MigrationWiz – Collaboration Migration – Forbidden Inner Error

Error message:

Code: Forbidden Message: Forbidden Inner error

Cause:

This error is caused when the Administrator user is not set as an Owner of the Team being migrated.  This can happen if the user was set as an Owner recently and the permissions have not yet synced.

Resolution:

Add the Administrator account to the teams as an owner. This can be done manually or using the PowerShell script below:

To add the admin as owner to all teams:

  1. Install Teams PowerShell module if it is not already installed
  2. Run Windows PowerShell as admin
  3. Execute command ‘Install-Module -Name MicrosoftTeams’
  4. Run the following script (fill in the username and password):
    Import-Module MicrosoftTeams
    $username = ''
    $password = ''
    $secPass = ConvertTo-SecureString $password -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential ($username, $secPass)

    Connect-MicrosoftTeams -Credential $credential
    $teamsToAddOwner = Get-Team | Where-Object { (Get-TeamUser -GroupId $_.GroupId -Role Owner | Where-Object
    { $_.User -eq $username }) -eq $null }
    $teamsToAddOwner | Add-TeamUser -User $username -Role Owner

After running the script, the user should be visible as an owner of the group from the Office Admin portal or the Azure portal. However, per Microsoft, these permission changes may take minutes or hours for the ownership to take effect in Teams. This script should be run at least 24 hours before the migration is attempted again.

If the user does not show as an owner after 24 hours, try one of the options below:

Manual options:

  1. Ask a current owner of the team to add the user as an owner from the Teams UI. This should take effect immediately.
  2. In the Office Admin portal or Azure portal, remove the user from the owner of the group and add it back again. This change may still require up to 24 hours to take effect.

PowerShell Option:

  1. The owner can be removed and re-added using the PowerShell script below:
    $groupId = ''
    $username = ''
    Remove-TeamUser -GroupId $groupId -User $username -Role Owner
    Add-TeamUser -GroupId $groupId -User $username -Role Owner

    Note: This remove and re-add can still require up to 24 hours to take effect.
Was this article helpful?
0 out of 0 found this helpful