Merge branch 'KelvinTegelaar:master' into master

Author: LANCreation

.gitignore

@@ -9,3 +9,7 @@ Logs
 ExcludedTenants
 SendNotifications/config.json
 .env
+
+
+# Cursor IDE
+.cursor/rules

CIPP-Permissions.json

@@ -80,14 +80,6 @@
     "RunOnProcessor": true,
     "PreferredProcessor": "standards"
   },
-  {
-    "Id": "5113c66d-c040-42df-9565-39dff90ddd55",
-    "Command": "Start-CIPPGraphSubscriptionCleanupTimer",
-    "Description": "Orchestrator to cleanup old Graph subscriptions",
-    "Cron": "0 0 0 * * *",
-    "Priority": 5,
-    "RunOnProcessor": true
-  },
   {
     "Id": "97145a1d-28f0-4bb2-b929-5a43517d23cc",
     "Command": "Start-SchedulerOrchestrator",

CIPPTimers.json

@@ -5,7 +5,7 @@ function Add-CIPPAlias {
         $Aliases,
         $UserprincipalName,
         $TenantFilter,
-        $APIName = 'Set Manager',
+        $APIName = 'Add Alias',
         $Headers
     )
 

Config/standards.json

@@ -114,6 +114,10 @@ function Add-CIPPDelegatedPermission {
         $OldScope = ($CurrentDelegatedScopes | Where-Object -Property Resourceid -EQ $svcPrincipalId.id)
 
         if (!$OldScope) {
+            if ([string]::IsNullOrEmpty($NewScope) -or $NewScope -eq ' ') {
+                $Results.add("No delegated permissions to add for $($svcPrincipalId.displayName)")
+                continue
+            }
             try {
                 $Createbody = @{
                     clientId    = $ourSVCPrincipal.id
@@ -147,6 +151,13 @@ function Add-CIPPDelegatedPermission {
                 $Results.add("All delegated permissions exist for $($svcPrincipalId.displayName)")
                 continue
             }
+
+            if ([string]::IsNullOrEmpty($NewScope) -or $NewScope -eq ' ') {
+                # No permissions to update
+                $Results.add("No delegated permissions to update for $($svcPrincipalId.displayName)")
+                continue
+            }
+
             $Patchbody = @{
                 scope = "$NewScope"
             } | ConvertTo-Json -Compress

ConversionTable.csv

@@ -7,21 +7,22 @@ function Add-CIPPGroupMember(
     [string]$APIName = 'Add Group Member'
 ) {
     try {
-        if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
-        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id
-        $addmemberbody = "{ `"[email protected]`": $(ConvertTo-Json @($MemberIDs)) }"
+        if ($Member -like '*#EXT#*') { $Member = [System.Web.HttpUtility]::UrlEncode($Member) }
+        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($Member)" -tenantid $TenantFilter).id
+        $AddMemberBody = "{ `"[email protected]`": $(ConvertTo-Json @($MemberIDs)) }"
         if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
-            $Params = @{ Identity = $GroupId; Member = $member; BypassSecurityGroupManagerCheck = $true }
-            $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
+            $Params = @{ Identity = $GroupId; Member = $Member; BypassSecurityGroupManagerCheck = $true }
+            $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $Params -UseSystemMailbox $true
         } else {
-            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose
+            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $AddMemberBody -Verbose
         }
-        $Message = "Successfully added user $($Member) to $($GroupId)."
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
-        return $message
+        $Results = "Successfully added user $($Member) to $($GroupId)."
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Results -Sev 'Info'
+        return $Results
     } catch {
-        $message = "Failed to add user $($Member) to $($GroupId) - $($_.Exception.Message)"
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_)
-        return $message
+        $ErrorMessage = Get-CippException -Exception $_
+        $Results = "Failed to add user $($Member) to $($GroupId) - $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Results -Sev 'error' -LogData $ErrorMessage
+        throw $Results
     }
 }

Modules/CIPPCore/Public/Add-CIPPAlias.ps1

@@ -24,106 +24,178 @@ function Add-CIPPScheduledTask {
         $Headers
     )
 
-    $Table = Get-CIPPTable -TableName 'ScheduledTasks'
-
-    if ($RunNow.IsPresent -and $RowKey) {
-        try {
-            $Filter = "PartitionKey eq 'ScheduledTask' and RowKey eq '$($RowKey)'"
-            $ExistingTask = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
-            $ExistingTask.ScheduledTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
-            $ExistingTask.TaskState = 'Planned'
-            Add-CIPPAzDataTableEntity @Table -Entity $ExistingTask -Force
-            Write-LogMessage -headers $Headers -API 'RunNow' -message "Task $($ExistingTask.Name) scheduled to run now" -Sev 'Info' -Tenant $ExistingTask.Tenant
-            return "Task $($ExistingTask.Name) scheduled to run now"
-        } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            Write-LogMessage -headers $Headers -API 'RunNow' -message "Could not run task: $ErrorMessage" -Sev 'Error'
-            return "Could not run task: $ErrorMessage"
-        }
-    } else {
-        if ($DisallowDuplicateName) {
-            $Filter = "PartitionKey eq 'ScheduledTask' and Name eq '$($Task.Name)'"
-            $ExistingTask = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
-            if ($ExistingTask) {
-                return "Task with name $($Task.Name) already exists"
+    try {
+
+        $Table = Get-CIPPTable -TableName 'ScheduledTasks'
+
+        if ($RunNow.IsPresent -and $RowKey) {
+            try {
+                $Filter = "PartitionKey eq 'ScheduledTask' and RowKey eq '$($RowKey)'"
+                $ExistingTask = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
+                $ExistingTask.ScheduledTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
+                $ExistingTask.TaskState = 'Planned'
+                Add-CIPPAzDataTableEntity @Table -Entity $ExistingTask -Force
+                Write-LogMessage -headers $Headers -API 'RunNow' -message "Task $($ExistingTask.Name) scheduled to run now" -Sev 'Info' -Tenant $ExistingTask.Tenant
+                return "Task $($ExistingTask.Name) scheduled to run now"
+            } catch {
+                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+                Write-LogMessage -headers $Headers -API 'RunNow' -message "Could not run task: $ErrorMessage" -Sev 'Error'
+                return "Could not run task: $ErrorMessage"
             }
-        }
+        } else {
+            if ($DisallowDuplicateName) {
+                $Filter = "PartitionKey eq 'ScheduledTask' and Name eq '$($Task.Name)'"
+                $ExistingTask = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
+                if ($ExistingTask) {
+                    return "Task with name $($Task.Name) already exists"
+                }
+            }
+
+            $propertiesToCheck = @('Webhook', 'Email', 'PSA')
+            $PostExecutionObject = ($propertiesToCheck | Where-Object { $task.PostExecution.$_ -eq $true })
+            $PostExecution = $PostExecutionObject ? ($PostExecutionObject -join ',') : ($Task.PostExecution.value -join ',')
+            $Parameters = [System.Collections.Hashtable]@{}
+            foreach ($Key in $task.Parameters.PSObject.Properties.Name) {
+                $Param = $task.Parameters.$Key
+
+                if ($null -eq $Param -or $Param -eq '' -or ($Param | Measure-Object).Count -eq 0) {
+                    continue
+                }
 
-        $propertiesToCheck = @('Webhook', 'Email', 'PSA')
-        $PostExecutionObject = ($propertiesToCheck | Where-Object { $task.PostExecution.$_ -eq $true })
-        $PostExecution = $PostExecutionObject ? ($PostExecutionObject -join ',') : ($Task.PostExecution.value -join ',')
-        $Parameters = [System.Collections.Hashtable]@{}
-        foreach ($Key in $task.Parameters.PSObject.Properties.Name) {
-            $Param = $task.Parameters.$Key
+                # handle different object types in params
+                if ($Param -is [System.Collections.IDictionary] -or $Param[0].Key) {
+                    Write-Information "Parameter $Key is a hashtable"
+                    $ht = @{}
+                    foreach ($p in $Param.GetEnumerator()) {
+                        $ht[$p.Key] = $p.Value
+                    }
+                    $Parameters[$Key] = [PSCustomObject]$ht
+                    Write-Information "Converted $Key to PSObject $($Parameters[$Key] | ConvertTo-Json -Compress)"
+                } elseif ($Param -is [System.Object[]] -and -not ($Param -is [string])) {
+                    Write-Information "Parameter $Key is an enumerable object"
+                    $Param = $Param | ForEach-Object {
+                        if ($null -eq $_) {
+                            # Skip null entries
+                            return
+                        }
+                        if ($_ -is [System.Collections.IDictionary]) {
+                            [PSCustomObject]$_
+                        } elseif ($_ -is [PSCustomObject]) {
+                            $_
+                        } else {
+                            $_
+                        }
+                    } | Where-Object { $null -ne $_ }
+                    $Parameters[$Key] = $Param
+                } else {
+                    Write-Information "Parameter $Key is a simple value"
+                    $Parameters[$Key] = $Param
+                }
+            }
 
-            if ($null -eq $Param -or $Param -eq '' -or ($Param | Measure-Object).Count -eq 0) {
-                continue
+            if ($Headers) {
+                $Parameters.Headers = $Headers | Select-Object -Property 'x-forwarded-for', 'x-ms-client-principal', 'x-ms-client-principal-idp', 'x-ms-client-principal-name'
             }
-            if ($Param -is [System.Collections.IDictionary] -or $Param.Key) {
-                $ht = @{}
-                foreach ($p in $Param.GetEnumerator()) {
-                    $ht[$p.Key] = $p.Value
+
+            $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress)
+            $AdditionalProperties = [System.Collections.Hashtable]@{}
+            foreach ($Prop in $task.AdditionalProperties) {
+                if ($null -eq $Prop.Value -or $Prop.Value -eq '' -or ($Prop.Value | Measure-Object).Count -eq 0) {
+                    continue
                 }
-                $Parameters[$Key] = [PSCustomObject]$ht
+                $AdditionalProperties[$Prop.Key] = $Prop.Value
+            }
+            $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress)
+            if ($Parameters -eq 'null') { $Parameters = '' }
+            if (!$Task.RowKey) {
+                $RowKey = (New-Guid).Guid
             } else {
-                $Parameters[$Key] = $Param
+                $RowKey = $Task.RowKey
             }
-        }
 
-        if ($Headers) {
-            $Parameters.Headers = $Headers | Select-Object -Property 'x-forwarded-for', 'x-ms-client-principal', 'x-ms-client-principal-idp', 'x-ms-client-principal-name'
-        }
+            $Recurrence = if ([string]::IsNullOrEmpty($task.Recurrence.value)) {
+                $task.Recurrence
+            } else {
+                $task.Recurrence.value
+            }
 
-        $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress)
-        $AdditionalProperties = [System.Collections.Hashtable]@{}
-        foreach ($Prop in $task.AdditionalProperties) {
-            $AdditionalProperties[$Prop.Key] = $Prop.Value
-        }
-        $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress)
-        if ($Parameters -eq 'null') { $Parameters = '' }
-        if (!$Task.RowKey) {
-            $RowKey = (New-Guid).Guid
-        } else {
-            $RowKey = $Task.RowKey
-        }
+            if ([int64]$task.ScheduledTime -eq 0 -or [string]::IsNullOrEmpty($task.ScheduledTime)) {
+                $task.ScheduledTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
+            }
+            $excludedTenants = if ($task.excludedTenants.value) {
+                $task.excludedTenants.value -join ','
+            }
 
-        $Recurrence = if ([string]::IsNullOrEmpty($task.Recurrence.value)) {
-            $task.Recurrence
-        } else {
-            $task.Recurrence.value
-        }
+            # Handle tenant filter - support both single tenant and tenant groups
+            $tenantFilter = $task.TenantFilter.value ? $task.TenantFilter.value : $task.TenantFilter
+            $originalTenantFilter = $task.TenantFilter
 
-        if ([int64]$task.ScheduledTime -eq 0 -or [string]::IsNullOrEmpty($task.ScheduledTime)) {
-            $task.ScheduledTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
-        }
-        $excludedTenants = if ($task.excludedTenants.value) {
-            $task.excludedTenants.value -join ','
-        }
-        $entity = @{
-            PartitionKey         = [string]'ScheduledTask'
-            TaskState            = [string]'Planned'
-            RowKey               = [string]$RowKey
-            Tenant               = $task.TenantFilter.value ? "$($task.TenantFilter.value)" : "$($task.TenantFilter)"
-            excludedTenants      = [string]$excludedTenants
-            Name                 = [string]$task.Name
-            Command              = [string]$task.Command.value
-            Parameters           = [string]$Parameters
-            ScheduledTime        = [string]$task.ScheduledTime
-            Recurrence           = [string]$Recurrence
-            PostExecution        = [string]$PostExecution
-            AdditionalProperties = [string]$AdditionalProperties
-            Hidden               = [bool]$Hidden
-            Results              = 'Planned'
-        }
-        if ($SyncType) {
-            $entity.SyncType = $SyncType
-        }
-        try {
-            Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
-        } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            return "Could not add task: $ErrorMessage"
+            # If tenant filter is a complex object (from form), extract the value
+            if ($tenantFilter -is [PSCustomObject] -and $tenantFilter.value) {
+                $originalTenantFilter = $tenantFilter
+                $tenantFilter = $tenantFilter.value
+            }
+
+            # If tenant filter is a string but still seems to be JSON, try to parse it
+            if ($tenantFilter -is [string] -and $tenantFilter.StartsWith('{')) {
+                try {
+                    $parsedTenantFilter = $tenantFilter | ConvertFrom-Json
+                    if ($parsedTenantFilter.value) {
+                        $originalTenantFilter = $parsedTenantFilter
+                        $tenantFilter = $parsedTenantFilter.value
+                    }
+                } catch {
+                    # If parsing fails, use the string as is
+                    Write-Warning "Could not parse tenant filter JSON: $tenantFilter"
+                }
+            }
+
+            $entity = @{
+                PartitionKey         = [string]'ScheduledTask'
+                TaskState            = [string]'Planned'
+                RowKey               = [string]$RowKey
+                Tenant               = [string]$tenantFilter
+                excludedTenants      = [string]$excludedTenants
+                Name                 = [string]$task.Name
+                Command              = [string]$task.Command.value
+                Parameters           = [string]$Parameters
+                ScheduledTime        = [string]$task.ScheduledTime
+                Recurrence           = [string]$Recurrence
+                PostExecution        = [string]$PostExecution
+                AdditionalProperties = [string]$AdditionalProperties
+                Hidden               = [bool]$Hidden
+                Results              = 'Planned'
+            }
+
+            # Store the original tenant filter for group expansion during execution
+            if ($originalTenantFilter -is [PSCustomObject] -and $originalTenantFilter.type -eq 'Group') {
+                $entity['TenantGroup'] = [string]($originalTenantFilter | ConvertTo-Json -Compress)
+            } elseif ($originalTenantFilter -is [string] -and $originalTenantFilter.StartsWith('{')) {
+                # Check if it's a serialized group object
+                try {
+                    $parsedOriginal = $originalTenantFilter | ConvertFrom-Json
+                    if ($parsedOriginal.type -eq 'Group') {
+                        $entity['TenantGroup'] = [string]$originalTenantFilter
+                    }
+                } catch {
+                    # Not a JSON object, ignore
+                }
+            }
+            if ($SyncType) {
+                $entity.SyncType = $SyncType
+            }
+            try {
+                Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
+            } catch {
+                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+                return "Could not add task: $ErrorMessage"
+            }
+            return "Successfully added task: $($entity.Name)"
         }
-        return "Successfully added task: $($entity.Name)"
+    } catch {
+        Write-Warning "Failed to add scheduled task: $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        throw "Could not add task: $ErrorMessage"
     }
 }

Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1

@@ -18,13 +18,22 @@ function Get-CIPPAlertAppSecretExpiry {
         return
     }
 
-    $AlertData = foreach ($App in $applist) {
+    $AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
+
+    foreach ($App in $applist) {
         Write-Host "checking $($App.displayName)"
         if ($App.passwordCredentials) {
             foreach ($Credential in $App.passwordCredentials) {
                 if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) {
                     Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime)
-                    @{ DisplayName = $App.displayName; Expires = $Credential.endDateTime }
+
+                    $Message = [PSCustomObject]@{
+                        AppName    = $App.displayName
+                        AppId      = $App.appId
+                        Expires    = $Credential.endDateTime
+                        Tenant     = $TenantFilter
+                    }
+                    $AlertData.Add($Message)
                 }
             }
         }