Get-MsolDomainFederationSettings : Access Denied


I was planning a migration from ADFS to Pass-through Authentication for a client, and was unable to run Get-MsolDomainFederationSettings due to permissions.

The command I’m running is Get-MsolDomainFederationSettings -DomainName | fl *


Get-MsolDomainFederationSettings : Access Denied. You do not have permissions to call this cmdlet.
At line:2 char:1
+ Get-MsolDomainFederationSettings -DomainName | fl *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolDomainFederationSettings], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.AccessDeniedException,Microsoft.Online.Administration.Automation.GetDomainFederationSettings


The account I’d been given wasn’t assigned the Global Administrator role.

The following command will return users with the role, note in Azure AD PowerShell, the role is identified as “Company Administrator”.  In the Azure portal, it’s “Global Administrator”.

$CompRole = Get-MsolRole -RoleName “Company Administrator”

Get-MsolRoleMember -RoleObjectId $CompRole.Objectid

My account was assigned the role, and I was then able to run Get-MsolDomainFederationSettings.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s