https://community.fabric.microsoft.com/t5/Developer/Adding-AD-Group-to-a-workspace-via-API/m-p/3094545#M41399 <P>I am trying to manage access to workspaces via API and AD (or AAD) Groups. I have a service principal with&nbsp;<SPAN>Tenant.ReadWrite.All permission granted</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BoNDoK00_0-1677129103014.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/876443iF9E40F6F545075BD/image-size/medium?v=v2&amp;px=400" role="button" title="BoNDoK00_0-1677129103014.png" alt="BoNDoK00_0-1677129103014.png" /></span></P><P>The service principal is <U><STRONG>not</STRONG></U> added to the workspace I try to modify.</P><P>&nbsp;</P><P>Here is what I tried with no success:</P><P><U><STRONG>Using PBI Cmdlets</STRONG></U></P><P>1. Login to PBI Service using a service principal</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">$clientId = "XXX" $tenantId = "XXX" $clientSecret = "XXX" $SecurePassword = ConvertTo-SecureString $clientSecret -Force -AsPlainText $servicePrincipal = New-Object -TypeName PSCredential ($clientId, $SecurePassword) Connect-PowerBIServiceAccount -ServicePrincipal -Credential $servicePrincipal -Environment Public -Tenant $tenantId</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>2. Use Cmdlets to add a group to a workspace</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">Add-PowerBIGroupUser -Scope Individual -AccessRight Admin -PrincipalType Group -Id &lt;WorkspaceID&gt; -Identifier &lt;AD Group Object ID&gt;</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;3. I receive this error:</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">Add-PowerBIGroupUser : Operation returned an invalid status code 'NotFound' At line:1 char:1 + Add-PowerBIGroupUser -Scope Individual -AccessRight Admin -Principal ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (Microsoft.Power...BIWorkspaceUser:AddPowerBIWorkspaceUser) [Add-PowerBIWorkspaceUser], HttpOperationException + FullyQualifiedErrorId : Operation returned an invalid status code 'NotFound',Microsoft.PowerBI.Commands.Workspaces.AddPowerBIWorkspaceUser</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;4. I add the service principal to the workspace as an admin, then remove it 5 seocnds later, and I do the same call as in step 2, it works!</P><P>Any idea why?&nbsp;</P> Thu, 23 Feb 2023 05:18:15 GMT BoNDoK00 2023-02-23T05:18:15Z https://community.fabric.microsoft.com/t5/Developer/Adding-AD-Group-to-a-workspace-via-API/m-p/3094545#M41399 <P>I am trying to manage access to workspaces via API and AD (or AAD) Groups. I have a service principal with&nbsp;<SPAN>Tenant.ReadWrite.All permission granted</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BoNDoK00_0-1677129103014.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/876443iF9E40F6F545075BD/image-size/medium?v=v2&amp;px=400" role="button" title="BoNDoK00_0-1677129103014.png" alt="BoNDoK00_0-1677129103014.png" /></span></P><P>The service principal is <U><STRONG>not</STRONG></U> added to the workspace I try to modify.</P><P>&nbsp;</P><P>Here is what I tried with no success:</P><P><U><STRONG>Using PBI Cmdlets</STRONG></U></P><P>1. Login to PBI Service using a service principal</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">$clientId = "XXX" $tenantId = "XXX" $clientSecret = "XXX" $SecurePassword = ConvertTo-SecureString $clientSecret -Force -AsPlainText $servicePrincipal = New-Object -TypeName PSCredential ($clientId, $SecurePassword) Connect-PowerBIServiceAccount -ServicePrincipal -Credential $servicePrincipal -Environment Public -Tenant $tenantId</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>2. Use Cmdlets to add a group to a workspace</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">Add-PowerBIGroupUser -Scope Individual -AccessRight Admin -PrincipalType Group -Id &lt;WorkspaceID&gt; -Identifier &lt;AD Group Object ID&gt;</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;3. I receive this error:</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">Add-PowerBIGroupUser : Operation returned an invalid status code 'NotFound' At line:1 char:1 + Add-PowerBIGroupUser -Scope Individual -AccessRight Admin -Principal ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (Microsoft.Power...BIWorkspaceUser:AddPowerBIWorkspaceUser) [Add-PowerBIWorkspaceUser], HttpOperationException + FullyQualifiedErrorId : Operation returned an invalid status code 'NotFound',Microsoft.PowerBI.Commands.Workspaces.AddPowerBIWorkspaceUser</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;4. I add the service principal to the workspace as an admin, then remove it 5 seocnds later, and I do the same call as in step 2, it works!</P><P>Any idea why?&nbsp;</P> Thu, 23 Feb 2023 05:18:15 GMT https://community.fabric.microsoft.com/t5/Developer/Adding-AD-Group-to-a-workspace-via-API/m-p/3094545#M41399 BoNDoK00 2023-02-23T05:18:15Z https://community.fabric.microsoft.com/t5/Developer/Adding-AD-Group-to-a-workspace-via-API/m-p/3102741#M41453 <P><FONT face="tahoma,arial,helvetica,sans-serif">Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/479142">@BoNDoK00</a>,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Have you re-input the credentials for other API usages? AFAIK, when you work with 'Service Principal' mode, the credential seems only work for the current API and not been kept to quick verify other API. You need to manually input credentials before API usages every time.</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Regards,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Xiaoxin Sheng</FONT></P> Tue, 28 Feb 2023 02:41:42 GMT https://community.fabric.microsoft.com/t5/Developer/Adding-AD-Group-to-a-workspace-via-API/m-p/3102741#M41453 Anonymous 2023-02-28T02:41:42Z