Problems with Powershell Script in 1-3-AnyOrgOrPersonal Tutorial

Question

After fighting to get some tutorial examples from 9781484250396 working, I learned that most of the examples required that I check the ID tokens feature for Implicit grant flow.

So I'm abandoning tutorials in the above book and I'm hoping 1-3-AnyOrgOrPersonal will demonstrate some good techniques with regard to security and ID tokens.

As per the directions I execute these commands:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
cd .\AppCreationScripts\
.\Configure.ps1

I'm getting errors. Is there a bug in this power shell script?

Thanks

Siegfried

Notes:
I am having trouble posting all the error message text -- this web site aborts my posts if they get too long.

This could be related to how-to-restore-original-default-aad-directory.html.

PS C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts> .\Configure.ps1
Import-Module : The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:152 char:1

• Import-Module AzureAD
• ~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ResourceUnavailable: (AzureAD:String) [Import-Module], FileNotFoundException
• FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:82 char:22

• $creds = Connect-AzureAD -Credential $Credential
• ~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Get-AzureADTenantDetail : The term 'Get-AzureADTenantDetail' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:95 char:15

• $tenant = Get-AzureADTenantDetail
• ~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Get-AzureADTenantDetail:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Get-AzureADUser : The term 'Get-AzureADUser' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:99 char:13

• $user = Get-AzureADUser -ObjectId $creds.Account.Id
• ~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Get-AzureADUser:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Creating the AAD application (WebApp)
New-AzureADApplication : The term 'New-AzureADApplication' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:103 char:28

• $webAppAadApplication = New-AzureADApplication -DisplayName "WebAp ...
• ~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (New-AzureADApplication:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

New-AzureADServicePrincipal : The term 'New-AzureADServicePrincipal' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:113 char:30

• $webAppServicePrincipal = New-AzureADServicePrincipal -AppId $curr ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (New-AzureADServicePrincipal:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Get-AzureADApplicationOwner : The term 'Get-AzureADApplicationOwner' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:116 char:13

• $owner = Get-AzureADApplicationOwner -ObjectId $webAppAadApplicati ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Get-AzureADApplicationOwner:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Add-AzureADApplicationOwner : The term 'Add-AzureADApplicationOwner' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:119 char:9

• Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.O ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Add-AzureADApplicationOwner:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Answer 1

Since I was worried that I might have forgotten my password, I logged out of hotmail and logged back in again and confirmed that I had not forgotten my password.

I finally got connect-AzureAD to work in elevated mode.

I believe I have restored the default directory as mentioned previously so this should not be causing any problem...
I have typed in all of Soumi's commands and I still get the same errors when I ".\Configure.ps" and I have carefully typed in my MSA credentials (which work with hotmail) several times now.

I tried to pick the simplest tutorial I could to demonstrate authentication with C# and my MSA. This example also does the "work or school feature" (is this also known as B2B?) and I'm not terribly interested in the "work or school feature" (yet).

Could the problem be that I need a premium azure account for this "work or school" featuer? If this is the problem, could someone recommend another minimal example that demonstrates authentication with a C#/.NETCore Web app for a MSA (like my hotmail account). After I get authentication with a MSA working, I'd like to try a tutorial that demonstrates giving the user a choice of MSA or google/facebook/github (I think this is B2C).

Here are the errors from ".\Configure.ps1" after typing Soumi's commands:

Get-AzureADTenantDetail : Error occurred while executing GetTenantDetails
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: 18d9126c-2a19-4610-9fc1-03ffcd493935
DateTimeStamp: Tue, 12 May 2020 20:37:01 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:95 char:15

• $tenant = Get-AzureADTenantDetail
• ~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : NotSpecified: (:) [Get-AzureADTenantDetail], ApiException
• FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetTenantDetails

Get-AzureADUser : Error occurred while executing GetUser
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: b7a6b8d7-a6f6-46a2-a4ea-d0b3eeaf728e
DateTimeStamp: Tue, 12 May 2020 20:37:01 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:99 char:13

• $user = Get-AzureADUser -ObjectId $creds.Account.Id
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
• FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

Creating the AAD application (WebApp)
New-AzureADApplication : Error occurred while executing NewApplication
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: be328ca7-8009-4589-befa-a895286123a1
DateTimeStamp: Tue, 12 May 2020 20:37:02 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:103 char:28

• ... webAppAadApplication = New-AzureADApplication -DisplayName "WebApp" `
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : NotSpecified: (:) [New-AzureADApplication], ApiException
• FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.NewApplication

Get-AzureADApplicationOwner : Cannot bind argument to parameter 'ObjectId' because it is null.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:116 char:51

• ... Get-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : InvalidData: (:) [Get-AzureADApplicationOwner], ParameterBindingValidationException
• FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.GetApplicationO
  wners

Add-AzureADApplicationOwner : Cannot bind argument to parameter 'ObjectId' because it is null.
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\C
onfigure.ps1:119 char:47

• ... reADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObj ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : InvalidData: (:) [Add-AzureADApplicationOwner], ParameterBindingValidationException
• FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.AddApplicationO
  wner

Answer 2

I see it gives me the options of using my github account. Here are the results:

When I tried using my github account, I got slightly different errors:

Connect-AzureAD : One or more errors occurred.: AADSTS90123: The token can't be issued because the identity or claim issuance provider denied the request. Response code: access_denied.
Trace ID: f52dec09-4bdf-49cc-b048-dc2606eb2800
Correlation ID: cdb9f696-2eae-4184-874b-495f46116ba9
Timestamp: 2020-05-13 17:39:27Z
At C:\Users\shein\Source\Repos\MicrosoftAADGitHubExamples\VariousSignInEg\1-WebApp-OIDC\1-3-AnyOrgOrPersonal\AppCreationScripts\Configure.ps1:82 char:22

• $creds = Connect-AzureAD -Credential $Credential
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
• FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Answer 3

See the parallel thread here: problems-with-powershell-script-in-13anyorgorpersonal-tutorial where Rich suggested I use another account (which is strange because only had one account and I assumed it was all powerfull).

When I created a global admin account, I was able to log in and the configure.ps1 script appears to have worked.

Someone should update the tutorials with this information.