Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADRoleSetting: "-Filter" parameter doesn't work when using Export-M365DSCConfiguration #3919

Closed
Kierow opened this issue Nov 21, 2023 · 2 comments · Fixed by #3920 or #3985
Closed

AADRoleSetting: "-Filter" parameter doesn't work when using Export-M365DSCConfiguration #3919

Kierow opened this issue Nov 21, 2023 · 2 comments · Fixed by #3920 or #3985
Labels
Bug Something isn't working Entra ID V1.23.1115.1 Version 1.23.1115.1

Comments

@Kierow
Copy link

Kierow commented Nov 21, 2023

Description of the issue

Hello,

If you try to export only some roles using the Export-M365DSCConfiguration (AADRoleSetting + a Filter), the filter is not taken into account and all roles will be exported.

The issue seems coming from the MSFT_AADRoleSetting DSCResource and more particularly from the Export-TargetResource function. In fact, the parameter $Filter is not used in the below Cmdlet :
[array]$roles = Get-MgRoleManagementDirectoryRoleDefinition -ErrorAction Stop

Maybe a solution would be to simply replace the above command with (there might be better solutions):
[array]$roles = Get-MgRoleManagementDirectoryRoleDefinition -Filter $Filter -ErrorAction Stop

This is my first issue so don't hesitate if you have any questions, I'm not familiar with the process.. :)

Microsoft 365 DSC Version

1.23.1115.1

Which workloads are affected

Azure Active Directory

The DSC configuration

Example:
$Component = "AADRoleSetting"
$Filters   = @{ AADRoleSetting = "DisplayName eq 'Global Administrator'" }
Export-M365DSCConfiguration  -Components $Component `
                             -TenantId              $TenantId `
                             -ApplicationId         $ApplicationId `
                             -CertificateThumbprint $CertificateThumbprint `
                             -Filters               $Filters              
--> This command should return only the Global Administrator role but it will export all roles (as the filter is not used...)

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response
@Kierow Kierow changed the title AADRoleSetting: -"Filter" parameter doesn't work when using Export-M365DSCConfiguration AADRoleSetting: "-Filter" parameter doesn't work when using Export-M365DSCConfiguration Nov 21, 2023
@andikrueger andikrueger added Bug Something isn't working Entra ID V1.23.1115.1 Version 1.23.1115.1 labels Nov 22, 2023
@andikrueger
Copy link
Collaborator

Thanks for reporting. This is indeed not fully implemented.

The following code does not respect the filter.

Microsoft365DSC/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1

Line 1382 in 433af4d

[array] $Script:exportedInstances = Get-MgBetaRoleManagementDirectoryRoleDefinition -ErrorAction Stop

@andikrueger
Copy link
Collaborator

And there is already a PR with a fix: #3920

@andikrueger andikrueger linked a pull request Nov 22, 2023 that will close this issue
AADRoleSetting export with Filter and sort by DisplayName #3920
Merged
@NikCharlebois NikCharlebois mentioned this issue Nov 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Entra ID V1.23.1115.1 Version 1.23.1115.1
Projects
None yet
Milestone
No milestone
2 participants
@andikrueger @Kierow