Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
Anonymous
Not applicable

[HELP!] Powershell Automation Script to add group to PowerBI Workspaces with a service principal

‎05-29-2024 05:59 AM

Hi !

I am trying to automate a PowerBI task using a service principal.

With a powershell script i want to add a group to all the workspaces in my organization. 

I am using :

Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credential -Tenant $tenant 

To connect with my service principal which works.
And then i want to retrieve all my workspaces by using :

 

Get-PowerBIWorkspace -All -Scope Organization -Type Workspace -Include All

But it doesn't work....

Error :

Failed to connect or retrieve workspaces: Operation returned an invalid status code 'Unauthorized'

It works if i don't put the -Scope Organization but in my case i want ALL the workspaces...

I made sure that the group and service principal got all the permissions in powerbi tenant or api settings as well. 
They are literally Admin of the organization...

So if anyone know how to do it or want to help, feel free to talk !

Thanks.



Labels:
Message 1 of 7
474 Views
0
6 REPLIES 6
GilbertQ
Super User
Super User

‎05-30-2024 05:39 PM

Hi @Anonymous 


Just to confirm you also have added the permissions in the Power BI Admin Portal Tenant settings?

 

GilbertQ_0-1717115944716.png

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 4 of 7
405 Views
Anonymous
Not applicable
In response to GilbertQ

‎05-31-2024 12:05 AM

Hi @GilbertQ,

Yes i have added my security group that contains my service principal into this setting and also added all API permissions to the service principal app (only delegated ones)...
Can it maybe be that the functionnality to retrieve all the workspaces as a service principal with the API is impossible right now ? I mean we can retrieve all the workspaces he is in but not as an admin even if he got the privileges ?

Thanks,
Best regards,
Quentin Michelix.

Message 5 of 7
395 Views
GilbertQ
Super User
Super User
In response to Anonymous

‎06-03-2024 12:25 AM

Hi @Anonymous 

 

This is certainly possible as I do this every day for  some of my clients.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 6 of 7
370 Views
0
Anonymous
Not applicable
In response to GilbertQ

‎06-03-2024 12:49 AM

Hi @GilbertQ ,

Do you mean that it is possible to retrieve all the workspaces in the organization with a service principal ? Or that there are limitations with the APIs when it's a service principal ?

Message 7 of 7
352 Views
0
Anonymous
Not applicable

‎05-30-2024 01:47 AM

Hi @GilbertQ !

Thanks for helping, so i tried and it returns me this error :

Line |
29 | … sResponse = Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Encountered errors when invoking the command: { "code": "PowerBINotAuthorizedException", "pbi.error": {
| "code": "PowerBINotAuthorizedException", "parameters": {}, "details": [], "exceptionCulprit": 1 } }

But i don't know why "PowerBINotAuthorizedException". The security group and the service principal got all the access to PowerBI and permissions in azure/microsoft 365...

Here's my code :

 

 

# Authenticate with Service Principal
try {
    $secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($clientId, $secureSecret)
    Connect-PowerBIServiceAccount 
    Write-Host "Connected to Power BI Service Account successfully" -ForegroundColor Green
} catch {
    Write-Host "Failed to connect to Power BI Service Account: $_" -ForegroundColor Red
    exit
}

# Use the Admin API to retrieve all workspaces
try {
    $url = "https://api.powerbi.com/v1.0/myorg/admin/groups?\$top=5000"
    $workspacesResponse = Invoke-PowerBIRestMethod -Url $url -Method GET
    $workspaces = $workspacesResponse.value
    Write-Host "Retrieved workspaces successfully" -ForegroundColor Green
    $workspaces | Format-Table Id, Name
} catch {
    Write-Host "Failed to connect or retrieve workspaces: $_" -ForegroundColor Red
    Write-Host "Detail: $_.Exception.Message" -ForegroundColor Red
    Disconnect-PowerBIServiceAccount
    exit
}

Write-Host "=================================================================================================================================="
Write-Host "Found a total of $($workspaces.Count) workspaces..."
Write-Host "=================================================================================================================================="

 

 

So it doesn't happen if i don't put the admin in the url but it will retrieve me only workspaces where the group is (not what i want)..
and with a token :

 

# Authenticate with Service Principal
try {
    $secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($clientId, $secureSecret)
    
    Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credential -TenantId $tenant
    Write-Host "Connected to Power BI Service Account successfully" -ForegroundColor Green
} catch {
    Write-Host "Failed to connect to Power BI Service Account: $_" -ForegroundColor Red
    exit
}

# Obtain access token using client credentials flow for Power BI API
$body = @{
    grant_type    = "client_credentials"
    client_id     = $clientId
    client_secret = $clientSecret
    scope         = "https://analysis.windows.net/powerbi/api/.default"
}

try {
    $tokenResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenant/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body
    $accessToken = $tokenResponse.access_token
    Write-Host "Obtained access token successfully" -ForegroundColor Green
} catch {
    Write-Host "Failed to obtain access token: $_" -ForegroundColor Red
    exit
}

$headers = @{
    Authorization = "Bearer $accessToken"
}

# Retrieve all workspaces using Admin API
try {
    $url = "https://api.powerbi.com/v1.0/myorg/groups?\$top=5000"
    $workspacesResponse = Invoke-RestMethod -Uri $url -Headers $headers -Method Get
    $workspaces = $workspacesResponse.value
    Write-Host "Retrieved workspaces successfully" -ForegroundColor Green
    $workspaces | Format-Table Id, Name
} catch {
    Write-Host "Failed to connect or retrieve workspaces: $_" -ForegroundColor Red
    Write-Host "Detail: $_.Exception.Message" -ForegroundColor Red
    Disconnect-PowerBIServiceAccount
    exit
}

Write-Host "=================================================================================================================================="
Write-Host "Found a total of $($workspaces.Count) workspaces..."
Write-Host "=================================================================================================================================="

 



Thanks..
Best Regards,
Quentin Michelix.

Message 3 of 7
415 Views
GilbertQ
Super User
Super User

‎05-29-2024 02:56 PM

Hi @Anonymous 

 

What if you rather use the REST API in PowerShell and use this REST API

Admin - Groups GetGroupsAsAdmin - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

After authenticating try

 

Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/admin/groups?$top=5000" -Method GET




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 7
438 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Kudoed Authors
View All