SharePoint PnP logo

How to fix Add-PnPApp failing with an Access Denied error

Reading Time: 3 minutes. This was a peculiar case! An issue I hadn’t run into before, and luckily a disturbingly simple fix. But first, let’s set up the scene. We were running a long-ish PowerShell script using a Global Administrator account. One part of the script was supposed to add and deploy a couple of SharePoint apps. But while running Add-PNPApp, we ran into errors: Add-PnPApp -Path $path -Scope $app.Scope -ErrorAc… , Error: {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}} Oh. That’s… A bit surprising for a Global Administrator, right? What’s causing this? Posts Related […]

SharePoint PnP logo

New-PnPSite fails with “SiteStatus” : 3

Reading Time: 3 minutes. This post was most recently updated on December 4th, 2018.While running “New-PnPSite” or actually any other site creation, method in PowerShell or programmatically, the site creation fails and you get an error like the one below back: New-PnPSite : {"d":{"Create":{"__metadata":{"type":"SP.Publishing.CommunicationSiteCreationResponse"},"SiteStatus":3,"SiteUrl":""}}} Ouch! Where does this come from? In the code of New-PnPSite, the actual function call is shown below: var results = ClientContext.CreateSiteAsync(creationInformation); var returnedContext = results.GetAwaiter().GetResult(); (Source) So, the error is not thrown by PnP cmdlet, but rather comes from SharePoint CSOM. This is pretty normal and not surprising, but means we can’t debug it that much, as CSOM is […]

"Get-UnifiedGroup" cmdlet produces a list of your Office 365 Groups with some default properties shown

How to fix an Office Group with no Owners

Reading Time: 6 minutes. This post explains how to add new Owners to your Office Groups using PowerShell. If your group has ended up without any owners, PowerShell might even be the only option, since the graphical user interfaces for Office Groups management are not that good.  Background The hype around Office Groups kind of died down a little bit a while back, since their role wasn’t that clear – they didn’t really do much, and were confusing for end users. Back then, I posted about them replacing Site Mailboxes in SharePoint Online – because that was the first very visible and kind of […]

PowerShell header

Properly checking if an item in a folder is a Directory or not in PowerShell

Reading Time: 4 minutes. Got a great tip from a colleague, on how to properly check if an item is a file or a directory. In one case, we weren’t really ever sure, if another script had finished its running and unzipped a certain zip package into a folder – and we had to verify it had, before continuing the execution. Our initial implementation worked most of the time… But not quite always. The purpose of this blog post is to explain how we found a pretty well working and elegant solution! Problem In this particular case, we were testing items for being directories […]

Get-MsolServicePrincipalCredential - how to get the expiration date for a clientId

Fastest way to verify your Client Id and Client Secret are valid with PowerShell

Reading Time: 3 minutes. This post was most recently updated on August 13th, 2018.So, you have a Client Id and a Client Secret, but don’t know if they work anymore? Maybe they are expired? Maybe someone removed them? No worries! We can use PowerShell to validate them easily! Solution By using PowerShell, it’s fairly straightforward to verify, that your Client Id and Client Secret work. See the snippets below for 2 different steps: First we validate, that the values work. If they don’t, let’s run another script to see if the Client Id exists but has expired. Validate your Client Id by trying to […]

PowerShell header

How to get the user count for Azure AD Enterprise Application

Reading Time: 3 minutes. This post was most recently updated on October 9th, 2018.Have you ever tried to find out the number of users of an enterprise application in your Office 365 tenant? This could be needed for multiple different reasons: maybe your organization is paying for the app and you want to know who’s actually using it, maybe the usage is required by a company policy and it’s useful to know if organization’s members are actually using it, or maybe you just want to know about the user adoption of an app. For apps with under 100 users it’s easy – just open […]

SharePoint's broken as usual

How to enable custom scripts for a SharePoint site collection?

Reading Time: 6 minutes. This post was most recently updated on December 4th, 2018.This article explains how to enable custom scripts for any SharePoint site collection. Different instructions and solutions apply to SharePoint Online, and on-premises scenarios (SharePoint 2013, 2016 and probably 2019). Different solutions resolve the issue for different target sites: Modern SharePoint Team Sites (attached to Office Groups) SharePoint MySites Personal OneDrive sites Any SharePoint site collection created based on self-service site creation SharePoint Online tenant root site collection Any Classic SharePoint site collection Errors and causes Most typically I run into this when trying to insert a script web part with […]

Let me explain SharePoint

Don’t remove the root web of your classic SharePoint Site Collection!

Reading Time: 5 minutes. This post was most recently updated on November 25th, 2018.A quick heads-up – if you remove the root site (or RootWeb, like it’s called in the code) of your classic SharePoint Site Collection, that’s going to cause you some grey hairs. It might even, in some rare cases, be unrecoverable! Why? Whereas you can always restore a normal site from the site collection recycle bin, the root site you can’t. You actually can’t access the recycle bin after removing the root site, nor can you make magic happen with PowerShell commandlets anymore. The Recycle Bin would be located at a […]

Console output copypaste

How to output console or PowerShell transcript to a file in Windows

Reading Time: 3 minutes. This post was most recently updated on November 13th, 2018.Every now and then, you run into a situation, where you’ll need to somehow dump the console output (or transcript) of running a console application. I’m actually going to argue it happens a lot more often than one would think – in my case, any time a customer requires a webjob or a function, that one would normally deploy to Azure, being ran on the servers of the customer. This post describes, how to do that. Problem Something breaks or the app crashes, and the error is logged to event log… […]

SharePoint is not broken - it just does't work

How to fix “- – the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized'” error

Reading Time: 5 minutes. This post was most recently updated on July 11th, 2018.While running some SharePoint Online -PowerShell commandlets, or connecting to a SharePoint Online site from your app, you get a following (or similar) error about your SharePoint Online credentials being unauthorized for something you should definitely be authorized to do: Cannot contact web site ‘https://<tenant>-admin.sharepoint.com/’ or the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized’. And that’s not all – by digging into the full error message, you find the underlying internal error: MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically. What awakens my curiosity, is this line: Access denied. Before […]

SharePoint PnP logo

How to solve errors about missing PnP Cmdlets on PowerShell

Reading Time: 3 minutes. This post was most recently updated on November 25th, 2018.This blog posts briefly describes how to solve some of the most typical errors about missing PnP Cmdlets when using Windows Powershell (or SharePoint Online Management Shell). Symptoms When trying to run some PnP-related cmdlet, you get an error similar to ones below: Connect-PnPOnline : The term ‘Connect-PnPOnline’ is not recognized as the name of a cmdlet, function, script file, or o perable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try aga in. At C:\Users\koskela\Downloads\Import-Valo-With-Content\Import\New-Valo.ps1:46 char:5 + Connect-PnPOnline […]

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

Fixing the “For security reasons DTD is prohibited in this XML document.” issue

Reading Time: 3 minutes. This post was most recently updated on October 9th, 2018.This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM). Error When running any piece of code, whether in PowerShell, .exe console or anything else than in the code behind relies on .NET Framework, you get an error like this: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the […]

Unorthodox configuration: How to use VLK and Click-to-run Office Apps side-by-side (Visio and Office 2016 as an example)

Reading Time: 6 minutes. This post was most recently updated on October 9th, 2018.Ever had issues with different versions of Office programs not living in harmony together? Me too! This post describes how I was able to fix the issue and get Visio and Office 2016 of different installation types to play well together. Preface This blog post was inspired by my need to have Office 365 ProPlus (2016 versions) and Visio running side-by-side on my laptop. That turned out to be a lot more complicated than it arguably should be, so I documented the steps for further use. These instructions are written for […]

Connect-MsolService

Getting Connect-MsolService (and other Azure Active Directory PowerShell cmdlets) to work

Reading Time: 10 minutes. This post was most recently updated on October 9th, 2018.In this post, I’ll try to archive everything you need to download and install to get commandlets like Connect-MsolService working. I’ve had to do it a couple of times when changing laptops, so it’s good to document them somewhere! 🙂 So, when would you need to follow this guide and install the modules described here? Mostly this comes to play, when you’re switching machines, try to run the SharePoint Online Management shell but it doesn’t even exist on the machine, or it does exist but you get random errors like this: […]

Delete site collection

Remove-SPODeletedSite – Actually removing a SharePoint Online Site Collection

Reading Time: 4 minutes. This post was most recently updated on December 4th, 2018.This post describes the actual, working and fast process of removing a site collection in SharePoint Online using the Remove-SPODeletedSite commandlet in SharePoint Online Management Shell (a flavor of PowerShell). Description Sometimes you need to get rid of a site collection you’ve created in SharePoint Online. The most typical example perhaps being removing the team site created for a group of people working together. That’s pretty simple and there are a few ways of doing that. For example, you might just go ahead, and delete the site from Site Settings (see below). Or […]

IDCRL error in PowerShell

Fixing “Connect-SPOService : Identity Client Runtime Library (IDCRL) could not look up the realm information for a federated sign-in.” -error

Reading Time: 2 minutes. This post was most recently updated on October 9th, 2018.This post describes my super-simple fix to a weird error about “Identity Client Runtime Library (IDCRL)” failing with federated sign-in, when running PowerShell scripts against SharePoint Online. Symptoms While running your PowerShell scripts using SharePoint Online Management Shell, you get an error. Your cmdlets fail at connecting to the SharePoint Online with the following (or similar) error message: Connect-SPOService : Identity Client Runtime Library (IDCRL) could not look up the realm information for a federated sign-in. Solution Despite what the error message says, the error is probably not that much about […]

Stock photo from pixabay.com

Using PowerShell to set ULS logging level to “extra verbose” to catch all the events in the logs

Reading Time: 3 minutes. This post was most recently updated on October 9th, 2018.This blog post describes how set the SharePoint’s ULS level to “Extra Verbose” (VerboseEx) using PowerShell. This is not possible using the browser UI, so some POSH magic is required! Luckily, it’s quite straightforward, but to avoid filling your hard drive(s) with huge log files, you should reset the level when you’re done debugging! Description of the solution By default, ULS logging is somewhat non-detailed. This means that a lot of data that could be used to debug issues is omitted. The UI cannot be used to set this level of […]

Anonymous access in SharePoint 2013

Using PowerShell to modify anonymous access permissions on SharePoint On-Premises

Reading Time: 2 minutes. This post was most recently updated on October 9th, 2018.This post is about managing Anonymous Access on a SharePoint site (SPWeb) using PowerShell commandlets. It’s often a lot more feasible and even easier than using the browser interface! In some cases, it’s borderline impossible to avoid it anyway – since accessing the GUI switch might not be possible. Description Assume you have a site collection that’s you have published to the whole world. You’ll have anonymous access enabled at both web application and site collection -levels, and configured permissions at the root web -level. Now, let’s assume you want to […]