Error while execution of custom command ms-graph

Question

We currently have a custom command implemented that sends a remove passcode command to a DEP managed iOS device. The script works fine when testing in the Adminstration console, but our help desk notified us about an error during the execution. This error seems to be related to the graph module installed on our Adaxes server. How to troubleshoot this? And what is the procedure to update the graph modules so Adaxes always uses the latest version?

Error during execution:

[UnknownError] : Stack trace: at Reset-MgDeviceManagementManagedDevicePasscode<Process>, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.DeviceManagement.Actions\2.19.0\exports\ProxyCmdletDefinitions.ps1: line 8397 at <ScriptBlock>, <No file>: line 50
Unlock passcode command sent to device with Serial

Addtional info: There are two folders in the module location Microsoft.Graph.DeviceManagement.Actions.

• 2.12.0
• 2.19.0

Custom command

Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Identity.SignIns
Import-Module Microsoft.Graph.DeviceManagement.Actions

# Get the Azure AD access token
$token = $Context.CloudServices.GetAzureAuthAccessToken("https://graph.microsoft.com")
$token = $token | ConvertTo-SecureString -AsPlainText -Force
Connect-MgGraph -AccessToken $token

# Get Microsoft 365 Object ID
try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    $Context.LogMessage("The user %fullname% doesn't have a Microsoft 365 account.", "Warning")
    return
}

#process the user
$user = Get-MgUser -UserId $objectId
$upn = $user.userprincipalname
$Context.LogMessage("$($UPN)", "information")

#get all devices of the user
$devices = Get-mgdevicemanagementManagedDevice -filter "UserPrincipalName eq '$UPN'"

#filter iOS DEP devices
$serial = "%param-serialnumber%"
$iOSDevices = $devices | where-Object{ $_.SerialNumber -eq "$serial"}
$Context.LogMessage("Device ID: $($iOSdevices.AzureADDeviceID), Device Name: $($iOSdevices.DeviceName), Manufacturer: $($iOSdevices.Manufacturer)", "Information")


#if no devices found
if ($iOSDevices.Count -eq 0){
    $Context.LogMessage("No Device found for this serial number $($Serial)", "warning")
}

Else{
    #get the object ID
    $IntuneDeviceID = $iOSDevices.AzureAdDeviceId
    $iOSDevices = get-MgDevice -filter "deviceID eq '$IntuneDeviceID'"
    $iOSDeviceID = $iOSDevices.Id

    # Wipe the device
    try
        {

            Reset-MgDeviceManagementManagedDevicePasscode -ManagedDeviceId $IntuneDeviceID
            $Context.LogMessage("Unlock passcode command sent to device with Serial $($serial)", "Warning")
        }
    catch
        {
            $Context.LogMessage("Failing to send Wipe command", "Warning")
            return
        }
}

Comments

Can't answer your specific question but you have a logic error in your code.

$iOSDevices = $devices | where-Object{ $_.SerialNumber -eq "$serial"}

...

#if no devices found
if ($iOSDevices.Count -eq 0){
    $Context.LogMessage("No Device found for this serial number $($Serial)", "warning")
}

If there are no devices matching the serial number, $iOSDevices will be null and therefore won't have a .Count property. Instead, change your if statement to

if ($null -eq $iOSDevices) { ... }

Answer 1

Hello Alex,

How to troubleshoot this?

Unfortunately, we were not able to find anything about the error. We can only state that it is not related to Adaxes itself. Most probably, it is related to the version of the PowerShell module in use. Installing the latest version of all the computers where Adaxes service runs should fix the issue.

And what is the procedure to update the graph modules so Adaxes always uses the latest version?

Unfortunately, there is no such procedure. The only option is to make sure that only the latest version of a PowerShell module is installed on the computers where Adaxes service runs. For details on how to check your Adaxes services, see https://www.adaxes.com/help/MultiServerEnvironment.