Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`az ad user show` has an error when used with guest AAD account

See original GitHub issue

When I try to use az ad user show with a guest account, I get an error stating The specified api-version is invalid

az ad user show --upn-or-object-id 'testuser1_nobun.onmicrosoft.com#EXT#@microsoft.onmicrosoft.com'
The specified api-version is invalid. The value must exactly match a supported version.
Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/azure/cli/main.py", line 36, in main
    cmd_result = APPLICATION.execute(args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/application.py", line 212, in execute
    result = expanded_arg.func(params)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 377, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 630, in _execute_command
    raise client_exception
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 618, in _execute_command
    exception_handler(ex)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/util.py", line 49, in empty_on_404
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 602, in _execute_command
    result = op(client, **kwargs) if client else op(**kwargs)
  File "/opt/az/lib/python3.6/site-packages/azure/graphrbac/operations/users_operations.py", line 220, in get
    raise models.GraphErrorException(self._deserialize, response)
azure.graphrbac.models.graph_error.GraphErrorException: The specified api-version is invalid. The value must exactly match a supported version.

az ad user list is an acceptable workaround, so this is a non-blocking issue

az ad user list --upn 'testuser1_nobun.onmicrosoft.com#EXT#@microsoft.onmicrosoft.com'

az ad user show for a member originating in the same tenant works, so this seems to be isolated to certain accounts:

az ad user show --upn-or-object-id 'nobun@microsoft.com'

Environment summary

apt-get / 2.0.20 / Windows 10 Build 17017 / Bash on Windows

Full version info:

azure-cli (2.0.20)

acr (2.0.14)
acs (2.0.18)
appservice (0.1.19)
backup (1.0.2)
batch (3.1.6)
batchai (0.1.2)
billing (0.1.6)
cdn (0.0.10)
cloud (2.0.9)
cognitiveservices (0.1.9)
command-modules-nspkg (2.0.1)
component (2.0.8)
configure (2.0.12)
consumption (0.1.6)
container (0.1.12)
core (2.0.20)
cosmosdb (0.1.14)
dla (0.0.13)
dls (0.0.16)
eventgrid (0.1.5)
extension (0.0.5)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.11)
iot (0.1.13)
keyvault (2.0.13)
lab (0.0.12)
monitor (0.0.11)
network (2.0.17)
nspkg (3.0.1)
profile (2.0.15)
rdbms (0.0.8)
redis (0.2.10)
resource (2.0.17)
role (2.0.14)
servicefabric (0.0.5)
sql (2.0.14)
storage (2.0.18)
vm (2.0.17)

Python location '/opt/az/bin/python3'
Extensions directory '/home/noel/.azure/cliextensions'

Python (Linux) 3.6.1 (default, Oct 18 2017, 20:41:18)
[GCC 4.8.4]

Legal docs and information: aka.ms/AzureCliLegal

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:1
  • Comments:17 (17 by maintainers)

github_iconTop GitHub Comments

1reaction
yugangw-msftcommented, Oct 30, 2017

@lmazuel, this is not a CLI issue, rather the generated code doesn’t encode the # Could you please recommend what needs to be fixed, either at the graphrbac spec or the code-gen?

0reactions
yugangw-msftcommented, Jun 16, 2018

CLI has been updated to use newer graphrabc package. Please reactivate if you still see the issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

az ad user - Microsoft Learn
Show details for a Azure Active Directory user. ... It is used to associate an on-premises Active Directory user account with their Azure...
Read more >
Azure Guest Users - Risks and Security Considerations
Microsoft Azure has a tenant-level feature that allows all Azure Active Directory (AAD) members to create and invite guest users.
Read more >
I'm authenticated but "Please sign up before you can sign in"
Seems using B2C tenant won't need sign-up first, and AZ AD B2C does. But choosing a B2C tenant does not have App Registration...
Read more >
Manage Azure Active Directory (Azure AD) Users and Groups
Use 'az login --allow-no-subscriptions' to have tenant level access. REDACTED 'hashicorp.com' [ { "cloudName": "AzureCloud", ...
Read more >
AAD Support Notes – Random thoughts from an AAD support ...
These steps must be followed by a user who has a valid Guest\External account access to your Azure AD B2C tenant. Meaning, you...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[ML] Setup giving `BadRequest` error when trying to provision machine learning resource group

Next page

`az storage blob upload-batch`: cannot upload directories to $root container