I know I am missing something, but I can't find a solution. I am writing a script that removes an AD user's licenses from their account. I call Connect-Graph -Scopes User.ReadWrite.All, Organization.Read.All at the top of the script, but the call to Set-MgUserLicense returns an insufficient privileges operation. I read through the docs and applied the same permissions as the examples show, but it still won't work, even while using an elevated powershell prompt while logged into my AD admin account.
Update
Here is the script I am trying to use.
Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All
Connect-Graph -Scopes User.ReadWrite.All, Organization.Read.All -NoWelcome
Connect-AzureAD
Connect-AzureAD
# Get username, prepare it's new OU
$username = Read-Host "Enter the username to disable"
$TargetOU = "OU=Disabled Accounts,OU=3_Users,DC=XXXX,DC=com"
# grab user from AD based on $username
$user = Get-ADUser -Filter { SamAccountName -eq $username } -Properties MemberOf
# License removal
$licenses = Get-MgSubscribedSku -All
$email = $username + "@gmail.com"
Set-MgUserLicense -UserId $email -AddLicenses @() -RemoveLicenses @($licenses.SkuId)
And the error message
