Skip to content

Commit

Permalink
Merge pull request #468 from johnduprey/dev
Browse files Browse the repository at this point in the history 
GDAP Invite/Test Bugfixes
  • Loading branch information
@KelvinTegelaar
KelvinTegelaar authored Nov 13, 2023
2 parents 56df158 + 3daf92a commit 6a8e2bd
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 23 deletions.
10 changes: 9 additions & 1 deletion ExecGDAPInvite/run.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,21 @@ $RoleMappings = $Request.body.gdapRoles
$Results = [System.Collections.Generic.List[string]]::new()
$InviteUrls = [System.Collections.Generic.List[string]]::new()


if ($RoleMappings.roleDefinitionId -contains '62e90394-69f5-4237-9190-012177145e10') {
$AutoExtendDuration = 'PT0S'
} else {
$AutoExtendDuration = 'P180D'
}

$Table = Get-CIPPTable -TableName 'GDAPInvites'
try {
$JSONBody = @{
'displayName' = "$((New-Guid).GUID)"
'accessDetails' = @{
'unifiedRoles' = @($RoleMappings | Select-Object roleDefinitionId)
}
'autoExtendDuration' = 'P180D'
'autoExtendDuration' = $AutoExtendDuration
'duration' = 'P730D'
} | ConvertTo-Json -Depth 5 -Compress

Expand Down Expand Up @@ -56,6 +63,7 @@ try {
}
} catch {
$Results.add('Error creating GDAP relationship')
Write-Host "GDAP ERROR: $($_.Exception.Message)"
}

Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info'
Expand Down
43 changes: 21 additions & 22 deletions Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ function Test-CIPPGDAPRelationships {
[CmdletBinding()]
param (
$TenantFilter,
$APIName = "Access Check",
$APIName = 'Access Check',
$ExecutingUser
)

Expand All @@ -15,26 +15,26 @@ function Test-CIPPGDAPRelationships {
foreach ($Tenant in $RelationshipsByTenant) {
if ($Tenant.Group.displayName.count -le 1 -and $Tenant.Group.displayName -like 'MLT_*') {
$GDAPissues.add([PSCustomObject]@{
Type = "Error"
Issue = "This tenant only has a MLT(Microsoft Led Transition) relationship. This is a read-only relationship. You must migrate this tenant to GDAP."
Type = 'Error'
Issue = 'This tenant only has a MLT(Microsoft Led Transition) relationship. This is a read-only relationship. You must migrate this tenant to GDAP.'
Tenant = $Tenant.Group.customer.displayName
Relationship = $Tenant.Group.displayName
Link = "https://docs.cipp.app/setup/gdap/index"
Link = 'https://docs.cipp.app/setup/gdap/index'
}) | Out-Null
}
foreach ($Group in $Tenant.Group) {
if ("62e90394-69f5-4237-9190-012177145e10" -in $Group.accessDetails.unifiedRoles.roleDefinitionId) {
if ('62e90394-69f5-4237-9190-012177145e10' -in $Group.accessDetails.unifiedRoles.roleDefinitionId) {
$GDAPissues.add([PSCustomObject]@{
Type = "Warning"
Issue = "The relationship has global administrator access. Auto-Extend is not available."
Tenant = $Tenant.Group.customer.displayName | Out-String
Relationship = $group.displayName | Out-String
Link = "https://docs.cipp.app/setup/gdap/troubleshooting#autoextend"
Type = 'Warning'
Issue = 'The relationship has global administrator access. Auto-Extend is not available.'
Tenant = $Group.customer.displayName | Out-String
Relationship = $Group.displayName | Out-String
Link = 'https://docs.cipp.app/setup/gdap/troubleshooting#autoextend'

}) | Out-Null
}
}

}
$me = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=UserPrincipalName' -NoAuthCheck $true).UserPrincipalName
$CIPPGroupCount = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/`$count?`$filter=startsWith(displayName,'M365 GDAP')" -NoAuthCheck $true -ComplexFilter
Expand Down Expand Up @@ -67,29 +67,28 @@ function Test-CIPPGDAPRelationships {
}
if (-not $GroupFound) {
$GDAPissues.add([PSCustomObject]@{
Type = "Warning"
Type = 'Warning'
Issue = "$($Group) is not assigned to the SAM user $me. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
Tenant = "*Partner Tenant"
Relationship = "None"
Link = "https://docs.cipp.app/setup/gdap/troubleshooting#groups"
Tenant = '*Partner Tenant'
Relationship = 'None'
Link = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'

}) | Out-Null
}
if ($CIPPGroupCount -lt 12) {
$GDAPissues.add([PSCustomObject]@{
Type = "Warning"
Type = 'Warning'
Issue = "We only found $($CIPPGroupCount) of the 12 required groups. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
Tenant = "*Partner Tenant"
Relationship = "None"
Link = "https://docs.cipp.app/setup/gdap/troubleshooting#groups"
Tenant = '*Partner Tenant'
Relationship = 'None'
Link = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'

}) | Out-Null
}
}

}
catch {
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to run GDAP check for $($TenantFilter): $($_.Exception.Message)" -Sev "Error"
} catch {
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to run GDAP check for $($TenantFilter): $($_.Exception.Message)" -Sev 'Error'
}

return [PSCustomObject]@{
Expand Down

0 comments on commit 6a8e2bd

Please sign in to comment.