From 62dafdeaa08a50386031ab0b0ed5de01f8012202 Mon Sep 17 00:00:00 2001
From: Devesh <dagarwal@mitre.org>
Date: Wed, 11 Dec 2024 21:14:50 +0000
Subject: [PATCH] update for groups

---
 .../Modules/Providers/ExportAADProvider.psm1     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1
index 2fa7081d01..ee5d02c0a3 100644
--- a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1
+++ b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1
@@ -448,6 +448,22 @@ function LoadObjectDataIntoPrivilegedUserHashtable {
                     $PrivilegedUsers[$GroupMember.Id].roles += $RoleName
                 }
             }
+            elseif ($Objecttype -eq "serviceprincipal") {
+
+                # In this section we need to add the service principal information to the "service principal" hashtable
+                if (-Not $PrivilegedUsers.ContainsKey($ObjectId)) {
+                    $AADServicePrincipal = Get-MgBetaServicePrincipal -ServicePrincipalId $ObjectId -ErrorAction Stop
+                    $PrivilegedUsers[$ObjectId] = @{
+                        "DisplayName" = $AADServicePrincipal.DisplayName
+                        "ServicePrincipalId" = $AADServicePrincipal.Id
+                        "AppId" = $AADServicePrincipal.AppId
+                        "roles" = @()
+                    }
+                }
+                if ($PrivilegedUsers[$ObjectId].roles -notcontains $RoleName) {
+                    $PrivilegedUsers[$ObjectId].roles += $RoleName
+                }
+            }
         }
 
         # Since this is a group, we need to also process assignments in PIM in case it is in PIM for Groups