The Directory Sync API is implemented in https://github.com/Gerenios/AADInternals/blob/master/AzureADConnectAPI.ps1
In all its functions, it expects a token for graph.windows.net, for example:
|
$AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" |
However, as I've explained in a recent post, this API also accepts tokens for the "Microsoft Entra AD Synchronization Service" app (ID=6bf85cfa-ac8a-4be5-b5de-425a0d0dc016) so I suggest to accept such tokens too
In the mean time, I managed to cheat by adding -Force:$True, like this:
$AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" -Force:$True
The Directory Sync API is implemented in https://github.com/Gerenios/AADInternals/blob/master/AzureADConnectAPI.ps1
In all its functions, it expects a token for
graph.windows.net, for example:AADInternals/AzureADConnectAPI.ps1
Line 78 in 6c27b24
However, as I've explained in a recent post, this API also accepts tokens for the "Microsoft Entra AD Synchronization Service" app (ID=
6bf85cfa-ac8a-4be5-b5de-425a0d0dc016) so I suggest to accept such tokens tooIn the mean time, I managed to cheat by adding -Force:$True, like this: