Get-PnPSiteTemplate: The remote server returned an error: (403) Forbidden

john john Pter 360 Reputation points
2024-12-21T00:12:44.0966667+00:00

I want to copy one site collection from one tenant to another, so on the source tenant, I created this App Registering and I grant it full control on SharePoint:-

IYv17A9W

And I define to use secret for the authentication:-

Jvd9aB2C

Then I run this command :-


Connect-PnPOnline -Url "https://****.sharepoint.com/sites/****Integration" -ClientId "***" -ClientSecret "ptv**"

Connecting with Client Secret uses legacy authentication and provides limited functionality. We can for instance not execute requests towards the Microsoft Graph, which limits cmdlets related to
 Microsoft Teams, Microsoft Planner, Microsoft Flow and Microsoft 365 Groups. You can hide this warning by using Connect-PnPOnline [your parameters] -WarningAction Ignore

then i got this error, when i tried to Get the site template:-


Get-PnPSiteTemplate -Out "Integration.xml"
Get-PnPSiteTemplate: The remote server returned an error: (403) Forbidden.

Any advice? i remember i did this operation 1 year ago and it worked well.

Thanks

SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,179 questions
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 37,546 Reputation points Microsoft Vendor
    2024-12-23T08:49:35.3566667+00:00

    Hi @john john Pter,

    As the message mentioned Connecting with Client Secret uses legacy authentication and provides limited functionality. To use Sites.FullControl.All, I would recommend you to use Certificate verify identity. Please use following cmdlet

    Connect-PnPOnline -ClientId <$application client id as copied over from the AAD app registration above> -CertificatePath '<$path to the PFX file generated by the PowerShell script above>' -CertificatePassword (ConvertTo-SecureString -AsPlainText "<$password assigned to the generated certificate pair above>" -Force) -Url https://<$yourtenant>.sharepoint.com -Tenant "<$tenantname>.onmicrosoft.com"
    

    Here is the document for more details

    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.