IntuneManagement icon indicating copy to clipboard operation
IntuneManagement copied to clipboard
verified publisher icon Micke-K

Entra group export and import is unpredictable

Open GeldHades27355 opened this issue 9 months ago • 7 comments

hey @Micke-K ,

Exporting Entra Groups seems unpredictable for us. Only a portion of them get exported. Also always the same ones.

Importing causes NONE or just one or two to import in a new tenant.

What's causing that and how can I help troubleshoot?

GeldHades27355 avatar Jul 25 '25 13:07 GeldHades27355

Hello,

Not sure what could cause this. Groups should be export if export policies with assignments.

Any special characters in the group names? Do you have any logs?

Cheers!

Micke-K avatar Jul 28 '25 09:07 Micke-K

What does "with assignments" mean? I have the checkbox ON. No special characters, we use English group names - to avoid any language dependencies. 😉

Which logs do you need and how do I get them?

GeldHades27355 avatar Jul 28 '25 09:07 GeldHades27355

There should be a CloudAPIPowerShellManagement.log file in the root of the folder.

Anything in the logs that can give you a hint why it fails to export the groups?

Note: The groups are cached during export. Any groups created after the export will not be included unless you restart the tool.

Cheers

Micke-K avatar Aug 03 '25 10:08 Micke-K

Two issues I've seen with group import Trailing space in Group name Multiple groups with same name but different object ID (not a clue how these were created, but was able to rename/delete as required in the source)

Arne-RFA avatar Sep 10 '25 11:09 Arne-RFA

Hello,

Do you have any ligs when this happened?

Cheers!

Micke-K avatar Sep 10 '25 12:09 Micke-K

I've been doing a lot of "cleanup" and didn't save as many logs as I should have, but think that the below was one of them

<![LOG[Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/groups?$filter=displayName eq 'UAT - RFA Policy - Managed Apps Outlook Contact & Cal Sync Enable' (Request ID: 42335ed6-744d-4e6c-988d-7307c167d9e5). Status code: BadRequest. Response message: Invalid filter clause: There is an unterminated string literal at position 63 in 'displayName eq 'UAT - RFA Policy - Managed Apps Outlook Contact'. Exception: The remote server returned an error: (400) Bad Request.]LOG]!><time="13:45:03.000+000" date="09-09-2025" component="Start-IntuneManagement" context="" type="3" thread="20300" file="Start-IntuneManagement">

I do have something else I'd forgotten about

There was an issue with a mailnickname, which although I could't find a mailnickname on the source groups, resolved by creating new groups in the source, assigning to the policies, and then deleting the old groups.

<![LOG[Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/groups (Request ID: e465fde2-4936-488c-8111-62faf3836836). Status code: BadRequest. Response message: Invalid value specified for property 'mailNickname' of resource 'Group'. Exception: The remote server returned an error: (400) Bad Request.]LOG]!><time="13:45:44.000+000" date="09-09-2025" component="Start-IntuneManagement" context="" type="3" thread="20300" file="Start-IntuneManagement">

Arne-RFA avatar Sep 10 '25 13:09 Arne-RFA

Hello,

The first error is something with filter. I wonder if it is the & in the name or a space somewhere. I'll see if I can replicate the error.

I don't remember what I did with the mailnickname, I'll have to have a look ag that. I know I used to calculate from name bu that is not the way I normally do it anymore.

Cheers!

Micke-K avatar Sep 13 '25 09:09 Micke-K