From f039356f52a583c394e247d446159dfd7e055a07 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 29 Dec 2024 09:42:38 -0500 Subject: [PATCH 1/2] AADRoleEligibilityScheduleRequest - Export Fix --- CHANGELOG.md | 2 + ...SFT_AADRoleEligibilityScheduleRequest.psm1 | 116 ++++++++++-------- 2 files changed, 65 insertions(+), 53 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 42f4f58bae..26e967f969 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * AADOrganizationCertificateBasedAuthConfiguration * Fixed the primary key of the resource. FIXES [#5523](https://github.com/microsoft/Microsoft365DSC/issues/5523) +* AADRoleEligibilityScheduleRequest + * Fixed error when extracting an entry with a deleted principal. * DefenderDeviceAuthenticatedScanDefinition * Fixed the Data Type export. * MISC diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 3cebcf39a2..42ba8bd62f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -756,8 +756,15 @@ function Export-TargetResource if ($null -eq $groupInfo) { $principalType = 'ServicePrincipal' - $spnInfo = Get-MgServicePrincipal -ServicePrincipalId $request.PrincipalId - $PrincipalValue = $spnInfo.DisplayName + $spnInfo = Get-MgServicePrincipal -ServicePrincipalId $request.PrincipalId -ErrorAction SilentlyContinue + if ($null -ne $spnInfo) + { + $PrincipalValue = $spnInfo.DisplayName + } + else + { + $PrincipalValue = $null + } } else { @@ -769,62 +776,65 @@ function Export-TargetResource $PrincipalValue = $userInfo.UserPrincipalName } - $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId - $params = @{ - Id = $request.Id - Principal = $PrincipalValue - PrincipalType = $principalType - DirectoryScopeId = $request.DirectoryScopeId - RoleDefinition = $RoleDefinitionId.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } + if ($null -ne $PrincipalValue) + { + $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId + $params = @{ + Id = $request.Id + Principal = $PrincipalValue + PrincipalType = $principalType + DirectoryScopeId = $request.DirectoryScopeId + RoleDefinition = $RoleDefinitionId.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } - $Results = Get-TargetResource @Params + $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - try - { - if ($null -ne $results.ScheduleInfo) + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + try { - $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo + if ($null -ne $results.ScheduleInfo) + { + $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo + } + } + catch + { + Write-Verbose -Message "Error converting Schedule: $_" + } + if ($Results.TicketInfo) + { + $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($null -ne $Results.ScheduleInfo) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'ScheduleInfo' + } + if ($null -ne $Results.TicketInfo) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'TicketInfo' } - } - catch - { - Write-Verbose -Message "Error converting Schedule: $_" - } - if ($Results.TicketInfo) - { - $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo - } - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - if ($null -ne $Results.ScheduleInfo) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'ScheduleInfo' - } - if ($null -ne $Results.TicketInfo) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'TicketInfo' - } - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + } Write-Host $Global:M365DSCEmojiGreenCheckMark } return $dscContent From aa08cf4885be4b4ba38bcd99be7cf2863f341747 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 29 Dec 2024 09:46:23 -0500 Subject: [PATCH 2/2] Update MSFT_AADRoleEligibilityScheduleRequest.psm1 --- .../MSFT_AADRoleEligibilityScheduleRequest.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 42ba8bd62f..5091971e4f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -833,8 +833,8 @@ function Export-TargetResource $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName - $i++ } + $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } return $dscContent