You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if (-not ($PasswordExpirationPolicy.state-eq'disabled'-or$null-eq$PasswordExpirationPolicy.state)) {
@@ -93,7 +93,9 @@ function New-CIPPAPIConfig {
93
93
$APIPassword=New-GraphPOSTRequest-uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword"-AsApp $true-NoAuthCheck $true-type POST -body $PasswordBody-maxRetries 3
94
94
break
95
95
} catch {
96
+
$ExceptionMessage=$_.Exception.Message
96
97
$IsNotReplicatedYet=$_.Exception.Message-match"Resource '.*' does not exist or one of its queried reference-property objects are not present"
98
+
$IsCredentialPolicyBlocked=$ExceptionMessage-match'Credential type not allowed as per assigned policy'
97
99
if ($IsNotReplicatedYet-and$Attempt-lt6) {
98
100
$DelaySeconds=3
99
101
Write-Information"Application object not yet replicated for addPassword (attempt $Attempt of 6). Retrying in $DelaySeconds second(s)."
@@ -105,6 +107,14 @@ function New-CIPPAPIConfig {
105
107
}
106
108
continue
107
109
}
110
+
111
+
if ($IsCredentialPolicyBlocked-and$Attempt-lt6) {
112
+
$DelaySeconds= [Math]::Min(30,5*$Attempt)
113
+
Write-Information"Credential policy still blocks addPassword (attempt $Attempt of 6). Waiting for policy propagation and retrying in $DelaySeconds second(s)."
114
+
Start-Sleep-Seconds $DelaySeconds
115
+
continue
116
+
}
117
+
108
118
throw
109
119
}
110
120
}
@@ -167,7 +177,7 @@ function New-CIPPAPIConfig {
167
177
} catch {
168
178
if ($Attempt-lt6) {
169
179
Start-Sleep-Seconds 3
170
-
Write-Information"Retrying service principal creation for AppId $($APIApp.appId) (attempt $Attempt of 6) after failure: $($_.Exception.Message)"
180
+
Write-Information"Retrying service principal creation for AppId $($APIApp.appId) (attempt $Attempt of 6) after failure: $($_.Exception.Message)"
0 commit comments