Question 358979 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Error Cloning Microsoft Teams Group with PowerShell

I’m currently working with Microsoft support on a ticket related to updating the value of CreationOption for an M365 Group, as discussed in this post: M365 Group: update value of CreationOption. While awaiting a resolution, I attempted to clone the problematic Team group to a new Team-enabled M365 group.

However, I’ve encountered errors during the cloning process and am seeking insights or suggestions from the community. Specifically, I’m wondering if there are adjustments I can make to the scope permissions or other settings to troubleshoot the issue.

Below is the PowerShell script I’ve used for the cloning attempt, along with the error message received:

PowerShell

Install-Module Microsoft.Graph.Teams -Force
Import-Module Microsoft.Graph.Teams -MinimumVersion 2.15.0
Connect-MgGraph -Scopes Group.Read.All, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All

# Get the Teams you have access to
##$teams = Get-MgTeam

# List all teams with their IDs
##$teams | Select-Object DisplayName, Id | Sort DisplayName

# Define parameters for the new team
$params = @{
    displayName = "Problem Team Copy"
    description = "Testing copy of Problem Team"
    mailNickname = "problemcopytest"
    partsToClone = "apps,tabs,settings,channels"
    visibility = "private"
}

$teamId = "8xxxxx88-xx8x-8xx8-8888-896x7x019xx4"

Copy-MgTeam -TeamId $teamId -BodyParameter $params

Error

Copy-MgTeam : Unable to fetch team thread: Failed to execute Skype backend request GetThreadRequest.
Status: 403 (Forbidden)
ErrorCode: Forbidden
Date: 2024-03-06T13:28:33
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 8xx8xx8x-88xx-88x8-8x8x-514xx5x4x4x1
client-request-id             : 8x88xx88-88x8-88xx-8xxx-822x560x93x2
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"North Central US","Slice":"E","Ring":"3","ScaleUnit":"003","RoleInstance":"CH01EPF0002DB18"}}
Date                          : Wed, 06 Mar 2024 13:28:32 GMT
At line:15 char:1
+ Copy-MgTeam -TeamId $teamId -BodyParameter $params
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ TeamId = 8xxx...ionJsonSchema }:<>f__AnonymousType3`3) [Copy-MgTeam_Clone], Exception
    + FullyQualifiedErrorId : Forbidden,Microsoft.Graph.PowerShell.Cmdlets.CopyMgTeam_Clone

Any advice or guidance on resolving this error and successfully cloning the Microsoft Teams group would be greatly appreciated.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    If you're encountering issues with Team-enabled Microsoft 365 Groups sourced from the cloud, configured for Dynamic Group Membership via rules, and experiencing sporadic failures in honoring these rules for member (and/or owner) access to Teams, this solution might be applicable to your situation.

    enter image description here

    Despite being an owner of a Group for several weeks, it appeared that the error encountered while running the Copy-MgTeam command stemmed from access issues with backend systems.

    Granting new owner access seemed to be impacted by the issue most of the time. Once the solution was effective, owner permissions worked as expected, and the Copy-MgTeam command worked properly too without error.

    Self-Solution

    Important: Backup the Dynamic membership rules if necessary before following these steps.

    1. Within Microsoft Entra admin center, go to the Group.
    2. Click Properties, change Membership type to "Assigned", and press Save.
    3. Go to Manage | Members, and explicitly remove members from the group within Entra while leaving owners as-is.
    4. Now is the important part of waiting for all environmental and system replication to occur within your environment, step away for an hour or longer if possible (e.g. after close of business).
    5. Confirm with Entra Admin, Teams Admin, and M365 Admin Centers that the members are all removed as per #3 from the Group.
    6. As per #2, now toggle Membership type to "Dynamic", and press Save.
    7. Go to Dynamic membership rules, and add/edit back in the necessary membership rules, and press Save.
    8. Once again, wait for all environmental and system replication to occur within your environment, step away for a while, etc.
    9. Confirm in all the M365 admin portals again #5, that now all members are listed correctly.

      • Confirm any newly grant Team "Owners" and "Members" access is back working.

      • Confirm from Teams desktop app as owner from the Manage Team option, that all members are assigned per the dynamic membership rules as expected.

        enter image description here

    Tip

    Begin by confirming that an existing owner of the Team can access the 'Manage Team' option in the Teams app. Compare the Teams app members with all the M365 admin portals against the group's membership.

    If discrepancies are observed between the membership displayed in the Teams app and the expected membership shown in the M365 admin portals. Switching the Group configuration to 'assigned,' removing all members explicitly, allowing sufficient time for replication, and then reverting the configuration back to 'Dynamic' may resolve.


  2. 0

    When I executed the same script in my environment it worked successfully:

    Connect-MgGraph -Scopes Group.Read.All, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All

$params = @{
    displayName = "Problem Team Copy"
    description = "Testing copy of Problem Team"
    mailNickname = "problemcopytest"
    partsToClone = "apps,tabs,settings,channels"
    visibility = "public"
}

$teamId = "TeamID"

Copy-MgTeam -TeamId $teamId -BodyParameter $params

    The team got cloned successfully like below:

    enter image description here

    With the same permissions as you, I am able to clone the team.

    If still the issue persists, check the below:

    • According to this MsDoc, Team.Create permission is required to clone the team. If still the error occurs then pass scope as Team.Create .
    • As mentioned by you, the team you are trying to clone is corrupted, try to fix the corrupted team and then you will be able to clone it.
    • As it is working for the other team the issue is due to the corrupted team. Once the issue fixes rerun the script and the team will be cloned.
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search