From 15829d52eb2654ce26e7313406c10f0fb4b9b4e9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 13:12:21 -0500 Subject: [PATCH 1/5] Fixes AADGroup Logic --- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 1c9ae1a71b..a0b411cc71 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -511,7 +511,49 @@ function Set-TargetResource $currentParameters.Remove('AssignedLicenses') | Out-Null - if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Present') + if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') + { + Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}" + $restorinExisting = $false + [Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'" + if ($groups.Length -gt 1) + { + throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one." + } + + if ($groups.Length -eq 1) + { + Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it." + Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id + $restoringExisting = $true + $currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop + } + + if (-not $restoringExisting) + { + Write-Verbose -Message "Creating new group {$DisplayName}" + $currentParameters.Remove('Id') | Out-Null + + try + { + Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" + $currentGroup = New-MgGroup @currentParameters + Write-Verbose -Message "Created Group $($currentGroup.id)" + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` + -Exception $_ ` + -Source $MyInvocation.MyCommand.ModuleName + } + } + if ($assignedLicensesGUIDs.Length -gt 0) + { + Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() + } + } + if ($Ensure -eq 'Present') { Write-Verbose -Message "Group {$DisplayName} exists and it should." try @@ -557,48 +599,6 @@ function Set-TargetResource -Source $MyInvocation.MyCommand.ModuleName } } - elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') - { - Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}" - $restorinExisting = $false - [Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'" - if ($groups.Length -gt 1) - { - throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one." - } - - if ($groups.Length -eq 1) - { - Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it." - Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id - $restoringExisting = $true - $currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop - } - - if (-not $restoringExisting) - { - Write-Verbose -Message "Creating new group {$DisplayName}" - $currentParameters.Remove('Id') | Out-Null - - try - { - Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" - $currentGroup = New-MgGroup @currentParameters - Write-Verbose -Message "Created Group $($currentGroup.id)" - } - catch - { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` - -Exception $_ ` - -Source $MyInvocation.MyCommand.ModuleName - } - } - if ($assignedLicensesGUIDs.Length -gt 0) - { - Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() - } - } elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present') { try From cbe00aba3e6647762846859e4de656be27a947d9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:14:48 -0500 Subject: [PATCH 2/5] Fixes --- .../Microsoft365DSC.AADGroup.Tests.ps1 | 8 +++++++- Tests/Unit/Stubs/Microsoft365.psm1 | 16 +++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index be6fd42cef..27ffcd81bc 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -37,6 +37,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroupMember -MockWith { } + Mock -CommandName Restore-MgBetaDirectoryDeletedItem -MockWith { + } + + Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { + } + Mock -CommandName Get-MgGroupMemberOf -MockWith { } @@ -395,7 +401,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MailNickname = 'M365DSC' GroupTypes = @() } - + # Set-TargetResource expects object-type of answer to contain 'group' $returnData.psobject.TypeNames.insert(0, 'Group') return $returnData diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f5544b9f0f..9280d71b9c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,4 +1,4 @@ -#region ExchangeOnlineManagement +# region ExchangeOnlineManagement function Get-DefaultTenantBriefingConfig { [CmdletBinding()] @@ -51825,6 +51825,20 @@ function Remove-MgBetaDirectoryAdministrativeUnitMemberByRef $Break ) } +function Restore-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $DirectoryObjectId + ) +} +function Get-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] +} + function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember { [CmdletBinding()] From 5a3ddf68f4ef2c7a53b92a4c0485b8d4a6dc37f5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:22:24 -0500 Subject: [PATCH 3/5] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 9280d71b9c..f0614e47d1 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51837,6 +51837,7 @@ function Restore-MgBetaDirectoryDeletedItem function Get-MgBetaDirectoryDeletedItem { [CmdletBinding()] + param() } function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember From 0438cda4b4309685433aaccbb2b5ec0124dd5215 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:36:21 -0500 Subject: [PATCH 4/5] Fixes --- .../Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 2 ++ Tests/Unit/Stubs/Microsoft365.psm1 | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 27ffcd81bc..115cf92bd1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -39,6 +39,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Restore-MgBetaDirectoryDeletedItem -MockWith { } + Mock -CommandName Get-MgBetaDirectoryDeletedItemAsGroup -MockWith { + } Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f0614e47d1..af4f47bb78 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51840,6 +51840,16 @@ function Get-MgBetaDirectoryDeletedItem param() } +function Get-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $Filter + ) +} + function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember { [CmdletBinding()] From 88326f9350627cbfef103022ad2dec62721ecdf8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:44:46 -0500 Subject: [PATCH 5/5] Fixes --- .../Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 3 --- Tests/Unit/Stubs/Microsoft365.psm1 | 7 +------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 115cf92bd1..a07cd9c6d9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -42,9 +42,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaDirectoryDeletedItemAsGroup -MockWith { } - Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { - } - Mock -CommandName Get-MgGroupMemberOf -MockWith { } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index af4f47bb78..dc213dcafb 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51834,13 +51834,8 @@ function Restore-MgBetaDirectoryDeletedItem $DirectoryObjectId ) } -function Get-MgBetaDirectoryDeletedItem -{ - [CmdletBinding()] - param() -} -function Get-MgBetaDirectoryDeletedItem +function Get-MgBetaDirectoryDeletedItemAsGroup { [CmdletBinding()] param(