"Cannot find type" error in Azure Pipelines Powershell script

Question

I am having trouble resolving the following error in a Powershell Script in Azure Pipelines:

Cannot find type [Microsoft.Open.AzureAD.Model.RequiredResourceAccess]: verify that the assembly containing this type is loaded.

The context is as follows:

I have written a script that creates and hooks up the Azure AD App Registration for a web application. I don't want to have to go into the portal and manually delegate that permission, so I am attempting to add a section to my script that will identify the graph API delegated permission that I need to login a user ("User.Read") and automatically assign it to the App Registration.

The following script works if I run it directly in the Azure Portal Cloud Shell:

Write-Output "No App Registration found.  We need to create one."
New-AzADApplication -DisplayName $AppService -IdentifierUris "http://$AppService"
Get-AzADApplication -DisplayName $AppService | Update-AzADApplication -ReplyUrl @("https://$AppService.azurewebsites.net/$LoginRoute", "https://$HostName/$LoginRoute")
$reg = Get-AzADApplication -DisplayName $($AppService)

Write-Output "Now we need to give the app permissions."
# We need to give the app permission to read the user profile
$graphPerms = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$graphPerms.ResourceAppId = "00000003-0000-0000-c000-000000000000" # graph id, not app registration id
$readUser = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess"
$readUser.Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # this is the permanent GUID of the User.Read permission in Graph
$readUser.Type = "Role"
$graphPerms.ResourceAccess = $readUser
Set-AzureADApplication -ObjectId $reg.ObjectId -RequiredResourceAccess $graphPerms

However, when I try to run it through the Pipelines Azure Powershell release task, it gives me that "Cannot find type" error.

So, I know what "Cannot find type" means, my question is why is that not available to Pipelines but it is to the Azure Portal Cloud Shell?

And, as an obvious follow-up, is there anything obvious that I am missing that I should try as far as making that type available to my script?

Answer 1

So, I know what "Cannot find type" means, my question is why is that not available to Pipelines but it is to the Azure Portal Cloud Shell?

1.The Azure Portal Cloud Shell from Azure contains the required Azure-related modules so you can easily do that using Azure Portal Cloud Shell.

2.Powershell task is a simple powershell task in Azure Devops Service(Azure Devops Service is different product from Azure) which doesn't contain those az modules by default.

3.Comparing with Powershell task, Azure Powershell task contains some az modules by default:

Azure PowerShell task uses Azure/AzureRM/Az PowerShell Module to interact with Azure Subscription.

But it doesn't contain the AzureAD module which the missing type belongs to. That's why you get cannot find type error in Azure Devops pipeline.

And, as an obvious follow-up, is there anything obvious that I am missing that I should try as far as making that type available to my script?

A quick workaround is to install the missing AzureAD module. Try something like this:

Install-Module AzureAD -Scope CurrentUser -Force

Import-Module AzureAD -Force

$graphPerms = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"

Install and then import the module at the start of your script. The issue would go away. (I tested it using VS2017-windows2016 hosted agent with PS task)

Hope it helps :)