Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AAD Group Restore from Deleted #4199

Merged
merged 1 commit into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@
* Removed the ability to specify a value of Absent for the Ensure property.
* AADCrossTenantAccessPolicyCOnfigurationDefault
* Removed the ability to specify a value of Absent for the Ensure property.
* AADGroup
* Changed Set logic to restore groups from the deleted list if a match by
DisplayName is found.
* SPOSharingSettings
* Fixed an Issue where the MySiteSharingCapability could be returned as an
empty string instead of a null value from the Get method.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -559,26 +559,44 @@ function Set-TargetResource
}
elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent')
{
Write-Verbose -Message "Creating new group {$DisplayName}"
$currentParameters.Remove('Id') | Out-Null
Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}"
$restorinExisting = $false
[Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'"
if ($groups.Length -gt 1)
{
throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one."
}

try
if ($groups.Length -eq 1)
{
Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it."
Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id
$restoringExisting = $true
$currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
}

if (-not $restoringExisting)
{
Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)"
$currentGroup = New-MgGroup @currentParameters
Write-Verbose -Message "Creating new group {$DisplayName}"
$currentParameters.Remove('Id') | Out-Null

Write-Verbose -Message "Created Group $($currentGroup.id)"
if ($assignedLicensesGUIDs.Length -gt 0)
try
{
Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)"
$currentGroup = New-MgGroup @currentParameters
Write-Verbose -Message "Created Group $($currentGroup.id)"
}
catch
{
Write-Verbose -Message $_
New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" `
-Exception $_ `
-Source $MyInvocation.MyCommand.ModuleName
}
}
catch
if ($assignedLicensesGUIDs.Length -gt 0)
{
Write-Verbose -Message $_
New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" `
-Exception $_ `
-Source $MyInvocation.MyCommand.ModuleName
Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
}
}
elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present')
Expand Down Expand Up @@ -623,7 +641,17 @@ function Set-TargetResource
$ownerObject = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
}
New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject | Out-Null
try
{
New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject -ErrorAction Stop| Out-Null
}
catch
{
if ($_.Exception.Message -notlike "*One or more added object references already exist for the following modified properties*")
{
throw $_
}
}
}
elseif ($diff.SideIndicator -eq '<=')
{
Expand Down
Loading