From 88438ceb10909f12c1508d8de071d2fe5702509e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 12 Dec 2024 06:49:39 -0500 Subject: [PATCH 1/2] Fixes #5532 --- ...MSFT_AADRoleAssignmentScheduleRequest.psm1 | 20 ++++++++++++++++--- ...SFT_AADRoleEligibilityScheduleRequest.psm1 | 2 +- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 index 5704447962..7c019e5dab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 @@ -148,10 +148,24 @@ function Get-TargetResource [Array] $requests = Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest -Filter "PrincipalId eq '$($PrincipalInstance.Id)' and RoleDefinitionId eq '$($RoleDefinitionId)' and DirectoryScopeId eq '$($DirectoryScopeId)'" if ($requests.Length -eq 0) { - return $nullResult + Write-Verbose -Message "Trying to retrieve by reverse RoleId retrieval" + $partialRequests = Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest -Filter "PrincipalId eq '$($PrincipalInstance.Id)' and DirectoryScopeId eq '$($DirectoryScopeId)'" + $reverseRoleId = $null + foreach ($partialRequest in $partialRequests) + { + $roleEntry = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $partialRequest.RoleDefinitionId | Where-Object -FilterScript {$_.DisplayName -eq $RoleDefinition} + if ($null -ne $roleEntry) + { + $request = $partialRequest + $RoleDefinitionId = $partialRequest.RoleDefinitionId + break + } + } + } + else + { + $request = $requests[0] } - - $request = $requests[0] } $schedules = Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -Filter "PrincipalId eq '$($request.PrincipalId)'" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 511422e668..3cebcf39a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -138,7 +138,7 @@ $PrincipalValue = $PrincipalInstance.DisplayName } - Write-Verbose -Message 'Found Principal' + Write-Verbose -Message "Found Principal {$PrincipalValue}" $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id Write-Verbose -Message "Retrieved role definition {$RoleDefinition} with ID {$RoleDefinitionId}" From e3746a31f135fe6af3805f786dfca486867c4abc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 12 Dec 2024 10:15:30 -0500 Subject: [PATCH 2/2] Fixes #5532 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58a7a48e7e..ae225b236a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,9 @@ * AADFeatureRolloutPolicy * Fixed policy retrieval FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* AADRoleEligibilityScheduleRequest + * Changed logic to retrieve instance by Service Principal with custom role. + FIXES [#5532](https://github.com/microsoft/Microsoft365DSC/issues/5532) * IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Fixing issue with the way the QrCodeImage property was exported and handled. * IntuneFirewallPolicyWindows10