@@ -19,9 +19,11 @@ function Invoke-AddTenant {
1919 # Validate the onmicrosoft.com domain
2020 $Domain = " $ ( $TenantName ) .onmicrosoft.com"
2121 $DomainCheckUri = " https://api.partnercenter.microsoft.com/v1/domains/$Domain "
22+
2223 Write-Information " Checking $Domain "
2324 try {
24- $null = New-GraphPOSTRequest - type HEAD - uri $DomainCheckUri - scope ' https://api.partnercenter.microsoft.com/.default' - NoAuthCheck $true
25+
26+ $null = New-GraphPOSTRequest - type HEAD - uri $DomainCheckUri - scope ' https://api.partnercenter.microsoft.com/.default' - NoAuthCheck $true - AddedHeaders $Headers
2527
2628 $Body = @ {
2729 Success = $false
@@ -34,81 +36,132 @@ function Invoke-AddTenant {
3436 }
3537
3638 }
37- ' AddTenant'
38- # Fetch the organization id for Tier 2 CSPs
39- if ($Request.Body.ResellerType -eq ' Tier2'
40- $OrganizationProfileUri = ' https://api.partnercenter.microsoft.com/v1/profiles/organization'
41- try {
42- $OrgResponse = New-GraphPOSTRequest - type GET - uri $OrganizationProfileUri - scope ' https://api.partnercenter.microsoft.com/.default' - NoAuthCheck $true
43- $Request.Body.AssociatedPartnerId = $OrgResponse.id
44- } catch {
45- $Body = @ {
46- state = ' Error'
47- resultText = " Failed to retrieve organization profile: $ ( $_.Exception.Message ) "
48- }
49- $StatusCode = [HttpStatusCode ]::BadRequest
50- break
39+ ' GetOrganizationProfile'
40+ $OrganizationProfileUri = ' https://api.partnercenter.microsoft.com/v1/profiles/organization'
41+ try {
42+ $OrgResponse = New-GraphGetRequest - uri $OrganizationProfileUri - scope ' https://api.partnercenter.microsoft.com/.default' - NoAuthCheck $true - AddedHeaders $Headers
43+ # remove the first character from the response and then convert from JSON
44+ if (! $OrgResponse.id -and $OrgResponse -notmatch ' ^{'
45+ $OrgResponse = $OrgResponse.Substring (1 ) | ConvertFrom-Json
5146 }
52- }
5347
54- $Payload = @ {
55- enableGDAPByDefault = $false
56- Id = $null
57- CommerceId = $null
58- CompanyProfile = @ {
59- TenantId = $null
60- Domain = ' {0}.onmicrosoft.com' -f $TenantName
61- CompanyName = $Request.Body.CompanyName
62- Attributes = @ { ObjectType = ' CustomerCompanyProfile'
48+ $Body = @ {
49+ Results = $OrgResponse
6350 }
64- BillingProfile = @ {
65- Id = $null
66- FirstName = $Request.Body.FirstName
67- LastName = $Request.Body.LastName
68- Email = $Request.Body.Email
69- Culture = ' EN-US'
70- Language = ' En'
71- CompanyName = $Request.Body.CompanyName
72- DefaultAddress = @ {
73- Country = $Request.Body.Country
74- Region = $null
75- City = $Request.Body.City
76- State = $Request.Body.State
77- AddressLine1 = $Request.Body.AddressLine1
78- AddressLine2 = $Request.Body.AddressLine2
79- PostalCode = $Request.Body.PostalCode
80- FirstName = $Request.Body.FirstName
81- LastName = $Request.Body.LastName
82- PhoneNumber = $Request.Body.PhoneNumber
83- }
84- Attributes = @ { ObjectType = ' CustomerBillingProfile'
51+ } catch {
52+ $Body = @ {
53+ Results = @ (@ {
54+ state = ' error'
55+ resultText = " Failed to retrieve organization profile: $ ( $_.Exception.Message ) "
56+ })
8557 }
86- RelationshipToPartner = ' none'
87- AllowDelegatedAccess = $null
88- UserCredentials = $null
89- CustomDomains = $null
90- Attributes = @ { ObjectType = ' Customer'
58+ $StatusCode = [HttpStatusCode ]::BadRequest
9159 }
60+ }
61+ ' AddTenant'
62+ # Get organization profile from graph.microsoft.com
63+ $Org = New-GraphGetRequest - uri ' https://graph.microsoft.com/beta/organization' - NoAuthCheck $true
9264
93- if ($Request.Body.ResellerType -eq ' Tier2' -and $Request.Body.AssociatedPartnerId ) {
94- $Payload.AssociatedPartnerId = $Request.Body.AssociatedPartnerId
65+ $CanCreateCustomers = $false
66+ $PartnerType = $Org.partnerTenantType
67+ if ($PartnerType -eq ' valueAddedResellerPartnerDelegatedAdmin'
68+ # Tier 2 CSP - Get MPN id from partner center
69+ $PartnerCenterUri = ' https://api.partnercenter.microsoft.com/accountenrollments/v1/accountexternalresourcekeys?accountIds={0}&keyType=mpnId' -f $env: TenantID
70+ $MPNId = New-GraphGetRequest - uri $PartnerCenterUri - scope ' https://api.partnercenter.microsoft.com/.default' - NoAuthCheck $true
71+ $AssociatedPartnerId = $MpnId.items [0 ].keyValue
72+ Write-Host " Tier 2 CSP - Associated Partner ID: $AssociatedPartnerId "
73+ $CanCreateCustomers = $true
74+ } elseif ($PartnerType -eq ' resellerPartnerDelegatedAdmin'
75+ # Tier 1 CSP
76+ $CanCreateCustomers = $true
9577 }
9678
97- $CustomerCreationUri = ' https://api.partnercenter.microsoft.com/v1/customers'
98- try {
99- $Response = New-GraphPOSTRequest - type POST - uri $CustomerCreationUri - scope ' https://api.partnercenter.microsoft.com/.default' - Body ($Payload | ConvertTo-Json - Depth 10 ) - NoAuthCheck $true
100-
79+ if (! $CanCreateCustomers ) {
10180 $Body = @ {
102- state = ' Success'
103- resultText = " Tenant created successfully. 'Username is $ ( $Response.userCredentials.userName ) @{0}.onmicrosoft.com'. Click copy to retrieve the password." -f $TenantName
104- copyField = $Response.userCredentials.password
81+ $Results = @ (@ {
82+ state = ' error'
83+ resultText = ' You do not have permission to create customers. You must be a Tier 1 or Tier 2 CSP.'
84+ })
10585 }
106- } catch {
107- $Body = @ {
108- state = ' Error'
109- resultText = " Failed to create tenant: $ ( $_.Exception.Message ) "
86+ } else {
87+ $Payload = @ {
88+ enableGDAPByDefault = $false
89+ Id = $null
90+ CommerceId = $null
91+ CompanyProfile = @ {
92+ TenantId = $null
93+ Domain = ' {0}.onmicrosoft.com' -f $TenantName
94+ CompanyName = $Request.Body.CompanyName
95+ Attributes = @ { ObjectType = ' CustomerCompanyProfile'
96+ }
97+ BillingProfile = @ {
98+ Id = $null
99+ FirstName = $Request.Body.FirstName
100+ LastName = $Request.Body.LastName
101+ Email = $Request.Body.Email
102+ Culture = ' EN-US'
103+ Language = ' En'
104+ CompanyName = $Request.Body.CompanyName
105+ DefaultAddress = @ {
106+ Country = $Request.Body.Country
107+ Region = $null
108+ City = $Request.Body.City
109+ State = $Request.Body.State
110+ AddressLine1 = $Request.Body.AddressLine1
111+ AddressLine2 = $Request.Body.AddressLine2
112+ PostalCode = $Request.Body.PostalCode
113+ FirstName = $Request.Body.FirstName
114+ LastName = $Request.Body.LastName
115+ PhoneNumber = $Request.Body.PhoneNumber
116+ }
117+ Attributes = @ { ObjectType = ' CustomerBillingProfile'
118+ }
119+ RelationshipToPartner = ' none'
120+ AllowDelegatedAccess = $null
121+ UserCredentials = $null
122+ CustomDomains = $null
123+ Attributes = @ { ObjectType = ' Customer'
124+ }
125+
126+ if ($AssociatedPartnerId ) {
127+ $Payload.AssociatedPartnerId = $AssociatedPartnerId
128+ }
129+
130+ $CustomerCreationUri = ' https://api.partnercenter.microsoft.com/v1/customers'
131+ Write-Warning " Posting to $CustomerCreationUri "
132+ Write-Information ($Payload | ConvertTo-Json - Depth 10 )
133+
134+ try {
135+ # not doing this yet
136+
137+ # $Response = New-GraphPOSTRequest -type POST -uri $CustomerCreationUri -scope 'https://api.partnercenter.microsoft.com/.default' -Body ($Payload | ConvertTo-Json -Depth 10) -NoAuthCheck $true -AddedHeaders $Headers
138+
139+ # Sample response
140+ $Response = @ {
141+ userCredentials = @ {
142+ userName = ' test'
143+ password = ' this_is_not_a_real_password'
144+ }
145+ }
146+ # ###
147+
148+
149+ $Body = @ {
150+ Results = @ (@ {
151+ state = ' success'
152+ resultText = " Tenant created successfully. 'Username is $ ( $Response.userCredentials.userName ) @{0}.onmicrosoft.com'. Click copy to retrieve the password." -f $TenantName
153+ copyField = $Response.userCredentials.password
154+ })
155+ }
156+ } catch {
157+ $Body = @ {
158+ Results = @ (@ {
159+ state = ' error'
160+ resultText = " Failed to create tenant: $ ( $_.Exception.Message ) "
161+ })
162+ }
163+ $StatusCode = [HttpStatusCode ]::BadRequest
110164 }
111- $StatusCode = [HttpStatusCode ]::BadRequest
112165 }
113166 }
114167 ' ValidateAddress'
0 commit comments