starred/Set-OutlookSignatures-Set-OutlookSignatures
1
0
Fork 0
mirror of https://github.com/Set-OutlookSignatures/Set-OutlookSignatures.git synced 2026-04-26 10:45:52 +03:00
Code Issues Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #96] Script is getting "Currently logged-in user" wrong? #39

New issue
Closed
opened 2026-02-27 20:30:56 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 20:30:56 +03:00
Owner
Copy link

Originally created by @derGali on GitHub (Nov 24, 2023).
Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/96

Hello there,
I just discovered this project and would like to implement it for our company (being the administrator).
Exchange online, local AD, synced attributes.

Trying the quick start guide, I get the following problem when running "powershell.exe -file "Set-OutlookSignatures.ps1" for the first time.

Get AD properties of currently logged-in user and assigned manager @2023-11-24T13:23:07+01:00@
Currently logged-in user
Set up environment for connection to Microsoft Graph @2023-11-24T13:23:11+01:00@
Execute config file 'C:\Users\derGali\Downloads\Set-OutlookSignatures_v4.8.0\config\default graph config.ps1'
MSAL.PS Graph token cache: 'C:\Users\derGali\AppData\Local\MSAL.PS\MSAL.PS.msalcache.bin3'
Problem getting data for 'MYMS365ADMINUSER@tenant.onmicrosoft.com' from Microsoft Graph. Exit.
Invoke-RestMethod : Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
In C:\Users\derGali\Downloads\Set-OutlookSignatures_v4.8.0\Set-OutlookSignatures.ps1:5397 Zeichen:39
+ $local:pagedResults = Invoke-RestMethod @requestBody
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Clean-up @2023-11-24T13:23:30+01:00@

Why does the script think the "currently logged-in user" is my seperate ms365-admin user (without a mailbox or even license) when this user is currently not logged in windows locally nor in any browser?

I also tried the del "%LocalAppData%\MSAL.PS\MSAL.PS.msalcache.bin3" command already.

What am I doing wrong?

(in simulation mode, with my correct user, it works!)

Originally created by @derGali on GitHub (Nov 24, 2023). Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/96 Hello there, I just discovered this project and would like to implement it for our company (being the administrator). Exchange online, local AD, synced attributes. Trying the quick start guide, I get the following problem when running "powershell.exe -file "Set-OutlookSignatures.ps1" for the first time. <code>Get AD properties of currently logged-in user and assigned manager @2023-11-24T13:23:07+01:00@ Currently logged-in user Set up environment for connection to Microsoft Graph @2023-11-24T13:23:11+01:00@ Execute config file 'C:\Users\derGali\Downloads\Set-OutlookSignatures_v4.8.0\config\default graph config.ps1' MSAL.PS Graph token cache: 'C:\Users\derGali\AppData\Local\MSAL.PS\MSAL.PS.msalcache.bin3' Problem getting data for 'MYMS365ADMINUSER@tenant.onmicrosoft.com' from Microsoft Graph. Exit. Invoke-RestMethod : Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. In C:\Users\derGali\Downloads\Set-OutlookSignatures_v4.8.0\Set-OutlookSignatures.ps1:5397 Zeichen:39 \+ $local:pagedResults = Invoke-RestMethod @requestBody \+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc eption \+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand Clean-up @2023-11-24T13:23:30+01:00@ </code> Why does the script think the "currently logged-in user" is my seperate ms365-admin user (without a mailbox or even license) when this user is currently not logged in windows locally nor in any browser? I also tried the `del "%LocalAppData%\MSAL.PS\MSAL.PS.msalcache.bin3"` command already. What am I doing wrong? (in simulation mode, with my correct user, it works!)
kerem closed this issue 2026-02-27 20:30:56 +03:00
kerem commented 2026-02-27 20:30:57 +03:00
Author
Owner
Copy link

@GruberMarkus commented on GitHub (Nov 24, 2023):

Hi @derGali,

this can't be answered definitely without the verbose output of the script.

From your description and the partial script output, the most likely is the following:

  1. Parameter GraphOnly is not set, to Set-OutlookSignatures tries to connect to an on-prem Active Directory first. It get's the logged-in user's Distinguised Name with the following command: Add-Type -AssemblyName System.DirectoryServices.AccountManagement; (Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\$(([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value)\IdentityCache\$(([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value)" -Name 'UserName' -ErrorAction SilentlyContinue)
  2. According to the output, Set-OutlookSignatures then still decides to connect to Graph anyhow. This means that at least one of the following conditions is met:
  • The on-prem Active Directory query from step 1 brought no result
  • You use New Outlook (this information is missing, as not the whole output is posted in the issue description)
  • GraphOnly is set to true (this is not the case here)
  • GraphOnly is set to false AND the Distinguished Name is found in the on-prem Active Directory AND the mailbox is in the cloud AND (SetCurrentUserOOFMessageAND/ORSetCurrentUserOutlookWebSignature` is set to true (which is the default value for both parameters)) - this is very likely what happens
  1. When there is no MSAL.PS Graph token cache file, three authentication attempts towards Graph happen one after the other (verbose output shows details):
  • Integrated Windows Authentication
  • Silent with a login hint (result from step 1)
  • Via Prompt with LoginHint and Timeout

What does the command from step 1 output as result?

Which output is in the verbose log?

<!-- gh-comment-id:1825720455 --> @GruberMarkus commented on GitHub (Nov 24, 2023): Hi @derGali, this can't be answered definitely without the verbose output of the script. From your description and the partial script output, the most likely is the following: 1. Parameter `GraphOnly` is not set, to Set-OutlookSignatures tries to connect to an on-prem Active Directory first. It get's the logged-in user's Distinguised Name with the following command: `Add-Type -AssemblyName System.DirectoryServices.AccountManagement; (Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\$(([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value)\IdentityCache\$(([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value)" -Name 'UserName' -ErrorAction SilentlyContinue)` 2. According to the output, Set-OutlookSignatures then still decides to connect to Graph anyhow. This means that at least one of the following conditions is met: - The on-prem Active Directory query from step 1 brought no result - You use New Outlook (this information is missing, as not the whole output is posted in the issue description) - `GraphOnly` is set to true (this is not the case here) - `GraphOnly is set to false AND the Distinguished Name is found in the on-prem Active Directory AND the mailbox is in the cloud AND (`SetCurrentUserOOFMessage` AND/OR `SetCurrentUserOutlookWebSignature` is set to true (which is the default value for both parameters)) - this is very likely what happens 3. When there is no MSAL.PS Graph token cache file, three authentication attempts towards Graph happen one after the other (verbose output shows details): - Integrated Windows Authentication - Silent with a login hint (result from step 1) - Via Prompt with LoginHint and Timeout What does the command from step 1 output as result? Which output is in the verbose log?
kerem commented 2026-02-27 20:30:57 +03:00
Author
Owner
Copy link

@derGali commented on GitHub (Nov 24, 2023):

The result from step 1 is ... nothing. The query fails. In fact, there is no IndetityCache Key in HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\S-1-5-21-1409082233-299502267-xxxxxxx-xxxx

I do not use new outlook, GraphOnly is false. In the verbose log I can read the following:
...
AUSFÜHRLICH: Current user:
AUSFÜHRLICH: Authentication
AUSFÜHRLICH: Via IntegratedWindowsAuth
AUSFÜHRLICH: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new
location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID:
8ab7e964-ad0f-4f86-9bcb-583aca7ffc00 Correlation ID: f0e2030f-f33c-41c9-9389-c7c092f43bb6 Timestamp: 2023-11-24
14:17:19Z
AUSFÜHRLICH: Via Silent with LoginHint
AUSFÜHRLICH: No account or login hint was passed to the AcquireTokenSilent call.
AUSFÜHRLICH: Via Prompt with LoginHint and Timeout
...

... actually NOW it works nevertheless and the script gets my correct user right. I really don't know what has happend since last try, I changed nothing, not even the powershell session.

Thank you very much for the quick response, I think from here on I can manage on my own.

<!-- gh-comment-id:1825762377 --> @derGali commented on GitHub (Nov 24, 2023): The result from step 1 is ... nothing. The query fails. In fact, there is no IndetityCache Key in ```HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\S-1-5-21-1409082233-299502267-xxxxxxx-xxxx``` I do not use new outlook, GraphOnly is false. In the verbose log I can read the following: <code>... AUSFÜHRLICH: Current user: AUSFÜHRLICH: Authentication AUSFÜHRLICH: Via IntegratedWindowsAuth AUSFÜHRLICH: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: 8ab7e964-ad0f-4f86-9bcb-583aca7ffc00 Correlation ID: f0e2030f-f33c-41c9-9389-c7c092f43bb6 Timestamp: 2023-11-24 14:17:19Z AUSFÜHRLICH: Via Silent with LoginHint AUSFÜHRLICH: No account or login hint was passed to the AcquireTokenSilent call. AUSFÜHRLICH: Via Prompt with LoginHint and Timeout ...</code> ... actually NOW it works nevertheless and the script gets my correct user right. I really don't know what has happend since last try, I changed nothing, not even the powershell session. Thank you very much for the quick response, I think from here on I can manage on my own.
kerem commented 2026-02-27 20:30:57 +03:00
Author
Owner
Copy link

@GruberMarkus commented on GitHub (Nov 24, 2023):

You are welcome! Gern geschehen!

<!-- gh-comment-id:1825838816 --> @GruberMarkus commented on GitHub (Nov 24, 2023): You are welcome! Gern geschehen!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v4.26.1
v4.26.0
v4.25.0
v4.24.0
v4.23.0
v4.22.0
v4.21.0
v4.20.4
v4.20.3
v4.20.2
v4.20.1
v4.20.0
v4.19.0
v4,18.3
v4.18.3
v4.18.2
v4.18.1
v4.18.0
v4.17.0
v4.16.1
v4.16.0
v4.15.0
v4.14.2
v4.14.1
v4.14.0
v4.13.0
v4.12.2
v4.12.1
v4.12.0
v4.11.0
v4.10.1
v4.10.0
v4.9.0
v4.8.1
v4.8.0
v4.8.0-beta.2
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v2.0.0
v1.2.1
v1.2.0
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.3.0
v2.3.0-beta1
v2.3.0-beta2
v2.3.0-beta3
v2.3.0-beta5
v2.5.2
v2.4.0
v2.4.0-beta1
v2.5.0
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-beta3
v1.1.0
v1.0.0
v2.5.1
v3.6.1
v3.6.0
v3.5.1
v3.5.0
v3.4.1
v3.4.0
v3.3.0-alpha3
v3.3.0-alpha2
v3.3.0-alpha1
v3.3.0
v3.2.2
v3.2.1-beta3
v3.2.1-beta2
v3.2.1-beta1
v3.2.1
v3.2.0-beta1
v3.2.0
v3.1.0-alpha.54
v3.1.0-alpha.52
v3.1.0-alpha.51
v3.1.0-alpha.42
v3.1.0
v3.0.0-beta1
v3.0.0
v2.3.1
v2.3.0-beta4
v4.7.0
v4.6.1
v4.6.0
v4.5.0
v4.4.0
v4.3.0
v4.2.1
v4.2.0
v4.1.0
v4.0.0
Labels
Clear labels   
bug

   
dependencies

   
documentation

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
dependencies
documentation
enhancement
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Set-OutlookSignatures-Set-OutlookSignatures#39
No description provided.