andrew-s-taylor / windowsautopilotinfo Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
Running: Get-WindowsAutopilotInfoCommunity -Online -TenantId $tenantId -AppId $appId -AppSecret $StoredSecret -GroupTag $GroupTagValue
Invoke-MGGraphRequest : GET https://graph.microsoft.com/beta/devices%3F%24skiptoken%XXXXXXXXX
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: XXXXXXX
client-request-id: XXXXXXXXX
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"AM4PEPF0001511F"}}
Date: Mon, 11 Dec 2023 16:27:42 GMT
Content-Encoding: gzip
Content-Type: application/json
{"error":{"code":"BadRequest","message":"Resource not found for the segment 'devices?$skiptoken=XXXXXXXXXXXXX'.","innerError":{"date":"2023-12-11T16:27:43","request-id":"XXXXXXXXXX","client-request
-id":"XXXXXXXXXXXX"}}}
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:1933 char:35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When I try to run Get-AutopilotDevice I get the following output:
Get-AutopilotDevice : Microsoft.Graph.PowerShell.Authentication.Helpers.HttpResponseException: Response status code
does not indicate success: Forbidden (Forbidden).
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
At line:1 char:1
+ Get-AutopilotDevice
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-AutopilotDevice
I'm authenticated as a Global Admin and use Connect-MgGraph to sign in
all parameters are working fine for brand new devices
if we run
; brand new devices to windows autopilot
.\get-windowsautopilotinfo-v1.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -GroupTag HYBRID -Verbose
; existing devices in windows autopilot (we want only update existing GroupTag)
;brand new device to windows autopilot
.\get-windowsautopilotinfo-v1.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -Assign -GroupTag HYBRID -Verbose
if we run the functions separately works
Get-AutopilotDevice | Where-Object { $.serialnumber -eq "VM" }
Set-AutopilotDevice -id 58bdc576-d87f-41a3-aec4-9cba1177a19c -groupTag "HYBRID"
Invoke-AutopilotSync
Get-AutopilotDevice | Where-Object { $.serialnumber -eq "VM" }
The Function Get-AutopilotDevice() is throwing an error: Invoke-MgGraphRequest: The pipeline has been stopped.
Currently a cleanup of the device records (if they exist after some previous import attempt), in deviceManagement/importedWindowsAutopilotDeviceIdentities is handled in Import-AutopilotCSV
.
In case someone would find it useful to do it outside of this function, I suggest to add -serial
parameter to the Get-AutopilotImportedDevice()
function and then the cleanup would be performed by calling Get-AutopilotImportedDevice -serial "ABCDEFGH" | Remove-AutopilotImportedDevice
Function Get-AutopilotImportedDevice() {
<#
.SYNOPSIS
Gets information about devices being imported into Windows Autopilot.
.DESCRIPTION
The Get-AutopilotImportedDevice cmdlet retrieves either the full list of devices being imported into Windows Autopilot for the current Azure AD tenant, or information for a specific device if the ID of the device is specified. Once the import is complete, the information instance is expected to be deleted.
.PARAMETER id
Optionally specifies the ID (GUID) for a specific Windows Autopilot device being imported.
.PARAMETER serial
Optionally specifies the serial number of the specific Windows Autopilot device being imported
.EXAMPLE
Get a list of all devices being imported into Windows Autopilot for the current Azure AD tenant.
Get-AutopilotImportedDevice
#>
[cmdletbinding()]
param
(
[Parameter(Mandatory = $false)] $id = $null,
[Parameter(Mandatory = $false)] $serial
)
# Defining Variables
$graphApiVersion = "beta"
if ($id) {
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/$id"
}
elseif ($serial) {
# handles also serial numbers with spaces
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/?`$filter=contains(serialNumber,'$serial')"
}
else {
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities"
}
Write-Verbose "GET $uri"
try {
$response = Invoke-MGGraphRequest -Uri $uri -Method Get -OutputType PSObject
if ($id) {
$response
}
else {
$devices = $response.value
$devicesNextLink = $response."@odata.nextLink"
while ($null -ne $devicesNextLink) {
$devicesResponse = (Invoke-MGGraphRequest -Uri $devicesNextLink -Method Get -OutputType PSObject)
$devicesNextLink = $devicesResponse."@odata.nextLink"
$devices += $devicesResponse.value
}
$devices
}
}
catch {
Write-Error $_.Exception
break
}
}
Hello,
Maybe I do something wrong but when I run this during OOBE :
get-windowsautopilotinfocommunity -GroupTag "HAADJ" -Assign -AssignedUser "[email protected]" -Preprov -Online
Everything works except redirecting to the white glove options.
If I physically do the 5 times on windows key, it works.
I have a french computer but I don't there is an impact on this.
Thanks for your work done on this script. ;-)
Hi,
I work in education so might be a bit different in my needs but I made a couple of adjustments that I thought I would share, but I don't know how to do pull requests, etc.
We needed to add to multiple groups (dependent on being a staff device or pupil device) - nothing major and might not affect businesses in the same way.
I altered the following:
[Parameter(Mandatory = $False, ParameterSetName = 'Online')] [String[]] $AddToGroup = "", #(to accept an array)
and:
# Add the device to the specified AAD group
if ($AddToGroup) {
foreach ($ADGroup in $AddToGroup){
$aadGroup = Get-MgGroup -Filter "DisplayName eq '$ADGroup'"
if ($aadGroup) {
$autopilotDevices | ForEach-Object {
$uri = "https://graph.microsoft.com/beta/devices?`$filter=deviceId eq '" + $_.azureActiveDirectoryDeviceId + "'"
$aadDevice = (Invoke-MgGraphRequest -Uri $uri -Method GET -OutputType PSObject -SkipHttpErrorCheck).value
if ($aadDevice) {
Write-Host "Adding device $($aadDevice.displayName) to group $ADGroup"
New-MgGroupMember -GroupId $aadGroup.Id -DirectoryObjectId $aadDevice.id
}
else {
Write-Error "Unable to find Azure AD device with ID $($aadDevice.deviceId)"
}
}
Write-Host "Added devices to group '$ADGroup' ($($aadGroup.Id))"
}
else {
Write-Error "Unable to find group $ADGroup"
}
}
} #to deal with the array
Just might be useful for someone else hopefully! Please delete or move as not an issue!
Hi Andrew,
Module was working without issues, but suddenly from yesterday each time I run it I am getting following issue. Any idea?
Loading all objects. This can take a while on large tenants
Invoke-MgGraphRequest : The pipeline has been stopped.
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:1959 char:26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Something went wrong. Error: Method not found: 'Void Microsoft.Graph.Authentication.AzureIdentityAccessTokenProvider..ctor(Azure.Core.TokenCredential, System.String[], Microsoft.Kiota.Authentication.Azure.ObservabilityOptions, System.String[])'.
Stop-Transcript : An error occurred stopping transcription: The host is not currently transcribing.
At D:\AutoPilot3.ps1:128 char:5
Stop-Transcript
~~~~~~~~~~~~~~~
Hey,
There is a section
$newuserPrincipalName = Read-Host -Prompt "Change assigned user [$userPrincipalName] (type a new value or hit enter to keep the old one)" if (![string]::IsNullOrWhiteSpace($newuserPrincipalName)){ $userPrincipalName = $newuserPrincipalName }
where the assigned user can be left as the user previously associated, or change to a new user. In the scenario where there was previously a user associated and now there should be no assigned user, its it possible to add an elseif statement for answering the prompt with a keyword like NONE to set the userprincipalname to null?
Thanks,
When attempting to run install-script autopilot nuke,
I get the following error:
Installing module WindowsAutopilotIntuneCommunity WARNING: The version 2.9.0 of module 'Microsoft.Graph.Authentication' is currently in use. Retry the operation after closing the applications. WARNING: The version 2.9.0 of module 'Microsoft.Graph.Groups' is currently in use. Retry the operation after closing the applications. Import-Module: The specified module 'WindowsAutopilot IntuneCommunity' was not loaded because no valid module file was found in any module directory.
At C:\Program Files\Windows PowerShell\Scripts\AutopilotNuke.ps1:275 char:9
Import-Module WindowsAutopilot IntuneCommunity -Scope Global
When I attempt to install the module without specifying the version number, I get the following error:
PackageManagement \Install-Package: The module 'WindowsAutopilotIntuneCommunity cannot be installed or updated 'WindowsAutopilot IntuneCommunity.psd1' is not valid.
because the authenticode signature of the file At C:\Program Files\Windows PowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21 $null = PackageManagement \Install-Package
Specifying an older version of the module as following:
PS C:\Windows\System32> install-module windowsautopilotintunecommunity -requiredversion 2.1
And then installing autopilotnuke and running it seems to work better.
This issue seemed to begin when autopilotnuke push bumped to version 3.8 in powershell gallery.
Thanks,
run the following:
.\get-windowsautopilotinfo.ps1 -Hybrid -TenantId 111111 -AppId 22222 -AppSecret 33333 -AssignedComputerName "USAL-DEVICE1" -AddToGroup "USAL-AADJ" -Reboot -verbose
then goes:
Select-MgProfile : The term 'Select-MgProfile' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\temp\get-windowsautopilotinfo.ps1:1890 char:13
Select-MgProfile -Name Beta
~~~~~~~~~~~~~~~~
Connect-MgGraph : Cannot bind parameter 'AccessToken'. Cannot convert the
then connects
At C:\temp\get-windowsautopilotinfo.ps1:1891 char:52
$graph = Connect-MgGraph -AccessToken $accessToken
~~~~~~~~~~~~
Connected to Intune tenant 1111111111111111-22222-33333-44444-555555555555555 using app-based authentication (Azure AD authentication not supported)
and throws the error
Add-AutopilotImportedDevice : Microsoft.Graph.PowerShell.AuthenticationException: Authentication needed. Please call Connect-MgGraph.
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
At C:\temp\get-windowsautopilotinfo.ps1:2026 char:26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if you stay on the same screen on the fresh device / VM
and run Connect-MgGraph
than re-run enrollment parameters works
.\get-windowsautopilotinfo.ps1 -Hybrid -TenantId 111111 -AppId 22222 -AppSecret 33333 -AssignedComputerName "USAL-DEVICE1" -AddToGroup "USAL-AADJ" -Reboot -verbose
after that device is ok and has its device name added to the windows autopilot device object, also has its GroupTag and get the windows autopilot deployment profile assigned as well as gets the proper DeviceName from AssignedComputerName parameter.
thanks,
Thiago Beier
Installed version: 5.0.2
Used command:
get-windowsautopilotinfocommunity.ps1 -Online -TenantId xxxxx -AppId xxxxx -AppSecret xxxxx -Identifier
https://graph.microsoft.com/DeviceManagementServiceConfig.ReadWrite.All is applies to the AppId
I get these errors. Same errors if I "get-windowsautopilotinfocommunity.ps1 -Online -Identifier" is executed and logged on with an admin account.
Checking if device xxxxx exists in AutoPilot
Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceManagement/importedDeviceIdentities/searchExistingIdentities
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 81a461d5-60ed-47da-9c60-f50785091349
client-request-id: b6fac339-4abf-4459-b40e-1c3a92cc7b04
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"009","RoleInstance":"AM1PEPF00027E5A"}}
Date: Fri, 14 Jun 2024 08:45:14 GMT
Content-Encoding: gzip
Content-Type: application/json
{"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "Invalid Device Identifier parameter found for 1 import records! - Operation ID (for cu
stomer support): 00000000-0000-0000-0000-000000000000 - Activity ID: b6fac339-4abf-4459-b40e-1c3a92cc7b04 - Url: https://fef.msub07.manage.microsoft.com/DeviceEnrollmentFE
/StatelessDeviceEnrollmentFEService/deviceManagement/importedDeviceIdentities/microsoft.management.services.api.searchExistingIdentities?api-version=5023-06-28",\r\n "C
ustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2024-06-14T08:45:14","r
equest-id":"81a461d5-60ed-47da-9c60-f50785091349","client-request-id":"b6fac339-4abf-4459-b40e-1c3a92cc7b04"}}}
At C:\Program Files\WindowsPowerShell\Scripts\get-windowsautopilotinfocommunity.ps1:2014 char:18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Method: POST, R...ication/json
}:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
+ FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
Device xxxxx added to AutoPilot
I get an error when running autopilotnuke version 3.3
The term 'getalldevicesandusers' is not recognized as the name of a cmdlet, function, script, file or operable program.
This is when I open a command prompt, launch powershell with powershell.exe -executionpolicy remotesigned
Then
Install-Script -Name AutopilotNuke
And then run AutopilotNuke.
I can see getalldevicesandusers was added in the script in the most recent version, but googling can find no references to it other than this github and the powershell galley for this script.
I had to change line 1893 to $graph = Connect-MgGraph -scopes Group.ReadWrite.All, Device.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All
and line 1896 to $aadId = Connect-MgGraph -scopes Group.ReadWrite.All, Device.Read.All,DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All in order to be able to add a device successfully. Otherwise I was getting a 403 error. I'd never used the previous script from MS on this tenant, so possibly different sets of permissions being requested?
Hello Andrew,
I have dealt with the same issue recently (it is on Microsoft side) and since the trick with '[uri]::EscapeDataString($serial)' does not work unfortunately, the solution was to do it in two parts:
# get all the devices with the same (up to a first space) serial number
$SerialWithoutSpace = $serial.split(" ")
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$filter=contains(serialNumber,'$($SerialWithoutSpace[0])')"
and then to filter the device with the exact serial number:
$devicesResponse.value | Where-Object {$_.serialNumber -eq "$($serial)"}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.