Description
Describe the bug
Trying to create a new Password Rule Directory Settings :
# Configuring settings template
Write-Host "Configuring settings template" -ForegroundColor $CommandInfo
$SettingTemplate = Get-MgBetaDirectorySettingTemplate | Where-Object { $_.DisplayName -eq "Password Rule Settings" }
$Setting = Get-MgBetaDirectorySetting | Where-Object { $_.TemplateId -eq $SettingTemplate.Id }
if (-Not $Setting)
{
Write-Warning "Setting not yet created. Creating one based on template."
$Values = @()
foreach($dval in $SettingTemplate.Values) {
$Values += @{Name = $dval.Name; Value = $dval.DefaultValue}
}
$Setting = New-MgBetaDirectorySetting -DisplayName "Password Rule Settings" -TemplateId $SettingTemplate.Id -Values $Values
$Setting = Get-MgBetaDirectorySetting | Where-Object { $_.TemplateId -eq $SettingTemplate.Id }
}
This gives the error:
New-MgBetaDirectorySetting_CreateExpanded: D:\Repos\PFIBDO-ADM-CloudConfiguration\scripts\security\Set-BannedPasswords.ps1:91:5
Line |
91 | $Setting = New-MgBetaDirectorySetting -DisplayName "Password Rule …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert the literal 'True' to the expected type 'Edm.String'. Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-02-28T17:40:56
| Headers: Cache-Control : no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id
| : f525f837-aecc-4a16-9882-a8ddb34b45df client-request-id : f237a0ac-15ca-4390-887f-3595e7fca430 x-ms-ags-diagnostic :
| {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"ZR1PEPF0000065F"}} x-ms-resource-unit : 1
| Date : Fri, 28 Feb 2025 17:40:55 GMT
Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
This code works since years.
Expected behavior
The directory setting should be created
How to reproduce
Run above code
SDK Version
Microsoft.Graph.Authentication 2.26.1 and Microsoft.Graph.Beta.Identity.DirectoryManagement 2.26.1
Latest version known to work for scenario above?
2.25.X
Known Workarounds
None known
Debug output
Click to expand log
``` [DBG]: PS D:\Repos\PFIBDO-ADM-CloudConfiguration> New-MgBetaDirectorySetting -DisplayName "Password Rule Settings" -TemplateId $SettingTemplate.Id -Values $Values -Debug [CmdletBeginProcessing]: - New-MgBetaDirectorySetting begin processing with parameterSet 'CreateExpanded'. [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'. [Authentication]: - Scopes: [Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, AuditLog.Read.All, ChannelMessage.Send, Contacts.Read, CrossTenantInformation.ReadBasic.All, DelegatedPermissionGrant.ReadWrite.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfig.ReadWrite.All, Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, Domain.ReadWrite.All, email, Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, Organization.ReadWrite.All, OrganizationalBranding.ReadWrite.All, Policy.Read.All, Policy.ReadWrite.AuthenticationMethod, Policy.ReadWrite.Authorization, Policy.ReadWrite.ConditionalAccess, Policy.ReadWrite.CrossTenantAccess, Policy.ReadWrite.DeviceConfiguration, Policy.ReadWrite.PermissionGrant, profile, RoleAssignmentSchedule.ReadWrite.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory, SharePointTenantSettings.ReadWrite.All, TeamMember.ReadWrite.All, TeamsApp.ReadWrite.All, TeamsAppInstallation.ReadWriteForTeam, TeamsAppInstallation.ReadWriteSelfForTeam, TeamSettings.ReadWrite.All, TeamsTab.ReadWrite.All, User.Read.All, User.ReadWrite.All, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All, WindowsUpdates.ReadWrite.All].Confirm
Are you sure you want to perform this action?
Performing the operation "New-MgBetaDirectorySetting_CreateExpanded" on target "Call remote 'POST /settings' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
============================ HTTP REQUEST ============================
HTTP Method:
POST
Absolute Uri:
https://graph.microsoft.com/beta/settings
Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; de-CH),PowerShell/2025.0.0
SdkVersion : graph-powershell-beta/2.26.1
client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
Accept-Encoding : gzip,deflate,br
Body:
{
"displayName": "Password Rule Settings",
"templateId": "5cf42378-d67d-4f36-ba46-e8b86229381d",
"values": [
{
"name": "BannedPasswordCheckOnPremisesMode",
"value": "Audit"
},
{
"name": "EnableBannedPasswordCheckOnPremises",
"value": true
},
{
"name": "EnableBannedPasswordCheck",
"value": true
},
{
"name": "LockoutDurationInSeconds",
"value": 60
},
{
"name": "LockoutThreshold",
"value": 10
},
{
"name": "BannedPasswordList",
"value": ""
}
]
}
============================ HTTP RESPONSE ============================
Status Code:
BadRequest
Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 03f53341-d485-4054-beae-938f0cbca8a6
client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E0"}}
x-ms-resource-unit : 1
Date : Fri, 28 Feb 2025 17:47:11 GMT
Body:
{
"error": {
"code": "Request_BadRequest",
"message": "Cannot convert the literal 'True' to the expected type 'Edm.String'.",
"innerError": {
"date": "2025-02-28T17:47:12",
"request-id": "03f53341-d485-4054-beae-938f0cbca8a6",
"client-request-id": "bdeb9ef0-fa7d-49f5-826a-7640057b3884"
}
}
}
New-MgBetaDirectorySetting_CreateExpanded: D:\WindowsPowerShell\Modules\Microsoft.Graph.Beta.Identity.DirectoryManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1:104703:23
Line |
104703 | $scriptCmd = {& $wrappedCmd @PSBoundParameters}
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert the literal 'True' to the expected type 'Edm.String'. Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-02-28T17:47:12
| Headers: Cache-Control : no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000
| request-id : 03f53341-d485-4054-beae-938f0cbca8a6 client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
| x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E0"}}
| x-ms-resource-unit : 1 Date : Fri, 28 Feb 2025 17:47:11 GMT
Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
</details>
### Configuration
[DBG]: PS D:\Repos\PFIBDO-ADM-CloudConfiguration> $PSVersionTable
Name Value
---- -----
PSVersion 7.5.0
PSEdition Core
GitCommitId 7.5.0
OS Microsoft Windows 10.0.26100
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Architecture: x64
### Other information
_No response_