Skip to content

Commit 5d4d0c4

Browse files
KelvinTegelaarKelvinTegelaar
committed
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
2 parents 161ff44 + 52b81aa commit 5d4d0c4

File tree

2 files changed

+37
-10
lines changed

2 files changed

+37
-10
lines changed

Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -87,13 +87,21 @@ function New-GraphGetRequest {
8787
$RequestSuccessful = $true
8888

8989
if ($ReturnRawResponse) {
90-
if (Test-Json -Json $Data.Content) {
91-
$Content = $Data.Content | ConvertFrom-Json
92-
} else {
90+
try {
91+
if ($Data.Content -and (Test-Json -Json $Data.Content -ErrorAction Stop)) {
92+
$Content = $Data.Content | ConvertFrom-Json
93+
} else {
94+
$Content = $Data.Content
95+
}
96+
} catch {
9397
$Content = $Data.Content
9498
}
9599

96-
$Data | Select-Object -Property StatusCode, StatusDescription, @{Name = 'Content'; Expression = { $Content } }
100+
[PSCustomObject]@{
101+
StatusCode = $Data.StatusCode
102+
StatusDescription = $Data.StatusDescription
103+
Content = $Content
104+
}
97105
$nextURL = $null
98106
} elseif ($CountOnly) {
99107
$Data.'@odata.count'

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,10 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
5151

5252
$CurrentInfo = $Domains | ForEach-Object {
5353
# Get current DNS records that matches _dmarc hostname and TXT type
54-
$CurrentRecords = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri "https://admin.microsoft.com/admin/api/Domains/Records?domainName=$($_.Name)" | Select-Object -ExpandProperty DnsRecords | Where-Object { $_.HostName -eq $RecordModel.HostName -and $_.Type -eq $RecordModel.Type }
54+
$RecordsResponse = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri "https://admin.microsoft.com/admin/api/Domains/Records?domainName=$($_.Name)" -extraHeaders @{'User-Agent' = 'CIPP/1.0' }
55+
$AllRecords = $RecordsResponse | Select-Object -ExpandProperty DnsRecords
56+
$CurrentRecords = $AllRecords | Where-Object { $_.HostName -eq '_dmarc' -and $_.Type -eq 'TXT' }
57+
Write-Information "Found $($CurrentRecords.count) DMARC records for domain $($_.Name)"
5558

5659
if ($CurrentRecords.count -eq 0) {
5760
#record not found, return a model with Match set to false
@@ -87,8 +90,8 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
8790
}
8891
}
8992
}
90-
# Check if match is true and there is only one DMARC record for the domain
91-
$StateIsCorrect = $false -notin $CurrentInfo.Match -and $CurrentInfo.Count -eq 1
93+
# Check if match is true and there is only one DMARC record for each domain
94+
$StateIsCorrect = $false -notin $CurrentInfo.Match -and $CurrentInfo.Count -eq $Domains.Count
9295
} catch {
9396
$ErrorMessage = Get-CippException -Exception $_
9497
if ($_.Exception.Message -like '*403*') {
@@ -107,13 +110,29 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
107110
# Loop through each domain and set the DMARC record, existing misconfigured records and duplicates will be deleted
108111
foreach ($Domain in ($CurrentInfo | Sort-Object -Property DomainName -Unique)) {
109112
try {
110-
foreach ($Record in ($CurrentInfo | Where-Object -Property DomainName -EQ $Domain.DomainName)) {
113+
$DomainRecords = @($CurrentInfo | Where-Object -Property DomainName -EQ $Domain.DomainName)
114+
$HasMatchingRecord = $false
115+
116+
# First, delete any non-matching records
117+
foreach ($Record in $DomainRecords) {
111118
if ($Record.CurrentRecord) {
112-
New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body ($Record.CurrentRecord | ConvertTo-Json -Compress) -AddedHeaders @{'x-http-method-override' = 'Delete' }
113-
Write-LogMessage -API 'Standards' -tenant $tenant -message "Deleted incorrect DMARC record for domain $($Domain.DomainName)" -sev Info
119+
if ($Record.Match -eq $false) {
120+
# Delete incorrect record
121+
New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body ($Record.CurrentRecord | ConvertTo-Json -Compress) -AddedHeaders @{'x-http-method-override' = 'Delete' }
122+
Write-LogMessage -API 'Standards' -tenant $tenant -message "Deleted incorrect DMARC record for domain $($Domain.DomainName)" -sev Info
123+
} else {
124+
# Record already matches, no need to add
125+
$HasMatchingRecord = $true
126+
}
114127
}
128+
}
129+
130+
# Only add the record if we don't already have a matching one
131+
if (-not $HasMatchingRecord) {
115132
New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -type 'PUT' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body (@{RecordModel = $RecordModel } | ConvertTo-Json -Compress)
116133
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set DMARC record for domain $($Domain.DomainName)" -sev Info
134+
} else {
135+
Write-LogMessage -API 'Standards' -tenant $tenant -message "DMARC record already correctly set for domain $($Domain.DomainName)" -sev Info
117136
}
118137
} catch {
119138
$ErrorMessage = Get-CippException -Exception $_

0 commit comments

Comments
 (0)