Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Teams > TeamsFederationConfiguration: not cloning #2576

Closed
archeedev opened this issue Nov 22, 2022 · 2 comments · Fixed by #2580 or #2584
Closed

Teams > TeamsFederationConfiguration: not cloning #2576

archeedev opened this issue Nov 22, 2022 · 2 comments · Fixed by #2580 or #2584
Labels
Bug Something isn't working Teams V1.22.1116.1 Version 1.22.1116.1

Comments

@archeedev
Copy link

archeedev commented Nov 22, 2022
edited
Loading

Trying to clone Teams settings.
I am using credentials-based auth as it is unclear whether certificate/thumbprint should or should not work.
It probably should according to the table https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/
but then there are posts here saying that not all functions are implemented, Graph API, etc.

I am mostly interested in TeamsFederationConfiguration workload.
In the source tenant I have some domains defined.
Destination is an empty tenant.

I am able to dump the source.
Compile MOF with dest credentails.

No errors on start-dsc.

I see config drift between tenants - which is correct:

Verbose logs showing the problem

<M365DSCEvent>
    <ConfigurationDrift Source="MSFT_TeamsFederationConfiguration">
        <ParametersNotInDesiredState>
            <Param Name="AllowPublicUsers"><CurrentValue>True</CurrentValue><DesiredValue>False</DesiredValue></Param>
            <Param Name="AllowTeamsConsumerInbound"><CurrentValue>True</CurrentValue><DesiredValue>False</DesiredValue></Param>
            <Param Name="AllowedDomains"><CurrentValue>AllowAllKnownDomains</CurrentValue><DesiredValue>Domain=swisscom.ch,Domain=facebook.com,Domain=gmail.com</DesiredValue></Param>
        </ParametersNotInDesiredState>
    </ConfigurationDrift>
    <DesiredValues>
        <Param Name ="Identity">Global</Param>
        <Param Name ="AllowFederatedUsers">True</Param>
        <Param Name ="AllowedDomains">Domain=swisscom.ch,Domain=facebook.com,Domain=gmail.com</Param>
        <Param Name ="BlockedDomains">$null</Param>
        <Param Name ="AllowPublicUsers">False</Param>
        <Param Name ="AllowTeamsConsumer">True</Param>
        <Param Name ="AllowTeamsConsumerInbound">False</Param>
        <Param Name ="Credential">System.Management.Automation.PSCredential</Param>
        <Param Name ="Verbose">True</Param>
    </DesiredValues>
</M365DSCEvent>

Problem

1
Nothing gets applied to the destination tenant.
Expected: external domains are added in the Teams Admin panel > Users > External access > Teams and Skype for Business users in external organizations ...

2
Does not work with credentials

Does not work with cert/thumbprint (Security Principal scenario)

4
I do not know if I have correct permissions set on Security Principal because

image

My question
Should that work? (with creds or certs / etc?)
Should Teams settings be applied?

The operating system the target node is running

OsName               : Microsoft Windows Server 2022 Standard Evaluation
OsOperatingSystemSKU : 79
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

Version     Name
-------     ----
1.3.0.6     DSCParser
3.0.0       ExchangeOnlineManagement
1.17.0      Microsoft.Graph.Applications
1.17.0      Microsoft.Graph.Authentication
1.17.0      Microsoft.Graph.DeviceManagement
1.17.0      Microsoft.Graph.DeviceManagement.Administration
1.17.0      Microsoft.Graph.DeviceManagement.Enrolment
1.17.0      Microsoft.Graph.Devices.CorporateManagement
1.17.0      Microsoft.Graph.Groups
1.17.0      Microsoft.Graph.Identity.DirectoryManagement
1.17.0      Microsoft.Graph.Identity.Governance
1.17.0      Microsoft.Graph.Identity.SignIns
1.17.0      Microsoft.Graph.Planner
1.17.0      Microsoft.Graph.Teams
1.17.0      Microsoft.Graph.Users
1.17.0      Microsoft.Graph.Users.Actions
2.0.154     Microsoft.PowerApps.Administration.PowerShell
1.22.1116.1 Microsoft365DSC
4.9.1       MicrosoftTeams
1.0.98      MSCloudLoginAssistant
1.12.0      PnP.PowerShell
2.0.0.13    ReverseDSC

LCM

image
@andikrueger andikrueger added Bug Something isn't working Teams V1.22.1116.1 Version 1.22.1116.1 labels Nov 22, 2022
@andikrueger
Copy link
Collaborator

This resource uses the Teams PowerShell to get and set the data. Recently the option to use a service principal was added to MS Teams. At the moment, service principal and credential based auth should be supported. I would go with credential based authentication (global admin) for this setting.

Did you use the global admin account for that?

@archeedev
Copy link
Author

Yes GA on both sides.

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Nov 22, 2022
@NikCharlebois
Fixes microsoft#2576
623643f
@NikCharlebois NikCharlebois mentioned this issue Nov 22, 2022
Merged
NikCharlebois added a commit that referenced this issue Nov 23, 2022
@NikCharlebois
Merge pull request #2580 from NikCharlebois/Fix-#2576
3314b6d 
Fixes #2576
@NikCharlebois NikCharlebois mentioned this issue Nov 23, 2022
Merged
@archeedev archeedev mentioned this issue Nov 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Teams V1.22.1116.1 Version 1.22.1116.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #2576 NikCharlebois/Microsoft365DSC
Release 1.22.1123.1 NikCharlebois/Microsoft365DSC
2 participants
@andikrueger @archeedev