0

I am having trouble resolving the following error in a Powershell Script in Azure Pipelines:

Cannot find type [Microsoft.Open.AzureAD.Model.RequiredResourceAccess]: verify that the assembly containing this type is loaded.

The context is as follows:

I have written a script that creates and hooks up the Azure AD App Registration for a web application. I don't want to have to go into the portal and manually delegate that permission, so I am attempting to add a section to my script that will identify the graph API delegated permission that I need to login a user ("User.Read") and automatically assign it to the App Registration.

The following script works if I run it directly in the Azure Portal Cloud Shell:

Write-Output "No App Registration found.  We need to create one."
New-AzADApplication -DisplayName $AppService -IdentifierUris "http://$AppService"
Get-AzADApplication -DisplayName $AppService | Update-AzADApplication -ReplyUrl @("https://$AppService.azurewebsites.net/$LoginRoute", "https://$HostName/$LoginRoute")
$reg = Get-AzADApplication -DisplayName $($AppService)

Write-Output "Now we need to give the app permissions."
# We need to give the app permission to read the user profile
$graphPerms = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$graphPerms.ResourceAppId = "00000003-0000-0000-c000-000000000000" # graph id, not app registration id
$readUser = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess"
$readUser.Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # this is the permanent GUID of the User.Read permission in Graph
$readUser.Type = "Role"
$graphPerms.ResourceAccess = $readUser
Set-AzureADApplication -ObjectId $reg.ObjectId -RequiredResourceAccess $graphPerms

However, when I try to run it through the Pipelines Azure Powershell release task, it gives me that "Cannot find type" error.

So, I know what "Cannot find type" means, my question is why is that not available to Pipelines but it is to the Azure Portal Cloud Shell?

And, as an obvious follow-up, is there anything obvious that I am missing that I should try as far as making that type available to my script?

Improve this question
2
  • If the same result persists even in Azure Powershell task, the cause of the issue could be lack of azure ad module. Commented May 21, 2020 at 2:54
  • Hi friend, could my answer help to resolve your puzzle and the issue? Any update feel free to let me know~ Commented May 22, 2020 at 4:01

1 Answer 1

Reset to default
1

So, I know what "Cannot find type" means, my question is why is that not available to Pipelines but it is to the Azure Portal Cloud Shell?

1.The Azure Portal Cloud Shell from Azure contains the required Azure-related modules so you can easily do that using Azure Portal Cloud Shell.

2.Powershell task is a simple powershell task in Azure Devops Service(Azure Devops Service is different product from Azure) which doesn't contain those az modules by default.

3.Comparing with Powershell task, Azure Powershell task contains some az modules by default:

Azure PowerShell task uses Azure/AzureRM/Az PowerShell Module to interact with Azure Subscription.

But it doesn't contain the AzureAD module which the missing type belongs to. That's why you get cannot find type error in Azure Devops pipeline.

And, as an obvious follow-up, is there anything obvious that I am missing that I should try as far as making that type available to my script?

A quick workaround is to install the missing AzureAD module. Try something like this:

Install-Module AzureAD -Scope CurrentUser -Force

Import-Module AzureAD -Force

$graphPerms = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"

Install and then import the module at the start of your script. The issue would go away. (I tested it using VS2017-windows2016 hosted agent with PS task)

Hope it helps :)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am going to test this today and I'll let you know if it solved the problem. But, yes, I am using the Azure Powershell task.
Just want to add a gotcha that I discovered: "CurrentUser" (with the quotes) is syntactically valid. But then it leads to the module being unavailable for import.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.