bit different in my needs but I made a couple of adjustments that I thought I would share, but I don't know how to do pull requests, etc.

We needed to add to multiple groups (dependent on being a staff device or pupil device) - nothing major and might not affect businesses in the same way.

I altered the following:

[Parameter(Mandatory = $False, ParameterSetName = 'Online')] [String[]] $AddToGroup = "", #(to accept an array)

and:

    # Add the device to the specified AAD group
    if ($AddToGroup) {
		foreach ($ADGroup in $AddToGroup){
			$aadGroup = Get-MgGroup -Filter "DisplayName eq '$ADGroup'"
			if ($aadGroup) {
				$autopilotDevices | ForEach-Object {
					$uri = "https://graph.microsoft.com/beta/devices?`$filter=deviceId eq '" + $_.azureActiveDirectoryDeviceId + "'"
					$aadDevice = (Invoke-MgGraphRequest -Uri $uri -Method GET -OutputType PSObject -SkipHttpErrorCheck).value
					if ($aadDevice) {
						Write-Host "Adding device $($aadDevice.displayName) to group $ADGroup"
						New-MgGroupMember -GroupId $aadGroup.Id -DirectoryObjectId $aadDevice.id
					}
					else {
						Write-Error "Unable to find Azure AD device with ID $($aadDevice.deviceId)"
					}
				}
				Write-Host "Added devices to group '$ADGroup' ($($aadGroup.Id))"
			}
			else {
				Write-Error "Unable to find group $ADGroup"
			}
		}
    } #to deal with the array

Just might be useful for someone else hopefully! Please delete or move as not an issue!

Hi Andrew,

Module was working without issues, but suddenly from yesterday each time I run it I am getting following issue. Any idea?

Loading all objects. This can take a while on large tenants
Invoke-MgGraphRequest : The pipeline has been stopped.
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:1959 char:26

• ... response = (Invoke-MgGraphRequest -Uri $url -Method Get -OutputType P ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Invoke-MgGraphRequest], PipelineStoppedException
  • FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest

Something went wrong. Error: Method not found: 'Void Microsoft.Graph.Authentication.AzureIdentityAccessTokenProvider..ctor(Azure.Core.TokenCredential, System.String[], Microsoft.Kiota.Authentication.Azure.ObservabilityOptions, System.String[])'.
Stop-Transcript : An error occurred stopping transcription: The host is not currently transcribing.
At D:\AutoPilot3.ps1:128 char:5

• Stop-Transcript
  

• ~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [Stop-Transcript], PSInvalidOperationException
  • FullyQualifiedErrorId : InvalidOperation,Microsoft.PowerShell.Commands.StopTranscriptCommand

Hey,
There is a section

$newuserPrincipalName = Read-Host -Prompt "Change assigned user [$userPrincipalName] (type a new value or hit enter to keep the old one)" if (![string]::IsNullOrWhiteSpace($newuserPrincipalName)){ $userPrincipalName = $newuserPrincipalName }

where the assigned user can be left as the user previously associated, or change to a new user. In the scenario where there was previously a user associated and now there should be no assigned user, its it possible to add an elseif statement for answering the prompt with a keyword like NONE to set the userprincipalname to null?

Thanks,

When attempting to run install-script autopilot nuke,

I get the following error:

Installing module WindowsAutopilotIntuneCommunity WARNING: The version 2.9.0 of module 'Microsoft.Graph.Authentication' is currently in use. Retry the operation after closing the applications. WARNING: The version 2.9.0 of module 'Microsoft.Graph.Groups' is currently in use. Retry the operation after closing the applications. Import-Module: The specified module 'WindowsAutopilot IntuneCommunity' was not loaded because no valid module file was found in any module directory.
At C:\Program Files\Windows PowerShell\Scripts\AutopilotNuke.ps1:275 char:9
Import-Module WindowsAutopilot IntuneCommunity -Scope Global

• CategoryInfo
  : ResourceUnavailable: (WindowsAutopilot IntuneCommunity: String) [Import-Module], FileNotFoundException
• FullyQualifiedErrorId: Modules_ModuleNotFound, Microsoft.PowerShell.Commands. ImportModuleCommand

When I attempt to install the module without specifying the version number, I get the following error:

PackageManagement \Install-Package: The module 'WindowsAutopilotIntuneCommunity cannot be installed or updated 'WindowsAutopilot IntuneCommunity.psd1' is not valid.

because the authenticode signature of the file At C:\Program Files\Windows PowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21 $null = PackageManagement \Install-Package

Specifying an older version of the module as following:
PS C:\Windows\System32> install-module windowsautopilotintunecommunity -requiredversion 2.1

And then installing autopilotnuke and running it seems to work better.

This issue seemed to begin when autopilotnuke push bumped to version 3.8 in powershell gallery.

Thanks,

run the following:

.\get-windowsautopilotinfo.ps1 -Hybrid -TenantId 111111 -AppId 22222 -AppSecret 33333 -AssignedComputerName "USAL-DEVICE1" -AddToGroup "USAL-AADJ" -Reboot -verbose

then goes:

Select-MgProfile : The term 'Select-MgProfile' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\temp\get-windowsautopilotinfo.ps1:1890 char:13

•         Select-MgProfile -Name Beta
  

•         ~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (Select-MgProfile:String) [], CommandNotFoundException
  • FullyQualifiedErrorId : CommandNotFoundException

Connect-MgGraph : Cannot bind parameter 'AccessToken'. Cannot convert the

then connects

At C:\temp\get-windowsautopilotinfo.ps1:1891 char:52

•         $graph = Connect-MgGraph  -AccessToken $accessToken
  

•                                                ~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (:) [Connect-MgGraph], ParameterBindingException
  • FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph

Connected to Intune tenant 1111111111111111-22222-33333-44444-555555555555555 using app-based authentication (Azure AD authentication not supported)

and throws the error

Add-AutopilotImportedDevice : Microsoft.Graph.PowerShell.AuthenticationException: Authentication needed. Please call Connect-MgGraph.
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
At C:\temp\get-windowsautopilotinfo.ps1:2026 char:26

• ... imported += Add-AutopilotImportedDevice -serialNumber $_.'Device Seri ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-AutopilotImportedDevice

if you stay on the same screen on the fresh device / VM

and run Connect-MgGraph

than re-run enrollment parameters works

.\get-windowsautopilotinfo.ps1 -Hybrid -TenantId 111111 -AppId 22222 -AppSecret 33333 -AssignedComputerName "USAL-DEVICE1" -AddToGroup "USAL-AADJ" -Reboot -verbose

after that device is ok and has its device name added to the windows autopilot device object, also has its GroupTag and get the windows autopilot deployment profile assigned as well as gets the proper DeviceName from AssignedComputerName parameter.

thanks,
Thiago Beier

Installed version: 5.0.2
Used command:
get-windowsautopilotinfocommunity.ps1 -Online -TenantId xxxxx -AppId xxxxx -AppSecret xxxxx -Identifier

https://graph.microsoft.com/DeviceManagementServiceConfig.ReadWrite.All is applies to the AppId

I get these errors. Same errors if I "get-windowsautopilotinfocommunity.ps1 -Online -Identifier" is executed and logged on with an admin account.

Checking if device xxxxx exists in AutoPilot
Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceManagement/importedDeviceIdentities/searchExistingIdentities
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 81a461d5-60ed-47da-9c60-f50785091349
client-request-id: b6fac339-4abf-4459-b40e-1c3a92cc7b04
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"009","RoleInstance":"AM1PEPF00027E5A"}}
Date: Fri, 14 Jun 2024 08:45:14 GMT
Content-Encoding: gzip
Content-Type: application/json
{"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "Invalid Device Identifier parameter found for 1 import records! - Operation ID (for cu
stomer support): 00000000-0000-0000-0000-000000000000 - Activity ID: b6fac339-4abf-4459-b40e-1c3a92cc7b04 - Url: https://fef.msub07.manage.microsoft.com/DeviceEnrollmentFE
/StatelessDeviceEnrollmentFEService/deviceManagement/importedDeviceIdentities/microsoft.management.services.api.searchExistingIdentities?api-version=5023-06-28",\r\n "C
ustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2024-06-14T08:45:14","r
equest-id":"81a461d5-60ed-47da-9c60-f50785091349","client-request-id":"b6fac339-4abf-4459-b40e-1c3a92cc7b04"}}}
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:2014 char:18

• ... response = (Invoke-MgGraphRequest -Uri $uri -Method Post -Body $json ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (Method: POST, R...ication/json
    }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
  • FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
    Device xxxxx does not exist in AutoPilot, adding it
    Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceManagement/importedDeviceIdentities/importDeviceIdentityList
    HTTP/1.1 400 Bad Request
    Transfer-Encoding: chunked
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=31536000
    request-id: 64d8e02d-48a4-43dd-b83b-1e3342e94c1c
    client-request-id: cc610bc6-abeb-4231-9a4a-6931046c7377
    x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"009","RoleInstance":"AM1PEPF00027E5A"}}
    Date: Fri, 14 Jun 2024 08:45:14 GMT
    Content-Encoding: gzip
    Content-Type: application/json
    {"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-0
    00000000000 - Activity ID: cc610bc6-abeb-4231-9a4a-6931046c7377 - Url: https://fef.msub07.manage.microsoft.com/DeviceEnrollmentFE/StatelessDeviceEnrollmentFEService/device
    Management/importedDeviceIdentities/microsoft.management.services.api.importDeviceIdentityList?api-version=5023-06-28",\r\n "CustomApiErrorPhrase": "",\r\n "RetryA
    fter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2024-06-14T08:45:14","request-id":"64d8e02d-48a4-43dd-b83b-1e3342
    e94c1c","client-request-id":"cc610bc6-abeb-4231-9a4a-6931046c7377"}}}
    At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:2060 char:1
• Invoke-MgGraphRequest -Uri $uri -Method Post -Body $json -OutputType ...

•   + CategoryInfo          : InvalidOperation: (Method: POST, R...ication/json
  

}:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
+ FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
Device xxxxx added to AutoPilot

I get an error when running autopilotnuke version 3.3

The term 'getalldevicesandusers' is not recognized as the name of a cmdlet, function, script, file or operable program.
This is when I open a command prompt, launch powershell with powershell.exe -executionpolicy remotesigned
Then
Install-Script -Name AutopilotNuke

And then run AutopilotNuke.

I can see getalldevicesandusers was added in the script in the most recent version, but googling can find no references to it other than this github and the powershell galley for this script.

I had to change line 1893 to $graph = Connect-MgGraph -scopes Group.ReadWrite.All, Device.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All
and line 1896 to $aadId = Connect-MgGraph -scopes Group.ReadWrite.All, Device.Read.All,DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All in order to be able to add a device successfully. Otherwise I was getting a 403 error. I'd never used the previous script from MS on this tenant, so possibly different sets of permissions being requested?

Hello Andrew,
I have dealt with the same issue recently (it is on Microsoft side) and since the trick with '[uri]::EscapeDataString($serial)' does not work unfortunately, the solution was to do it in two parts:

# get all the devices with the same (up to a first space) serial number 
$SerialWithoutSpace = $serial.split(" ")
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$filter=contains(serialNumber,'$($SerialWithoutSpace[0])')"

and then to filter the device with the exact serial number:

$devicesResponse.value | Where-Object {$_.serialNumber -eq "$($serial)"}