Merge pull request #207 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ListScheduledItemDetails.ps1

@@ -64,7 +64,36 @@ function Invoke-ListScheduledItemDetails {
     $Results = Get-CIPPAzDataTableEntity @ResultsTable -Filter $ResultsFilter
 
     if (!$Results) {
-        $ResultData = ($Task.Results | ConvertFrom-Json -ErrorAction SilentlyContinue) ?? $Task.Results
+        try {
+            # Handle the case when we need to use Task.Results
+            if ($Task.Results) {
+                # Try to safely parse JSON or use the raw value if parsing fails
+                try {
+                    if ($Task.Results -is [string]) {
+                        $ResultString = $Task.Results.ToString().Trim()
+                        if (($ResultString -match '^\[.*\]$') -or ($ResultString -match '^\{.*\}$')) {
+                            $ResultData = $Task.Results | ConvertFrom-Json -ErrorAction Stop
+                        } else {
+                            # Not valid JSON format, use as is
+                            $ResultData = $Task.Results
+                        }
+                    } else {
+                        # Already an object, use as is
+                        $ResultData = $Task.Results
+                    }
+                } catch {
+                    # If JSON parsing fails, use raw value
+                    Write-LogMessage -API $APIName -message "Error parsing Task.Results as JSON: $_" -Sev 'Warning'
+                    $ResultData = $Task.Results
+                }
+            } else {
+                $ResultData = $null
+            }
+        } catch {
+            Write-LogMessage -API $APIName -message "Error processing Task.Results: $_" -Sev 'Error'
+            $ResultData = $null
+        }
+
         $Results = @(
             [PSCustomObject]@{
                 RowKey    = $Task.Tenant
@@ -73,17 +102,43 @@ function Invoke-ListScheduledItemDetails {
             }
         )
     }
+
     # Process the results if they exist
     $ProcessedResults = [System.Collections.Generic.List[object]]::new()
     foreach ($Result in $Results) {
         try {
-            if ($Result.Results) {
-                $ParsedResults = ($Result.Results | ConvertFrom-Json -ErrorAction SilentlyContinue) ?? $Result.Results
-                if (!$ParsedResults -or 'null' -eq $ParsedResults) {
+            if ($null -ne $Result.Results) {
+                # Safe handling based on result type
+                if ($Result.Results -is [array] -or $Result.Results -is [System.Collections.ICollection]) {
+                    # Already a collection, use as is
+                    $ParsedResults = $Result.Results
+                } elseif ($Result.Results -is [string]) {
+                    $ResultString = $Result.Results.ToString().Trim()
+                    # Only try to parse as JSON if it looks like JSON
+                    if (($ResultString -match '^\[.*\]$') -or ($ResultString -match '^\{.*\}$')) {
+                        try {
+                            $ParsedResults = $Result.Results | ConvertFrom-Json -ErrorAction Stop
+                        } catch {
+                            Write-LogMessage -API $APIName -message "Failed to parse result as JSON: $_" -Sev 'Warning'
+                            # On failure, keep as string
+                            $ParsedResults = $Result.Results
+                        }
+                    } else {
+                        # Not valid JSON format
+                        $ParsedResults = $Result.Results
+                    }
+                } else {
+                    # Any other object type
+                    $ParsedResults = $Result.Results
+                }
+
+                # Ensure results is always an array
+                if ($null -eq $ParsedResults -or 'null' -eq $ParsedResults) {
                     $Result.Results = @()
                 } else {
                     $Result.Results = @($ParsedResults)
                 }
+
                 # Store tenant information with the result
                 $TenantId = $Result.RowKey
                 $TenantInfo = Get-Tenants -TenantFilter $TenantId -ErrorAction SilentlyContinue
@@ -95,6 +150,8 @@ function Invoke-ListScheduledItemDetails {
             }
         } catch {
             Write-LogMessage -API $APIName -message "Error processing results for task $RowKey with tenant $($Result.RowKey): $_" -Sev 'Error'
+            # Set Results to an empty array to prevent further errors
+            $Result.Results = @()
         }
         $EndResult = $Result | Select-Object Timestamp, @{n = 'Tenant'; Expression = { $_.RowKey } }, Results
         $ProcessedResults.Add($EndResult)

Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1

@@ -13,14 +13,21 @@ function New-CIPPTemplateRun {
         $data
     } | Sort-Object -Property displayName
 
+    function Get-SanitizedFilename {
+        param (
+            [string]$filename
+        )
+        $filename = $filename -replace '\s', '_' -replace '[^\w\d_]', ''
+        return $filename
+    }
 
     $Tasks = foreach ($key in $TemplateSettings.Keys) {
         if ($TemplateSettings[$key] -eq $true) {
             $key
         }
     }
     if ($TemplateSettings.templateRepo) {
-        Write-Host 'Grabbing data from required community repo'
+        Write-Information 'Grabbing data from community repo'
         try {
             $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value).tree | Where-Object { $_.path -match '.json$' -and $_.path -notmatch 'NativeImport' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } }
             #if there is a migration table file, file the file. Store the file contents in $migrationtable
@@ -30,20 +37,29 @@ function New-CIPPTemplateRun {
             }
             foreach ($File in $Files) {
                 if ($File.name -eq 'MigrationTable' -or $file.name -eq 'ALLOWED COUNTRIES') { continue }
-                $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1
-                $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json
-                if ($ExistingTemplate) {
-                    $UpdateNeeded = $false
-                    if ($ExistingTemplate.sha -ne $File.sha -or !$ExistingTemplate.sha) {
-                        $UpdateNeeded = $true
-                    }
-                    if ($UpdateNeeded) {
-                        Write-Host "Template $($File.name) needs to be updated as the SHA is different"
-                        Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable
-                    }
+                $ExistingTemplate = $ExistingTemplates | Where-Object { (![string]::IsNullOrEmpty($_.displayName) -and (Get-SanitizedFilename -filename $_.displayName) -eq $File.name) -or (![string]::IsNullOrEmpty($_.templateName) -and (Get-SanitizedFilename -filename $_.templateName) -eq $File.name ) } | Select-Object -First 1
+
+                $UpdateNeeded = $false
+                if ($ExistingTemplate -and $ExistingTemplate.SHA -ne $File.sha) {
+                    $Name = $ExistingTemplate.displayName ?? $ExistingTemplate.templateName
+                    Write-Information "Existing template $($Name) found, but SHA is different. Updating template."
+                    $UpdateNeeded = $true
+                    "Template $($Name) needs to be updated as the SHA is different"
                 } else {
-                    Write-Host "Template $($File.name) needs to be created"
+                    Write-Information "Existing template $($File.name) found, but SHA is the same. No update needed."
+                    "Template $($File.name) found, but SHA is the same. No update needed."
+                }
+
+                if (!$ExistingTemplate -or $UpdateNeeded) {
+                    $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json
                     Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable
+                    if ($UpdateNeeded) {
+                        Write-Information "Template $($File.name) needs to be updated as the SHA is different"
+                        "Template $($File.name) updated"
+                    } else {
+                        Write-Information "Template $($File.name) needs to be created"
+                        "Template $($File.name) created"
+                    }
                 }
             }
         } catch {
@@ -53,12 +69,12 @@ function New-CIPPTemplateRun {
         }
     } else {
         foreach ($Task in $Tasks) {
-            Write-Host "Working on task $Task"
+            Write-Information "Working on task $Task"
             switch ($Task) {
                 'ca' {
-                    Write-Host "Template Conditional Access Policies for $TenantFilter"
+                    Write-Information "Template Conditional Access Policies for $TenantFilter"
                     $Policies = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/policies?$top=999' -tenantid $TenantFilter
-                    Write-Host 'Creating templates for found Conditional Access Policies'
+                    Write-Information 'Creating templates for found Conditional Access Policies'
                     foreach ($policy in $policies) {
                         try {
                             $Template = New-CIPPCATemplate -TenantFilter $TenantFilter -JSON $policy
@@ -89,7 +105,7 @@ function New-CIPPTemplateRun {
                     }
                 }
                 'intuneconfig' {
-                    Write-Host "Backup Intune Configuration Policies for $TenantFilter"
+                    Write-Information "Backup Intune Configuration Policies for $TenantFilter"
                     $GraphURLS = @("https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations?`$select=id,displayName,lastModifiedDateTime,roleScopeTagIds,microsoft.graph.unsupportedDeviceConfiguration/originalEntityTypeName&`$expand=assignments&top=1000"
                         'https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles'
                         "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations?`$expand=assignments&top=999"
@@ -146,12 +162,12 @@ function New-CIPPTemplateRun {
                                 }
                             }
                         } catch {
-                            Write-Host "Failed to backup $url"
+                            Write-Information "Failed to backup $url"
                         }
                     }
                 }
                 'intunecompliance' {
-                    Write-Host "Backup Intune Compliance Policies for $TenantFilter"
+                    Write-Information "Backup Intune Compliance Policies for $TenantFilter"
                     New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
                         $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID
                         $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1
@@ -192,7 +208,7 @@ function New-CIPPTemplateRun {
                 }
 
                 'intuneprotection' {
-                    Write-Host "Backup Intune Protection Policies for $TenantFilter"
+                    Write-Information "Backup Intune Protection Policies for $TenantFilter"
                     New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
                         $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID
                         $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1

Modules/CIPPCore/Public/Remove-CIPPGroups.ps1

@@ -11,7 +11,7 @@ function Remove-CIPPGroups {
     if (-not $userid) {
         $userid = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($Username)" -tenantid $Tenantfilter).id
     }
-    $AllGroups = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/?`$select=displayName,mailEnabled,id,groupTypes" -tenantid $tenantFilter)
+    $AllGroups = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/?`$select=displayName,mailEnabled,id,groupTypes,assignedLicenses&`$top=999" -tenantid $tenantFilter)
 
     $Returnval = (New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/GetMemberGroups" -tenantid $tenantFilter -type POST -body '{"securityEnabledOnly": false}').value | ForEach-Object -Parallel {
         Import-Module '.\Modules\AzBobbyTables'
@@ -22,18 +22,23 @@ function Remove-CIPPGroups {
             $Groupname = ($using:AllGroups | Where-Object -Property id -EQ $group).displayName
             $IsMailEnabled = ($using:AllGroups | Where-Object -Property id -EQ $group).mailEnabled
             $IsM365Group = $null -ne ($using:AllGroups | Where-Object { $_.id -eq $group -and $_.groupTypes -contains 'Unified' })
+            $IsLicensed = ($using:AllGroups | Where-Object -Property id -EQ $group).assignedLicenses.Count -gt 0
 
-            if ($IsM365Group) {
-                $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$_/members/$($using:userid)/`$ref" -tenantid $using:tenantFilter -type DELETE -body '' -Verbose
-            } elseif (-not $IsMailEnabled) {
-                $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$_/members/$($using:userid)/`$ref" -tenantid $using:tenantFilter -type DELETE -body '' -Verbose
-            } elseif ($IsMailEnabled) {
-                $Params = @{ Identity = $Groupname; Member = $using:userid ; BypassSecurityGroupManagerCheck = $true }
-                New-ExoRequest -tenantid $using:tenantFilter -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
-            }
+            if ($IsLicensed) {
+                "Could not remove $($using:Username) from $Groupname. This is because the group has licenses assigned to it."
+            } else {
+                if ($IsM365Group) {
+                    $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$_/members/$($using:userid)/`$ref" -tenantid $using:tenantFilter -type DELETE -body '' -Verbose
+                } elseif (-not $IsMailEnabled) {
+                    $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$_/members/$($using:userid)/`$ref" -tenantid $using:tenantFilter -type DELETE -body '' -Verbose
+                } elseif ($IsMailEnabled) {
+                    $Params = @{ Identity = $Groupname; Member = $using:userid ; BypassSecurityGroupManagerCheck = $true }
+                    New-ExoRequest -tenantid $using:tenantFilter -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
+                }
 
-            Write-LogMessage -headers $using:Headers -API $($using:APIName) -message "Removed $($using:Username) from $groupname" -Sev 'Info' -tenant $using:TenantFilter
-            "Successfully removed $($using:Username) from group $Groupname"
+                Write-LogMessage -headers $using:Headers -API $($using:APIName) -message "Removed $($using:Username) from $groupname" -Sev 'Info' -tenant $using:TenantFilter
+                "Successfully removed $($using:Username) from group $Groupname"
+            }
         } catch {
             $ErrorMessage = Get-CippException -Exception $_
             Write-LogMessage -headers $using:Headers -API $($using:APIName) -message "Could not remove $($using:Username) from group $groupname : $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $using:TenantFilter -LogData $ErrorMessage

Modules/CIPPCore/Public/Remove-CIPPLicense.ps1

@@ -35,6 +35,36 @@ function Remove-CIPPLicense {
         try {
             $ConvertTable = Import-Csv ConversionTable.csv
             $User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -tenantid $tenantFilter
+            $GroupMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/memberOf/microsoft.graph.group?`$select=id,displayName,assignedLicenses" -tenantid $tenantFilter
+            $LicenseGroups = $GroupMemberships | Where-Object { ($_.assignedLicenses | Measure-Object).Count -gt 0 }
+
+            if ($LicenseGroups) {
+                # remove user from groups with licenses, these can only be graph groups
+                $RemoveRequests = foreach ($LicenseGroup in $LicenseGroups) {
+                    @{
+                        id     = $LicenseGroup.id
+                        method = 'DELETE'
+                        url    = "groups/$($LicenseGroup.id)/members/$($User.id)/`$ref"
+                    }
+                }
+
+                Write-Information 'Removing user from groups with licenses'
+                $RemoveResults = New-GraphBulkRequest -tenantid $tenantFilter -requests @($RemoveRequests)
+                Write-Information ($RemoveResults | ConvertTo-Json -Depth 5)
+                $RemoveResults | ForEach-Object {
+                    $Group = $GroupMemberships | Where-Object { $_.id -eq $_.id }
+                    $GroupName = $Group | Select-Object -ExpandProperty displayName
+
+                    if ($_.status -eq 204) {
+                        Write-LogMessage -headers $Headers -API $APIName -message "Removed $($User.displayName) from license group $GroupName" -Sev 'Info' -tenant $TenantFilter
+                        "Removed $($User.displayName) from license group $GroupName"
+                    } else {
+                        Write-LogMessage -headers $Headers -API $APIName -message "Failed to remove $($User.displayName) from license group $GroupName. This is likely because its a Dynamic Group or synced with active directory." -Sev 'Error' -tenant $TenantFilter
+                        "Failed to remove $($User.displayName) from license group $GroupName. This is likely because its a Dynamic Group or synced with active directory."
+                    }
+                }
+            }
+
             if (!$username) { $username = $User.userPrincipalName }
             $CurrentLicenses = $User.assignedlicenses.skuid
             $ConvertedLicense = $(($ConvertTable | Where-Object { $_.guid -in $CurrentLicenses }).'Product_Display_Name' | Sort-Object -Unique) -join ', '