Update group creation logic in CA exclusion script

JohnDuprey · JohnDuprey · commit 213562697e56 · 2025-11-19T19:14:47.000-05:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1
@@ -34,13 +34,16 @@ function Invoke-ExecCAExclusion {
             throw "Policy with ID $PolicyId not found in tenant $TenantFilter."
         }
 
-        $SecurityGroups = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/identity/groups?`$select=id,displayName&`$filter=securityEnabled eq true and mailEnabled eq false&`$count=true" -tenantid $TenantFilter
+        $SecurityGroups = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups?`$select=id,displayName&`$filter=securityEnabled eq true and mailEnabled eq false&`$count=true" -tenantid $TenantFilter
         $VacationGroup = $SecurityGroups | Where-Object { $_.displayName -contains "CIPP-Vacation-$($Policy.displayName)" }
 
         if (!$VacationGroup) {
             Write-Information "Creating vacation group: CIPP-Vacation-$($Policy.displayName)"
+            $Guid = [guid]::NewGuid().ToString()
             $GroupObject = @{
+                groupType       = 'generic'
                 displayName     = "CIPP-Vacation-$($Policy.displayName)"
+                username        = "vacation$Guid"
                 securityEnabled = $true
             }
             $NewGroup = New-CIPPGroup -GroupObject $GroupObject -TenantFilter $TenantFilter -APIName 'Invoke-ExecCAExclusion'
