Fastest way to verify your Client Id and Client Secret are valid with PowerShell

So, you have a Client Id and a Client Secret, but don’t know if they work anymore? Maybe they are expired? Maybe someone removed them? No worries! We can use PowerShell to validate them easily!

Solution

By using PowerShell, it’s fairly straightforward to verify, that your Client Id and Client Secret work. See the snippets below for 2 different steps:

  1. First we validate, that the values work.
  2. If they don’t, let’s run another script to see if the Client Id exists but has expired.

Validate your Client Id by trying to connect with it

We can validate the Client Id and Secret, by using Connect-PnPOnline to connect to SharePoint Online. 

Continue reading

How to get the user count for Azure AD Enterprise Application

PowerShell header

Have you ever tried to find out the number of users of an enterprise application in your Office 365 tenant? For apps with under 100 users it’s easy – just open Azure AD and check the user count. For more popular apps, it’s a lot more difficult, as Azure AD just shows “100+”. However, with some PowerShell magic, we can dig out the real user count!

Problem

When you have an “Enterprise Application” in your Azure AD, you can quite easily access its properties from the Azure Portal. However, if you want to find out the number of users using the app, that’s not as straightforward.

Continue reading

How to enable custom scripts for a SharePoint site collection?

This article explains how to enable custom scripts for any SharePoint site. Different instructions apply to SharePoint Online, and on-premises scenarios (SharePoint 2013, 2016 and probably 2019).

Different solutions resolve the issue for different target sites:

  • Modern SharePoint Team Sites (attached to Office Groups)
  • SharePoint MySites
  • Personal OneDrive sites
  • Any SharePoint site collection created based on self-service site creation
  • SharePoint Online tenant root site collection
  • Any Classic SharePoint site collection

Errors and causes

Most typically I run into this when trying to insert a script web part with custom JavaScript into a site, that has NoScript enabled. That’s annoying – since script webparts are incredibly useful! Continue reading

Don’t remove the root web of your classic SharePoint Site Collection!

Let me explain SharePoint

A quick heads-up – if you remove the root site (or RootWeb, like it’s called in the code) of your classic SharePoint Site Collection, that’s going to cause you some grey hairs. Whereas you can always restore a normal site from the site collection recycle bin, the root site you can’t. You actually can’t access the recycle bin after removing the root site, nor can you make magic happen with PowerShell commandlets anymore.

Site Collection Recycle Bin

Site Collection Recycle Bin – where you could access your removed sites, if you still had the root site!

The Recycle Bin would be located at a URL like this: https://<yoursite>/_layouts/15/AdminRecycleBin.aspx, but after the site is removed, it won’t be there. 

Continue reading

How to output console or PowerShell transcript to a file in Windows

Console output copypaste

Every now and then, you run into a situation, where you’ll need to somehow output the console output of running a console application. I’m actually going to argue it happens a lot more often than one would think – in my case, any time a customer requires a webjob or a function, that one would normally deploy to Azure, being ran on the servers of the customer.

Problem

Something breaks or the app crashes, and the error is logged to event log… But just the error, not the whole transcript. You’d like to get it all, to figure out what’s actually going on, but event log is not the way to go.

Or, you’re investigating an error that happened to someone else, but only get screenshots of console or event log errors, whereas you’d want to get all the possible information about the problem instead.

What to do?

Solution: redirect the console output directly to a file

Continue reading

How to fix “- – the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized'” error

SharePoint is not broken - it just does't work

While running some SharePoint Online -PowerShell commandlets, or connecting to a SharePoint Online site from your app, you get a following (or similar) error about your SharePoint Online credentials being unauthorized for something you should definitely be authorized to do:

Cannot contact web site 'https://<tenant>-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'.

And that’s not all – by digging into the full error message, you find the underlying internal error:

MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.

What awakens my curiosity, is this line:

Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.

However, when you open your browser, you can actually log in without a hitch. If that’s the case, this might be a weird internal error in SharePoint Online. Nothing you can do permissions/configuration-wise, but luckily – there’s a hazy and weird, but simple PowerShell-based fix! 

Continue reading

How to solve errors about missing PnP Cmdlets on PowerShell

SharePoint PnP logo

This blog posts briefly describes how to solve some of the most typical errors about missing PnP Cmdlets when using Windows Powershell (or SharePoint Online Management Shell).

Symptoms

When trying to run some PnP-related cmdlet, you get an error similar to ones below:

Connect-PnPOnline : The term 'Connect-PnPOnline' is not recognized as the name of a cmdlet, function, script file, or o
perable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try aga
in.
At C:\Users\koskela\Downloads\Import-Valo-With-Content\Import\New-Valo.ps1:46 char:5
+     Connect-PnPOnline -Url $AdminUrl
+     ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Connect-PnPOnline:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
Get-PnPTenantSite : The term 'Get-PnPTenantSite' is not recognized as the name of a cmdlet, function, script file, or o
perable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try aga
in.
At C:\Users\koskela\Downloads\Import-Valo-With-Content\Import\New-Valo.ps1:51 char:23
+     $SiteCollection = Get-PnPTenantSite -Url $Url -ErrorAction Silent ...
+                       ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-PnPTenantSite:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
New-PnPTenantSite : The term 'New-PnPTenantSite' is not recognized as the name of a cmdlet, function, script file, or o
perable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try aga
in.
At C:\Users\koskela\Downloads\Import-Valo-With-Content\Import\New-Valo.ps1:60 char:7
+       New-PnPTenantSite -Title $Configuration.SiteCollection.Title `
+       ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (New-PnPTenantSite:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Usually, this is luckily a simple fix!  Continue reading

Fixing the “For security reasons DTD is prohibited in this XML document.” issue

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM).

Error

When running any piece of code, whether in PowerShell, .exe console or anything else than in the code behind relies on .NET Framework, you get an error like this:

For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method.

Continue reading

Unorthodox configuration: How to use VLK and Click-to-run Office Apps side-by-side (Visio and Office 2016 as an example)

Ever had issues with different versions of Office programs not living in harmony together? Me too! This post describes how I was able to fix the issue and get Visio and Office 2016 of different installation types to play well together.

Preface

This blog post was inspired by my need to have Office 365 ProPlus (2016 versions) and Visio running side-by-side on my laptop. That turned out to be a lot more complicated than it arguably should be, so I documented the steps for further use. These instructions are written for that particular scenario (installing MS Visio on a machine with pre-existing Office 2016/365 ProPlus installation). My laptop is running Windows 10 Enterprise, which probably caused one of the issues I ran into.

Let’s get started!  Continue reading

Getting Connect-MsolService (and other SharePoint Online cmdlets) to work

Connect-MsolService

In this post, I’ll try to archive everything you need to download and install to get commandlets like Connect-MsolService working. I’ve had to do it a couple of times when changing laptops, so it’s good to document them somewhere! 🙂

So, when would you need to follow this guide and install the modules described here? Mostly this comes to play, when you’re switching machines, try to run the SharePoint Online Management shell but it doesn’t even exist on the machine, or it does exist but you get random errors like this:

The term 'Connect-MsolService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This guide should help you out! I’ll try to keep it updated as things change.

Required installations:

  1. Microsoft Online Services Sign-In Assistant for IT Professionals RTW
    1. https://www.microsoft.com/en-us/download/details.aspx?id=28177
  2. SharePoint Online Management Shell
    1. https://www.microsoft.com/en-us/download/details.aspx?id=35588
  3. Windows Azure Active Directory Module for Windows PowerShell (v1)
    1. http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185 
      1. Update 5.3.2018: Microsoft actually moved this documentation, and apparently hid it behind authentication somewhere (might require Global Admin or similar on your tenant to even READ IT… That’s smart.)
      2. If you installed it before, it’ll still work, but if you didn’t, never mind. Just see this step.

Now, to run cmdlets like “Connect-MsolService”, just start SharePoint Online Management Shell (or PowerShell).

If you also need Azure Remote Management (AzureRM) cmdlets (I always do!), run this in an elevated PowerShell:

# Install the Azure Resource Manager modules from the PowerShell Gallery
Install-Module AzureRM

What to do if Microsoft hid the AAD module for PowerShell?

Fear not – only the last step (step 3) changed! Instead of installing the AAD module, you run this on PowerShell: Continue reading