Reputation: 1545
New-AzureADPolicy : Error occurred while executing NewPolicy
I am trying to follow the instructions on the Microsoft website (https://learn.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes) to configure a custom token expiry policy.
However I am getting an incomprehensible error message. It does not appear to be a temporary error as I have tried it a few times over the last few days.
I have tried running Powershell as both normal and "as administrator", it makes no difference to the outcome.
PS C:\WINDOWS\system32> Connect-AzureAD -Confirm
Confirm
Are you sure you want to perform this action?
Performing the operation "Connect-AzureAD" on target "Establishing a PowerShell session connected to {0} environment.".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
Account Environment TenantId TenantDomain
------- ----------- -------- ------------
[email protected] AzureCloud 64b6bf97-8bef-49b5-b986-6fa47c6cce08
PS C:\WINDOWS\system32> New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime”:”1.0
:00:00”,”MaxInactiveTime”:”90.00:00:00","MaxAgeMultiFactor":"365.00:00:00","MaxAgeSingleFactor”:”365.00:00:00"}}') -Dis
layName “MYTESTApps” -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: InternalServerError
Message: Unable to resolve User Id
InnerError:
RequestId: bbf7b26d-3cfe-493d-9eb6-cafb9606085d
DateTimeStamp: Thu, 04 May 2017 10:25:44 GMT
HttpStatusCode: InternalServerError
HttpStatusDescription: Internal Server Error
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
PS C:\WINDOWS\system32>
Upvotes: 2
Views: 4372
Answers (1)
Reputation: 27538
If the user you signed in is a external account(for example : [email protected]) ,you will get this error . Please use a local azure ad admin account ([email protected]) to perform the New-AzureADPolicy operation .
And please replace ” with " and try below updated command :
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"1.00:00:00","MaxInactiveTime":"90.00:00:00","MaxAgeMultiFactor":"365.00:00:00","MaxAgeSingleFactor":"365.00:00:00"}}') -DisplayName "WebPolicyScenario2" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
Upvotes: 5
Related Questions
- Set-AzureADUserLicense error when trying to create license object
- How to get New-AzureADPolicy to work in azure cloud shell
- Get-AzureADPolicy : The term 'Get-AzureADPolicy' is not recognized
- Add-AzureADGroupMember error "Error occurred while executing AddGroupMember"
- Azure: New-AzRoleAssignment Input string was not in a correct format - error with double parsing... without any number
- Add-AzureADApplicationPolicy: Error occurred while executing AddApplicationPolicy (Request_ResourceNotFound)
- AzureAD PowerShell New-AzureRmRoleAssignment keeps failing
- New-AzureADPolicy missed in the Azure cloud shell
- New-AzureADPolicy : Error occurred while executing NewPolicy in windows powershell
- New azure active directory with powershell