Office 365 Connector does not sync group membership any more

Gregor · September 19, 2022, 3:02pm

Office-365-Connector used to sync UCS-groups to MS365, but does not any more. We hoped this would be healed with the Upgrade from UCS 4.4-9 to 5.0-2, but this was sadly not the case.

The log (see redacted version below) shows creation of a new user (“a.aaaaaaaaaaaaaa”) but then syncing groups (e.g. “sekretariat”) fails.

[Incidentally this test user “a.aaaaaaaaaaaaaa” was created in MS365 without getting a licence attached, although there are free licenses.]

Any ideas how to re-enable group syncing?

Thanks, Gregor

19.09.22 16:07:09.892 LISTENER 19.09.22 16:07:09.894 LISTENER Updating default
Portal data untouched
Updating umc
Portal data untouched
19.09.22 16:08:29.740 LDAP 19.09.22 16:08:29.745 LISTENER 19.09.22 16:08:29.766 LISTENER 19.09.22 16:07:09.894 LISTENER Updating default
Portal data untouched
Updating umc
Portal data untouched
19.09.22 16:08:29.740 LDAP 19.09.22 16:08:29.745 LISTENER 19.09.22 16:08:29.766 LISTENER 19.09.22 16:08:29.870 LISTENER 19.09.22 16:08:29.871 LISTENER 19.09.22 16:08:29.871 LISTENER 19.09.22 16:08:30.125 LISTENER 19.09.22 16:08:30.126 LISTENER 19.09.22 16:08:30.126 LISTENER 19.09.22 16:08:30.126 LISTENER 19.09.22 16:08:30.317 LISTENER 19.09.22 16:08:30.317 LISTENER 19.09.22 16:08:30.397 LISTENER 19.09.22 16:08:30.397 LISTENER 19.09.22 16:08:30.397 LISTENER 19.09.22 16:08:30.398 LISTENER 19.09.22 16:08:30.398 LISTENER 19.09.22 16:08:30.649 LISTENER 19.09.22 16:08:30.650 LISTENER 19.09.22 16:08:30.650 LISTENER 19.09.22 16:08:30.651 LISTENER 19.09.22 16:08:30.865 LISTENER 19.09.22 16:08:30.897 LISTENER 19.09.22 16:08:30.948 LISTENER 19.09.22 16:08:30.949 LISTENER 19.09.22 16:08:30.949 LISTENER 19.09.22 16:08:30.949 LISTENER 19.09.22 16:08:31.104 LISTENER 19.09.22 16:08:31.105 LISTENER HTTP response expected status: [204] ( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
( PROCESS ) : samba4-idmap: renaming entry for S-1-4-1483 to S-1-5-21-1732664294-487528853-3244829601-11467
( PROCESS ) : connecting to ldap://pdc.intern.izt.de:7389
( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
( PROCESS ) : office365-user: modify dn: ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=i> 19.09.22 16:07:09.892 LISTENER ( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
( PROCESS ) : samba4-idmap: renaming entry for S-1-4-1483 to S-1-5-21-1732664294-487528853-3244829601-11467
( PROCESS ) : connecting to ldap://pdc.intern.izt.de:7389
( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
( PROCESS ) : office365-user: modify dn: ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’
( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users {‘displayName’: ‘aaaa aaaaa’, ‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘businessPhones’: [’+4930xxxxxxx’], ‘city’: ‘Xxxxxx’, ‘givenName’: ‘aaaa’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘passwordProfile’: {‘password’: ‘******’, ‘forceChangePasswordNextSignInWithMfa’: False}, ‘postalCode’: ‘12345’, ‘streetAddress’: ‘Xxxxxxxxxxxxxxxx xx’, ‘surname’: ‘aaaaa’, ‘usageLocation’: ‘DE’, ‘userPrincipalName’: ‘a.aaaaa@izt.de’}
( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
( ERROR ) : o365(D): proxy settings: {}
( ERROR ) : o365(D): status: 201 (OK) (POST https://graph.microsoft.com/v1.0/users)
( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/subscribedSkus None
( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
( ERROR ) : o365(D): proxy settings: {}
( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/subscribedSkus)
( ERROR ) : o365(D): seats in subscriptions_online: [‘O365_BUSINESS_ESSENTIALS’]
( ERROR ) : o365(I): SubscriptionProfiles found for ‘a.aaaaaaaaaaaaaa’ (defaultADconnection): []
( ERROR ) : o365(W): No SubscriptionProfiles: using all available subscriptions (defaultADconnection).
( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense {‘addLicenses’: [{‘disabledPlans’: [], ‘skuId’: ‘3b555118-da6a-4418-894f-7df1e2096870’}], ‘removeLicenses’: []}
( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
( ERROR ) : o365(D): proxy settings: {}
( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense)
( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens {}
( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
( ERROR ) : o365(D): proxy settings: {}
( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens)
( ERROR ) : o365(I): User creation success. userPrincipalName: ‘a.aaaaa@izt.de’ objectId: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’ dn: uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de adconnection: defaultADconnection
( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=Domain Users,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
( ERROR ) : o365(D): proxy settings: {}
( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
( ERROR ) : o365(E): Error HTTP response status: 400

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“client-request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00016739”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:24 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:25”,
“request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“client-request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”
}
}
}

19.09.22 16:08:31.140 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:31.140 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:31.141 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:31.141 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:31.391 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:31.392 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“client-request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00010593”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:25 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:25”,
“request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“client-request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”
}
}
}

19.09.22 16:08:31.429 LISTENER ( PROCESS ) : updating ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ command m
19.09.22 16:08:31.444 LISTENER ( PROCESS ) : office365-group: modify dn: ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’
19.09.22 16:08:31.516 LISTENER ( ERROR ) : office365-group: dn=‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ command=‘m’
old={‘sambaGroupType’: [b’2’], ‘cn’: [b’sekretariat’], ‘univentionObjectType’: [b’groups/group’], ‘sambaSID’: [b’S-1-5-21-1732664294-487528853-3244829601-1052’], ‘gidNumber’: [b’1528’], ‘univentionGroupType’: [b’-2147483646’], ‘structuralObjectClass’: [b’posixGroup’], ‘entryUUID’: [b’66306c6e-c876-1036-89b2-35457651e44c’], ‘creatorsName’: [b’cn=admin,dc=intern,dc=izt,dc=de’], ‘createTimestamp’: [b’20170508201226Z’], ‘memberUid’: [b’x.xxxxx’, b’x.xxxxxx’, b’x.xxxx’, b’x.xxxxxxxx’, b’x.xxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’], ‘univentionOffice365ADConnectionAlias’: [b’defaultADconnection’], ‘objectClass’: [b’univentionOffice365’, b’sambaGroupMapping’, b’top’, b’univentionGroup’, b’univentionObject’, b’posixGroup’], ‘uniqueMember’: [b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’], ‘entryCSN’: [b’20220919140450.035400Z#000000#000#000000’], ‘modifiersName’: [b’uid=Administrator,cn=users,dc=intern,dc=izt,dc=de’], ‘modifyTimestamp’: [b’20220919140450Z’], ‘entryDN’: [b’cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’], ‘subschemaSubentry’: [b’cn=Subschema’], ‘hasSubordinates’: [b’FALSE’]}
new={‘sambaGroupType’: [b’2’], ‘cn’: [b’sekretariat’], ‘univentionObjectType’: [b’groups/group’], ‘sambaSID’: [b’S-1-5-21-1732664294-487528853-3244829601-1052’], ‘gidNumber’: [b’1528’], ‘univentionGroupType’: [b’-2147483646’], ‘structuralObjectClass’: [b’posixGroup’], ‘entryUUID’: [b’66306c6e-c876-1036-89b2-35457651e44c’], ‘creatorsName’: [b’cn=admin,dc=intern,dc=izt,dc=de’], ‘createTimestamp’: [b’20170508201226Z’], ‘memberUid’: [b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’a.aaaaaaaaaaaaaa’], ‘univentionOffice365ADConnectionAlias’: [b’defaultADconnection’], ‘objectClass’: [b’univentionOffice365’, b’sambaGroupMapping’, b’top’, b’univentionGroup’, b’univentionObject’, b’posixGroup’], ‘uniqueMember’: [b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’], ‘entryCSN’: [b’20220919140829.742104Z#000000#000#000000’], ‘modifiersName’: [b’uid=Administrator,cn=users,dc=intern,dc=izt,dc=de’], ‘modifyTimestamp’: [b’20220919140829Z’], ‘entryDN’: [b’cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’], ‘subschemaSubentry’: [b’cn=Subschema’], ‘hasSubordinates’: [b’FALSE’]}
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 161, in _handler
self._module_handler.modify(dn, old, new, self._saved_old_dn if self._rename else None)
File “/usr/lib/univention-directory-listener/system/office365-group.py”, line 84, in modify
self.connector.modify(old_udm_group=old_udm_group, new_udm_group=new_udm_group)
File “/usr/lib/python3/dist-packages/univention/office365/connector/connector.py”, line 893, in modify
if new_udm_group.in_azure() or
File “/usr/lib/python3/dist-packages/univention/office365/udmwrapper/udmobjects.py”, line 499, in in_azure
alias_users = set(x.lower() for x in univentionOffice365ADConnectionAlias.get(self.current_connection_alias))
AttributeError: ‘NoneType’ object has no attribute ‘get’
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 169, in _handler
self._module_handler.error_handler(dn, old, new, command, exc_type, exc_value, exc_traceback)
File “/usr/lib/python3/dist-packages/univention/listener/handler.py”, line 261, in error_handler
reraise(exc_type, exc_value, exc_traceback)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 161, in _handler
self._module_handler.modify(dn, old, new, self._saved_old_dn if self._rename else None)
File “/usr/lib/univention-directory-listener/system/office365-group.py”, line 84, in modify
self.connector.modify(old_udm_group=old_udm_group, new_udm_group=new_udm_group)
File “/usr/lib/python3/dist-packages/univention/office365/connector/connector.py”, line 893, in modify
if new_udm_group.in_azure() or
File “/usr/lib/python3/dist-packages/univention/office365/udmwrapper/udmobjects.py”, line 499, in in_azure
alias_users = set(x.lower() for x in univentionOffice365ADConnectionAlias.get(self.current_connection_alias))
AttributeError: ‘NoneType’ object has no attribute ‘get’
19.09.22 16:08:31.518 LISTENER ( WARN ) : handler: office365-group (failed)
19.09.22 16:08:31.552 LISTENER ( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
19.09.22 16:08:31.553 LISTENER ( PROCESS ) : office365-user: modify dn: ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users {‘displayName’: ‘aaaa aaaaa’, ‘id’: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’, ‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘businessPhones’: [’+4930xxxxxxx’], ‘city’: ‘Xxxxxx’, ‘givenName’: ‘aaaa’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘passwordProfile’: {‘password’: ‘******’, ‘forceChangePasswordNextSignInWithMfa’: False}, ‘postalCode’: ‘14129’, ‘streetAddress’: ‘Schopenhauerstr. 26’, ‘surname’: ‘aaaaa’, ‘usageLocation’: ‘DE’, ‘userPrincipalName’: ‘a.aaaaa@izt.de’}
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:31.848 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/users)
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/users/a.aaaaa@izt.de None
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:32.818 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/users/a.aaaaa@izt.de)
19.09.22 16:08:32.819 LISTENER ( ERROR ) : o365(D): GraphAPI: PATCH https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9 {‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘city’: ‘Xxxxxx’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘postalCode’: ‘14129’, ‘streetAddress’: ‘Schopenhauerstr. 26’, ‘usageLocation’: ‘DE’}
19.09.22 16:08:32.819 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:32.821 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:32.972 LISTENER ( ERROR ) : o365(D): status: 204 (OK) (PATCH https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9)
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/subscribedSkus None
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.198 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/subscribedSkus)
19.09.22 16:08:33.198 LISTENER ( ERROR ) : o365(D): seats in subscriptions_online: [‘O365_BUSINESS_ESSENTIALS’]
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(I): SubscriptionProfiles found for ‘a.aaaaaaaaaaaaaa’ (defaultADconnection): []
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(W): No SubscriptionProfiles: using all available subscriptions (defaultADconnection).
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense {‘addLicenses’: [{‘disabledPlans’: [], ‘skuId’: ‘3b555118-da6a-4418-894f-7df1e2096870’}], ‘removeLicenses’: []}
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:33.276 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense)
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens {}
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:33.528 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.752 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens)
19.09.22 16:08:33.752 LISTENER ( ERROR ) : o365(I): User creation success. userPrincipalName: ‘a.aaaaa@izt.de’ objectId: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’ dn: uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de adconnection: defaultADconnection
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=Domain Users,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:33.799 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.946 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:33.947 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“client-request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF000105AA”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:28 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:28”,
“request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“client-request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”
}
}
}

rest of log follows in follow up, since the log is too big

Gregor · September 19, 2022, 3:05pm

sorry to misuse this forum with the big log, but I see no possibility to attach a file…

In the ongoing saga of syncing the new accounts groups this is an interesting part, next line claims to add new member to goup “sekretariat” but this fails:

19.09.22 16:08:33.983 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:33.983 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:33.984 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:33.984 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:34.143 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:34.144 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“client-request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00016709”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:28 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:28”,
“request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“client-request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”
}
}
}

Updating default
Portal data untouched
Updating umc
Portal data untouched
zt,dc=de’
19.09.22 16:08:29.870 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users {‘displayName’: ‘aaaa aaaaa’, ‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘businessPhones’: [’+4930xxxxxxx’], ‘city’: ‘Xxxxxx’, ‘givenName’: ‘aaaa’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘passwordProfile’: {‘password’: ‘******’, ‘forceChangePasswordNextSignInWithMfa’: False}, ‘postalCode’: ‘12345’, ‘streetAddress’: ‘Xxxxxxxxxxxxxxxx xx’, ‘surname’: ‘aaaaa’, ‘usageLocation’: ‘DE’, ‘userPrincipalName’: ‘a.aaaaa@izt.de’}
19.09.22 16:08:29.871 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:29.871 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:30.125 LISTENER ( ERROR ) : o365(D): status: 201 (OK) (POST https://graph.microsoft.com/v1.0/users)
19.09.22 16:08:30.126 LISTENER ( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/subscribedSkus None
19.09.22 16:08:30.126 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:30.126 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:30.317 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/subscribedSkus)
19.09.22 16:08:30.317 LISTENER ( ERROR ) : o365(D): seats in subscriptions_online: [‘O365_BUSINESS_ESSENTIALS’]
19.09.22 16:08:30.397 LISTENER ( ERROR ) : o365(I): SubscriptionProfiles found for ‘a.aaaaaaaaaaaaaa’ (defaultADconnection): []
19.09.22 16:08:30.397 LISTENER ( ERROR ) : o365(W): No SubscriptionProfiles: using all available subscriptions (defaultADconnection).
19.09.22 16:08:30.397 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense {‘addLicenses’: [{‘disabledPlans’: [], ‘skuId’: ‘3b555118-da6a-4418-894f-7df1e2096870’}], ‘removeLicenses’: []}
19.09.22 16:08:30.398 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:30.398 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:30.649 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense)
19.09.22 16:08:30.650 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens {}
19.09.22 16:08:30.650 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:30.651 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:30.865 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens)
19.09.22 16:08:30.897 LISTENER ( ERROR ) : o365(I): User creation success. userPrincipalName: ‘a.aaaaa@izt.de’ objectId: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’ dn: uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de adconnection: defaultADconnection
19.09.22 16:08:30.948 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=Domain Users,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:30.949 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:30.949 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:30.949 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:31.104 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:31.105 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“client-request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00016739”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:24 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:25”,
“request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”,
“client-request-id”: “6807f390-b879-4111-a0b7-2610ac5ff3ba”
}
}
}

19.09.22 16:08:31.140 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:31.140 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:31.141 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:31.141 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:31.391 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:31.392 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“client-request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00010593”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:25 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:25”,
“request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”,
“client-request-id”: “c9bca6fb-d4c4-44c8-88f8-d24f558e4076”
}
}
}

19.09.22 16:08:31.429 LISTENER ( PROCESS ) : updating ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ command m
19.09.22 16:08:31.444 LISTENER ( PROCESS ) : office365-group: modify dn: ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’
19.09.22 16:08:31.516 LISTENER ( ERROR ) : office365-group: dn=‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ command=‘m’
old={‘sambaGroupType’: [b’2’], ‘cn’: [b’sekretariat’], ‘univentionObjectType’: [b’groups/group’], ‘sambaSID’: [b’S-1-5-21-1732664294-487528853-3244829601-1052’], ‘gidNumber’: [b’1528’], ‘univentionGroupType’: [b’-2147483646’], ‘structuralObjectClass’: [b’posixGroup’], ‘entryUUID’: [b’66306c6e-c876-1036-89b2-35457651e44c’], ‘creatorsName’: [b’cn=admin,dc=intern,dc=izt,dc=de’], ‘createTimestamp’: [b’20170508201226Z’], ‘memberUid’: [b’x.xxxxx’, b’x.xxxxxx’, b’x.xxxx’, b’x.xxxxxxxx’, b’x.xxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’], ‘univentionOffice365ADConnectionAlias’: [b’defaultADconnection’], ‘objectClass’: [b’univentionOffice365’, b’sambaGroupMapping’, b’top’, b’univentionGroup’, b’univentionObject’, b’posixGroup’], ‘uniqueMember’: [b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’], ‘entryCSN’: [b’20220919140450.035400Z#000000#000#000000’], ‘modifiersName’: [b’uid=Administrator,cn=users,dc=intern,dc=izt,dc=de’], ‘modifyTimestamp’: [b’20220919140450Z’], ‘entryDN’: [b’cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’], ‘subschemaSubentry’: [b’cn=Subschema’], ‘hasSubordinates’: [b’FALSE’]}
new={‘sambaGroupType’: [b’2’], ‘cn’: [b’sekretariat’], ‘univentionObjectType’: [b’groups/group’], ‘sambaSID’: [b’S-1-5-21-1732664294-487528853-3244829601-1052’], ‘gidNumber’: [b’1528’], ‘univentionGroupType’: [b’-2147483646’], ‘structuralObjectClass’: [b’posixGroup’], ‘entryUUID’: [b’66306c6e-c876-1036-89b2-35457651e44c’], ‘creatorsName’: [b’cn=admin,dc=intern,dc=izt,dc=de’], ‘createTimestamp’: [b’20170508201226Z’], ‘memberUid’: [b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’x.xxxxxx’, b’a.aaaaaaaaaaaaaa’], ‘univentionOffice365ADConnectionAlias’: [b’defaultADconnection’], ‘objectClass’: [b’univentionOffice365’, b’sambaGroupMapping’, b’top’, b’univentionGroup’, b’univentionObject’, b’posixGroup’], ‘uniqueMember’: [b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=x.xxxxx,cn=users,dc=intern,dc=izt,dc=de’, b’uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’], ‘entryCSN’: [b’20220919140829.742104Z#000000#000#000000’], ‘modifiersName’: [b’uid=Administrator,cn=users,dc=intern,dc=izt,dc=de’], ‘modifyTimestamp’: [b’20220919140829Z’], ‘entryDN’: [b’cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’], ‘subschemaSubentry’: [b’cn=Subschema’], ‘hasSubordinates’: [b’FALSE’]}
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 161, in _handler
self._module_handler.modify(dn, old, new, self._saved_old_dn if self._rename else None)
File “/usr/lib/univention-directory-listener/system/office365-group.py”, line 84, in modify
self.connector.modify(old_udm_group=old_udm_group, new_udm_group=new_udm_group)
File “/usr/lib/python3/dist-packages/univention/office365/connector/connector.py”, line 893, in modify
if new_udm_group.in_azure() or
File “/usr/lib/python3/dist-packages/univention/office365/udmwrapper/udmobjects.py”, line 499, in in_azure
alias_users = set(x.lower() for x in univentionOffice365ADConnectionAlias.get(self.current_connection_alias))
AttributeError: ‘NoneType’ object has no attribute ‘get’
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 169, in _handler
self._module_handler.error_handler(dn, old, new, command, exc_type, exc_value, exc_traceback)
File “/usr/lib/python3/dist-packages/univention/listener/handler.py”, line 261, in error_handler
reraise(exc_type, exc_value, exc_traceback)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/univention/listener/api_adapter.py”, line 161, in _handler
self._module_handler.modify(dn, old, new, self._saved_old_dn if self._rename else None)
File “/usr/lib/univention-directory-listener/system/office365-group.py”, line 84, in modify
self.connector.modify(old_udm_group=old_udm_group, new_udm_group=new_udm_group)
File “/usr/lib/python3/dist-packages/univention/office365/connector/connector.py”, line 893, in modify
if new_udm_group.in_azure() or
File “/usr/lib/python3/dist-packages/univention/office365/udmwrapper/udmobjects.py”, line 499, in in_azure
alias_users = set(x.lower() for x in univentionOffice365ADConnectionAlias.get(self.current_connection_alias))
AttributeError: ‘NoneType’ object has no attribute ‘get’
19.09.22 16:08:31.518 LISTENER ( WARN ) : handler: office365-group (failed)
19.09.22 16:08:31.552 LISTENER ( PROCESS ) : updating ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ command m
19.09.22 16:08:31.553 LISTENER ( PROCESS ) : office365-user: modify dn: ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users {‘displayName’: ‘aaaa aaaaa’, ‘id’: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’, ‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘businessPhones’: [’+4930xxxxxxx’], ‘city’: ‘Xxxxxx’, ‘givenName’: ‘aaaa’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘passwordProfile’: {‘password’: ‘******’, ‘forceChangePasswordNextSignInWithMfa’: False}, ‘postalCode’: ‘14129’, ‘streetAddress’: ‘Schopenhauerstr. 26’, ‘surname’: ‘aaaaa’, ‘usageLocation’: ‘DE’, ‘userPrincipalName’: ‘a.aaaaa@izt.de’}
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:31.641 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:31.848 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/users)
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/users/a.aaaaa@izt.de None
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:31.849 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:32.818 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/users/a.aaaaa@izt.de)
19.09.22 16:08:32.819 LISTENER ( ERROR ) : o365(D): GraphAPI: PATCH https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9 {‘mailNickname’: ‘a.aaaaa’, ‘accountEnabled’: True, ‘city’: ‘Xxxxxx’, ‘onPremisesImmutableId’: ‘MTRmYzQ1YmMtY2M3MC0xMDNjLTg2YjktZDVjMzQ4MmRjZTQw’, ‘otherMails’: [‘a.aaaaa@izt.de’], ‘postalCode’: ‘14129’, ‘streetAddress’: ‘Schopenhauerstr. 26’, ‘usageLocation’: ‘DE’}
19.09.22 16:08:32.819 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:32.821 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:32.972 LISTENER ( ERROR ) : o365(D): status: 204 (OK) (PATCH https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9)
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): GraphAPI: GET https://graph.microsoft.com/v1.0/subscribedSkus None
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:32.973 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.198 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (GET https://graph.microsoft.com/v1.0/subscribedSkus)
19.09.22 16:08:33.198 LISTENER ( ERROR ) : o365(D): seats in subscriptions_online: [‘O365_BUSINESS_ESSENTIALS’]
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(I): SubscriptionProfiles found for ‘a.aaaaaaaaaaaaaa’ (defaultADconnection): []
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(W): No SubscriptionProfiles: using all available subscriptions (defaultADconnection).
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense {‘addLicenses’: [{‘disabledPlans’: [], ‘skuId’: ‘3b555118-da6a-4418-894f-7df1e2096870’}], ‘removeLicenses’: []}
19.09.22 16:08:33.275 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:33.276 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/assignLicense)
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens {}
19.09.22 16:08:33.527 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-6KqTymn7MQ. It is valid until 2022-09-19 17:01:20
19.09.22 16:08:33.528 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.752 LISTENER ( ERROR ) : o365(D): status: 200 (OK) (POST https://graph.microsoft.com/v1.0/users/10c4869b-ac02-4b77-899e-4dd56e5ea2c9/invalidateAllRefreshTokens)
19.09.22 16:08:33.752 LISTENER ( ERROR ) : o365(I): User creation success. userPrincipalName: ‘a.aaaaa@izt.de’ objectId: ‘10c4869b-ac02-4b77-899e-4dd56e5ea2c9’ dn: uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de adconnection: defaultADconnection
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=Domain Users,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:33.798 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:33.799 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:33.946 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:33.947 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“client-request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF000105AA”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:28 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:28”,
“request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”,
“client-request-id”: “7fcf8054-55c0-433f-b5a3-a7f51605bd81”
}
}
}

19.09.22 16:08:33.983 LISTENER ( ERROR ) : o365(I): Create: Add member ‘uid=a.aaaaaaaaaaaaaa,cn=users,dc=intern,dc=izt,dc=de’ to group ‘cn=sekretariat,cn=groups,dc=intern,dc=izt,dc=de’ in alias ‘defaultADconnection’
19.09.22 16:08:33.983 LISTENER ( ERROR ) : o365(D): GraphAPI: POST https://graph.microsoft.com/v1.0/groups/None/members/$ref {’@odata.id’: ‘https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9’}
19.09.22 16:08:33.984 LISTENER ( ERROR ) : o365(D): The access token for defaultADconnection looks similar to: eyJ0eXAiOi-trimmed-L2e5pQa5NA. It is valid until 2022-09-19 17:01:21
19.09.22 16:08:33.984 LISTENER ( ERROR ) : o365(D): proxy settings: {}
19.09.22 16:08:34.143 LISTENER ( ERROR ) : o365(D): status: 400 (FAIL) (POST https://graph.microsoft.com/v1.0/groups/None/members/$ref)
19.09.22 16:08:34.144 LISTENER ( ERROR ) : o365(E): Error HTTP response status: 400
HTTP response expected status: [204]

request url: https://graph.microsoft.com/v1.0/groups/None/members/$ref

request header: {
“User-Agent”: “Univention Microsoft 365 Connector”,
“Accept-Encoding”: “gzip, deflate”,
“Accept”: “/”,
“Connection”: “keep-alive”,
“Content-Type”: “application/json”,
“Authorization”: “XXX”,
“Content-Length”: “103”
}

request body: {
“@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/10c4869b-ac02-4b77-899e-4dd56e5ea2c9”
}

response header: {
“Cache-Control”: “no-cache”,
“Transfer-Encoding”: “chunked”,
“Content-Type”: “application/json”,
“Content-Encoding”: “gzip”,
“Vary”: “Accept-Encoding”,
“Strict-Transport-Security”: “max-age=31536000”,
“request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“client-request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“x-ms-ags-diagnostic”: “{“ServerInfo”:{“DataCenter”:“West Europe”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“000”,“RoleInstance”:“AM1PEPF00016709”}}”,
“x-ms-resource-unit”: “1”,
“Date”: “Mon, 19 Sep 2022 14:08:28 GMT”
}

response body: {
“error”: {
“code”: “Request_BadRequest”,
“message”: “Invalid object identifier ‘None’.”,
“innerError”: {
“date”: “2022-09-19T14:08:28”,
“request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”,
“client-request-id”: “5c899fdf-feb7-4575-8372-4d9fe9ddcd0c”
}
}
}

Updating default
Portal data untouched
Updating umc
Portal data untouched

Any ideas how to re-enable group syncing?

Thanks, Gregor