Re: Connecting PowerBI from Power Shell without pr...

kranthi_sunkara · ‎05-12-2022

I am trying to connect powerBI from powershell. I created a service account in azure AD and enabled service prinicipal in powerBI under admin portal. I am using the below commands.

$password = "xxxx" | ConvertTo-SecureString -asPlainText -Force
$username = "xxxx"

$credential = New-Object System.Management.Automation.PSCredential($username, $password)
Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credential -TenantId "xxxx"

But I am getting the below error

WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 18:50:33 -
38e2e372-4bf9-4b59-bf89-d5a21444a81e] Request retry failed.
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 18:50:33 -
38e2e372-4bf9-4b59-bf89-d5a21444a81e] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: unauthorized_client
HTTP StatusCode 400
CorrelationId 38e2e372-4bf9-4b59-bf89-d5a21444a81e
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 18:50:33 -
38e2e372-4bf9-4b59-bf89-d5a21444a81e] Fetching a new AT failed. Is AAD down? False. Is there an AT in the cache that is
usable? False
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 18:50:33 -
38e2e372-4bf9-4b59-bf89-d5a21444a81e] Either the exception does not indicate a problem with AAD or the token cache does
not have an AT that is usable.
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 18:50:33 -
38e2e372-4bf9-4b59-bf89-d5a21444a81e] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: unauthorized_client
HTTP StatusCode 400
CorrelationId 38e2e372-4bf9-4b59-bf89-d5a21444a81e

I also tried running with application id. I got the below error.

$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $password
Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credential -TenantId "1d0c38ac-c828-4447-ac9a-f638ea212db2"

WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 19:08:46 -
76ce6781-9ddb-49d5-b5d7-e5f449dabea8] Request retry failed.
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 19:08:46 -
76ce6781-9ddb-49d5-b5d7-e5f449dabea8] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_request
HTTP StatusCode 400
CorrelationId 76ce6781-9ddb-49d5-b5d7-e5f449dabea8
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 19:08:46 -
76ce6781-9ddb-49d5-b5d7-e5f449dabea8] Fetching a new AT failed. Is AAD down? False. Is there an AT in the cache that is
usable? False
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 19:08:46 -
76ce6781-9ddb-49d5-b5d7-e5f449dabea8] Either the exception does not indicate a problem with AAD or the token cache does
not have an AT that is usable.
WARNING: (False) MSAL 4.25.0.0 MSAL.Desktop Microsoft Windows NT 10.0.19043.0 [05/12/2022 19:08:46 -
76ce6781-9ddb-49d5-b5d7-e5f449dabea8] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_request
HTTP StatusCode 400
CorrelationId 76ce6781-9ddb-49d5-b5d7-e5f449dabea8

kranthi_sunkara · ‎05-16-2022

Sorry I am new to PowerBI. I am not aware that I should use either of them. So, in order to use the client certificate, do I need to create it explicitly? For now, I am just trying with service prinicipal, tennent id and application id

Anonymous · ‎05-16-2022

If you're going to connect to the REST APIs using the service principal approach, when writing your scripts, you'll also need to supply the client secret or a certificate thumbprint. See the following article: Connect-PowerBIServiceAccount (MicrosoftPowerBIMgmt.Profile) | Microsoft Docs

kranthi_sunkara · ‎05-16-2022

I created a certificate thumbprint and passed with other parameters. But I encountered the below error. Is there any specific order for passing the parameters.

Command:

Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint xxxxxxxxxxx -ApplicationId xxxxxxxxxxx -Credential $credential -TenantId xxxxxxxxxxxxxx

=====================================================

Error:
Connect-PowerBIServiceAccount : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Connect-PowerBIServiceAccount], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerBI.Commands.Profile.ConnectPowerBIServiceAccount

Anonymous · ‎05-16-2022

You don't need the -Credential part. That's only if you're using the Application Secret approach. For me I had the following: Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint XXXXXXXXX -ApplicationId XXXXXX -Tenant XXXXXXXX

kranthi_sunkara · ‎05-16-2022

No luck for me 😞 Getting error again. Not sure if it needs any permissions.

Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint xxxx -ApplicationId xxxxxx -Tenant xxxxxxxxxx

Connect-PowerBIServiceAccount : One or more errors occurred.
At line:1 char:1
+ Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Power...IServiceAccount:ConnectPowerBIServiceAccount) [Connect-Po
werBIServiceAccount], AggregateException
+ FullyQualifiedErrorId : One or more errors occurred.,Microsoft.PowerBI.Commands.Profile.ConnectPowerBIServiceAcc
ount

Anonymous · ‎05-16-2022

If you haven't already, you'll need need to install that certificate at either the user level or machine level on the machine that's running that powershell script. My AD guy created a PFX export of the certificate and that was installed on the server that's running my script. I can't speak to how the export was created (that's certainly not my domain) but maybe you do.

kranthi_sunkara · ‎05-20-2022

I was able to login successfully without popup using the below command. For credentials, I used appid and secret as username and password.

Connect-PowerBIServiceAccount -ServicePrincipal -Credential $Creds -Tenant $TenantId

But now, I am having issues retrieving the workspace I need. I am trying to retrive my workspace using workspace id. But I am getting unauthorized error. Does the user I am using should be admin?

Get-PowerBIWorkspace -Id xxxxxxxxxx

Error:

Get-PowerBIWorkspace : Operation returned an invalid status code 'Unauthorized'
At line:1 char:1
+ Get-PowerBIWorkspace -Id xxxxxxxxxxxxx
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Power...owerBIWorkspace:GetPowerBIWorkspace) [Get-PowerBIWorkspace], HttpOperationException
+ FullyQualifiedErrorId : Operation returned an invalid status code 'Unauthorized',Microsoft.PowerBI.Commands.Workspaces.GetPowerBIWorkspace

Anonymous · ‎05-20-2022

If you haven't already, you'll need to add that app registration to an AD security group. Then, you'll need to add that security group in the Power BI Admin Portal under the Admin API settings.

kranthi_sunkara · ‎05-20-2022

It was added already.

When adding a service prinicipal to the workspace, does it require admin permissions?

Anonymous · ‎05-20-2022

If you're referring to Admin API permissions thorugh the App regisration then no. Don't add any API permissions. Microsoft specifically calls this out in one of their articles.

kranthi_sunkara · ‎05-24-2022

All good now. Everything working for me. Thanks for your help.

Anonymous · ‎05-24-2022

Good to hear. Happy to help.

kranthi_sunkara · ‎05-16-2022

Thanks. Let me try with client secret or a certificate thumbprint

Anonymous · ‎05-12-2022

I just got this working the other day with the service principal approach. Are you authenticating using a client secret or certificate? If using certificate, I might be able to provide some assistance.

Connecting PowerBI from Power Shell without prompting

Helpful resources

FabCon Global Hackathon

FabCon Atlanta 2026

FabCon is coming to Atlanta

Connecting PowerBI from Power Shell without prompting

Helpful resources

FabCon Global Hackathon

FabCon Atlanta 2026