microsoftgraph
Get-MgUserDefaultDrive pre-provision does not work
Describe the bug
I want to pre-provision users OneDrive using the following method: https://learn.microsoft.com/en-us/graph/api/drive-get?view=graph-rest-1.0&tabs=powershell
According to the documentation this should work:
If a user's OneDrive isn't provisioned but the user has a license to use OneDrive, this request will automatically provision the user's drive, when using delegated authentication
It does however not, and the reason why is unclear.
I got a user with an Microsoft E3 license assigned and im using the permissions described in the documentation.
Expected behavior
OneDrive site get created
How to reproduce
$Scopes = @( 'Files.Read' 'Sites.ReadWrite.All' 'Sites.Read.All' 'Files.Read.All' 'Files.ReadWrite.All' )
Import-Module Microsoft.Graph.Files -RequiredVersion 2.23.0 Connect-Graph -Scopes $Scopes
Get-MgUserDefaultDrive -UserId "user1@
SDK Version
2.23.0
Latest version known to work for scenario above?
No response
Known Workarounds
Using PnP.PowerShell
Request-SPOPersonalSite -UserEmails <upn>
Debug output
Click to expand log
```DEBUG: [CmdletBeginProcessing]: - Get-MgUserDefaultDrive begin processing with parameterSet 'Get'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [Agreement.ReadWrite.All, Application.Read.All, CloudPC.ReadWrite.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementRBAC.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, Directory.ReadWrite.All, email, Files.Read, Files.Read.All, Files.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, openid, Organization.ReadWrite.All, Policy.Read.All, Policy.ReadWrite.ConditionalAccess, PrivilegedAccess.ReadWrite.AzureADGroup, profile, RoleManagement.ReadWrite.Directory, RoleManagementPolicy.ReadWrite.AzureADGroup, Sites.Read.All, Sites.ReadWrite.All, User.Read, User.Read.All, User.ReadWrite.All].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: GET
Absolute Uri:
https://graph.microsoft.com/v1.0/users/
Headers: FeatureFlag : 00000043 Cache-Control : no-store, no-cache User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; sv-SE),PowerShell/2024.2.2 Accept-Encoding : gzip SdkVersion : graph-powershell/2.23.0 client-request-id : d7f8cbb4-05d9-4c4f-aa22-d2bd810d8e67
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: Forbidden
Headers: Cache-Control : no-store, no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 0a34bc4e-2aad-401f-aec7-7f3434c9154a client-request-id : d7f8cbb4-05d9-4c4f-aa22-d2bd810d8e67 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Norway East","Slice":"E","Ring":"2","ScaleUnit":"001","RoleInstance":"OSL2EPF00000164"}} Date : Mon, 30 Sep 2024 08:16:07 GMT
Body: { "error": { "code": "accessDenied", "message": "Access denied", "innerError": { "date": "2024-09-30T08:16:08", "request-id": "0a34bc4e-2aad-401f-aec7-7f3434c9154a", "client-request-id": "d7f8cbb4-05d9-4c4f-aa22-d2bd810d8e67" } } }
Get-MgUserDefaultDrive_Get: Access denied
Status: 403 (Forbidden) ErrorCode: accessDenied Date: 2024-09-30T08:16:08
Headers: Cache-Control : no-store, no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 0a34bc4e-2aad-401f-aec7-7f3434c9154a client-request-id : d7f8cbb4-05d9-4c4f-aa22-d2bd810d8e67 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Norway East","Slice":"E","Ring":"2","ScaleUnit":"001","RoleInstance":"OSL2EPF00000164"}} Date : Mon, 30 Sep 2024 08:16:07 GMT
DEBUG: [CmdletEndProcessing]: - Get-MgUserDefaultDrive end processing.
</details>
### Configuration
PSVersion 7.4.5
PSEdition Core
GitCommitId 7.4.5
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
### Other information
_No response_
Same here. I really need this feature. Because I am using Apple M3 Macbook, Which the PowerShell module "Microsoft.Online.SharePoint.PowerShell" does not support this arch...
Closing this issue because it's a duplicate of #2820. Kindly see my comment on that issue
@timayabi2020 how is this a duplicate?
The issue here is that Get-MgUserDefaultDrive should pre-provision the users Onedrive. Much like how running Request-SPOPersonalSite does.
The issue in #2820 is failure to run Get-MgUserDefaultDrive to retrieve the default Onedrive of a user after it has already been created.
@timayabi2020 please reopen this issue otherwise I will create a new one. This a core functionality that should be part of the Graph SDK.
@timayabi2020 Can you add the bug and needs investigation status labels back?
As we prepare for a tenant migration (split); I have also run into the need Pre-provision OneDrive for users; thus, I am also unable to use Microsoft Graph for this purpose. I am forced to use the Online SharePoint PowerShell module.
@MFisherIT I think I found a work around via connecting to Microsoft Graph Powershell and then using Invoke-GraphRequest to do a GET request of the users Drive.
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users/[email protected]/drive"
This worked in my testing. Hopefully it will work for you as well.
I've tried using both Get-MgUserDefaultDrive -UserId and Invoke-MgGraphRequest -Method GET -uri
Neither option worked for me to provision the users drive. Request-SPOPersonalSite was the only working method I found.
I've tried using both Get-MgUserDefaultDrive -UserId and Invoke-MgGraphRequest -Method GET -uri
Neither option worked for me to provision the users drive. Request-SPOPersonalSite was the only working method I found.
+1
It is nuisance that we cannot pre-provision OneDrive with Graph let alone have to do it all and not have it be automatic when a supporting license is assigned. (Niether here nor there at the moment)
We have replaced all of our processes previously done with MSOnline and AzureAD powershell modules with Graph and this is the only thing we can't do with Graph and in PowerShell Core.
Please help, Microsoft, add a method to use Graph API to pre-provision users' OneDrive like with the Request-SPOPersonalSite.
@MFisherIT I think I found a work around via connecting to Microsoft Graph Powershell and then using Invoke-GraphRequest to do a GET request of the users Drive.
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users/[email protected]/drive"
This worked in my testing. Hopefully it will work for you as well.
I'll give this a try. I'm assuming that there are specific permissions that are required, which may be why this method seems to work for some, while not working for others.
I suppose I'll start with the following Permissions, just to be on the safe side.
User.ReadWrite.All Directory.ReadWrite.All Files.ReadWrite.All Sites.ReadWrite.All
@mrmattipants this doesn't work. my coworker provisioned the users one drive while I was testing so I thought it worked.
@mrmattipants this doesn't work. my coworker provisioned the users one drive while I was testing so I thought it worked.
Thanks for the confirmation
Any news on this? How can it be so slow to be fixed when MS already announced deprecation of Pnp / SPO and app registration the old way on SharePoint
