Test-MgGroupDynamicMembership doesnt support the MembershipRule parameter #1040
Description
Example 2 cannot be done:
https://docs.microsoft.com/en-us/graph/api/group-evaluatedynamicmembership?view=graph-rest-beta&tabs=http#example-2-evaluate-if-a-user-or-device-would-be-a-member-of-a-group-based-on-a-membership-rule
Example Implementation
#requires -module Microsoft.Graph.Authentication
using namespace Microsoft.Graph.PowerShell.Authentication.Helpers
function Test-DynamicGroupMembershipRule {
<#
.SYNOPSIS
Tests Dynamic Group Membership Rules for proper functionality.
.DESCRIPTION
Evaluate whether a user or device is or would be a member of a dynamic group. The membership rule is returned along with other details that were used in the evaluation. You can complete this operation in the following ways:
- Evaluate whether a user or device is a member of a specified dynamic group.
- Evaluate whether a user or device would be a member of a dynamic group based on the ID of the user or device and a membership rule.
.EXAMPLE
$groupId = (Get-MgGroup -filter "displayName eq 'TestGroup'").Id
Get-MgUser -userid 'UserInGroup@contoso.com' | Test-DynamicGroupMembershipRule -groupId
Example Result: True
.EXAMPLE
Get-MgUser -userid 'UserNotInGroup@contoso.com' | Test-DynamicGroupMembershipRule -MembershipRule 'user.Title -match "test"'
Example Result: False
.EXAMPLE
Get-MgUser -userid 'UserNotInGroup@contoso.com' | Test-DynamicGroupMembershipRule -MembershipRule 'user.Title -match "test"'
Example Result: False
.LINK
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-rule-validation
.LINK
https://docs.microsoft.com/en-us/graph/api/group-evaluatedynamicmembership?view=graph-rest-beta&tabs=http
#>
[CmdletBinding(DefaultParameterSetName = 'Simple')]
[OutputType([boolean], ParameterSetName = 'Simple')]
[OutputType([hashtable], ParameterSetName = 'Detail')]
param(
[Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
[Alias('Id')]
[Guid]$MemberId,
#The membership rule to test.
[String]$membershipRule,
#The group ID to verify against if the user exists. If this is specified, the -Membership rule parameter is ignored
[Guid]$GroupId,
#Whether to include additional detail about the match, otherwise returns true if the user is a member
[Parameter(ParameterSetName = 'Detail')][Switch]$Detail
)
begin {
if ((Get-MgProfile).Name -ne 'beta') {
Write-Error -Exception $([PlatformNotSupportedException]::new('This command requires the beta profile. Hint: Select-MgProfile -Name beta'))
return
}
}
process {
$GroupIdUri = $null
$body = @{
memberId = $memberId
membershipRule = $membershipRule
}
if ($GroupId) {
$groupIdUri = "/$GroupId"
$body.membershipRule = $null
}
$graphRequestParams = @{
Method = 'POST'
uri = "/beta/groups${groupIdUri}/evaluateDynamicMembership"
body = $body
OutputType = 'Hashtable'
}
[hashtable]$result = try {
Invoke-MgGraphRequest @graphRequestParams -ErrorAction Stop
} catch [httpResponseException] {
Write-Error -Exception (Format-GraphError $PSItem.exception)
return
} catch {
Write-Error -ErrorRecord $PSItem
return
}
$result.Remove('@odata.context')
if ($PSCmdlet.ParameterSetName -ne 'Detail') {
return [bool]$result.membershipRuleEvaluationResult
}
return $result
}
}
#region HelperFunctions
function Format-GraphError ([HttpResponseException]$exception) {
[hashtable]$errorResponse = $exception.response.content.ReadAsStringAsync().GetAwaiter().GetResult()
| ConvertFrom-Json -AsHashtable
| ForEach-Object error
$message = '{0}: {1}' -f $errorResponse.code, $errorResponse.message
[httpResponseException]::new(
$message,
$exception.Response
)
}
#endregion HelperFunctions