bmsimp
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1‎
Lines changed: 6 additions & 71 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1‎
Lines changed: 6 additions & 71 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1‎
Lines changed: 30 additions & 15 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1‎
Lines changed: 30 additions & 15 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1‎
Lines changed: 17 additions & 1 deletion b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1‎
Lines changed: 17 additions & 1 deletion
@@ -19,80 +19,15 @@ function Invoke-AddGroup {
 
     $Results = foreach ($tenant in $SelectedTenants) {
         try {
-            $Email = if ($GroupObject.primDomain.value) { "$($GroupObject.username)@$($GroupObject.primDomain.value)" } else { "$($GroupObject.username)@$($tenant)" }
-            if ($GroupObject.groupType -in 'Generic', 'azurerole', 'dynamic', 'm365') {
+            # Use the centralized New-CIPPGroup function
+            $Result = New-CIPPGroup -GroupObject $GroupObject -TenantFilter $tenant -APIName $APIName -ExecutingUser $Request.Headers.'x-ms-client-principal-name'
 
-                $BodyParams = [pscustomobject] @{
-                    'displayName'      = $GroupObject.displayName
-                    'description'      = $GroupObject.description
-                    'mailNickname'     = $GroupObject.username
-                    mailEnabled        = [bool]$false
-                    securityEnabled    = [bool]$true
-                    isAssignableToRole = [bool]($GroupObject | Where-Object -Property groupType -EQ 'AzureRole')
-                }
-                if ($GroupObject.membershipRules) {
-                    $BodyParams | Add-Member -NotePropertyName 'membershipRule' -NotePropertyValue ($GroupObject.membershipRules)
-                    $BodyParams | Add-Member -NotePropertyName 'membershipRuleProcessingState' -NotePropertyValue 'On'
-                    if ($GroupObject.groupType -eq 'm365') {
-                        $BodyParams | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('Unified', 'DynamicMembership')
-                        $BodyParams.mailEnabled = $true
-                    } else {
-                        $BodyParams | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('DynamicMembership')
-                    }
-                    # Skip adding static members if we're using dynamic membership
-                    $SkipStaticMembers = $true
-                } elseif ($GroupObject.groupType -eq 'm365') {
-                    $BodyParams | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('Unified')
-                    $BodyParams.mailEnabled = $true
-                }
-                if ($GroupObject.owners) {
-                    $BodyParams | Add-Member -NotePropertyName '[email protected]' -NotePropertyValue (($GroupObject.owners) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" })
-                    $BodyParams.'[email protected]' = @($BodyParams.'[email protected]')
-                }
-                if ($GroupObject.members -and -not $SkipStaticMembers) {
-                    $BodyParams | Add-Member -NotePropertyName '[email protected]' -NotePropertyValue (($GroupObject.members) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" })
-                    $BodyParams.'[email protected]' = @($BodyParams.'[email protected]')
-                }
-                $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyParams -Depth 10) -Verbose
+            if ($Result.Success) {
+                "Successfully created group $($GroupObject.displayName) for $($tenant)"
+                $StatusCode = [HttpStatusCode]::OK
             } else {
-                if ($GroupObject.groupType -eq 'dynamicDistribution') {
-                    $ExoParams = @{
-                        Name               = $GroupObject.displayName
-                        RecipientFilter    = $GroupObject.membershipRules
-                        PrimarySmtpAddress = $Email
-                    }
-                    $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $ExoParams
-
-                    if (!$GroupObject.allowExternal) {
-                        $SetParams = @{
-                            RequireSenderAuthenticationEnabled = [bool]!$GroupObject.allowExternal
-                            Name                               = $GroupObject.displayName
-                            PrimarySmtpAddress                 = $Email
-                        }
-                        $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'Set-DynamicDistributionGroup' -cmdParams $SetParams
-                    }
-                } else {
-                    $ExoParams = @{
-                        Name                               = $GroupObject.displayName
-                        Alias                              = $GroupObject.username
-                        Description                        = $GroupObject.description
-                        PrimarySmtpAddress                 = $Email
-                        Type                               = $GroupObject.groupType
-                        RequireSenderAuthenticationEnabled = [bool]!$GroupObject.allowExternal
-                    }
-                    if ($GroupObject.owners) {
-                        $ExoParams.ManagedBy = @($GroupObject.owners.value)
-                    }
-                    if ($GroupObject.members) {
-                        $ExoParams.Members = @($GroupObject.members.value)
-                    }
-                    $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $ExoParams
-                }
+                throw $Result.Message
             }
-
-            "Successfully created group $($GroupObject.displayName) for $($tenant)"
-            Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Created group $($GroupObject.displayName) with id $($GraphRequest.id)" -Sev Info
-            $StatusCode = [HttpStatusCode]::OK
         } catch {
             $ErrorMessage = Get-CippException -Exception $_
             Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Group creation API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
 
@@ -15,26 +15,41 @@ function Invoke-AddGroupTemplate {
 
     $GUID = $Request.Body.GUID ?? (New-Guid).GUID
     try {
-        if (!$Request.Body.displayname) { throw 'You must enter a displayname' }
-        $groupType = switch -wildcard ($Request.Body.groupType) {
-            '*dynamic*' { 'dynamic' }
-            '*azurerole*' { 'azurerole' }
-            '*unified*' { 'm365' }
-            '*Microsoft*' { 'm365' }
-            '*generic*' { 'generic' }
-            '*mail*' { 'mailenabledsecurity' }
-            '*Distribution*' { 'distribution' }
-            '*security*' { 'security' }
+        if (!$Request.Body.displayName) {
+            throw 'You must enter a displayname'
+        }
+
+        # Normalize group type to match New-CIPPGroup expectations (handle both camelCase and lowercase)
+        $groupType = switch -wildcard ($Request.Body.groupType.ToLower()) {
+            '*dynamicdistribution*' { 'dynamicDistribution'; break }  # Check this first before *dynamic* and *distribution*
+            '*dynamic*' { 'dynamic'; break }
+            '*azurerole*' { 'azureRole'; break }
+            '*unified*' { 'm365'; break }
+            '*microsoft*' { 'm365'; break }
+            '*m365*' { 'm365'; break }
+            '*generic*' { 'generic'; break }
+            '*security*' { 'security'; break }
+            '*distribution*' { 'distribution'; break }
+            '*mail*' { 'distribution'; break }
             default { $Request.Body.groupType }
         }
-        if ($Request.body.membershipRules) { $groupType = 'dynamic' }
+
+        # Override to dynamic if membership rules are provided (for backward compatibility)
+        # but only if it's not already a dynamicDistribution group
+        if ($Request.body.membershipRules -and $groupType -notin @('dynamicDistribution')) {
+            $groupType = 'dynamic'
+        }
+        # Normalize field names to handle different casing from various forms
+        $displayName = $Request.Body.displayName ?? $Request.Body.Displayname ?? $Request.Body.displayname
+        $description = $Request.Body.description ?? $Request.Body.Description
+
         $object = [PSCustomObject]@{
-            displayName     = $Request.Body.displayName
-            description     = $Request.Body.description
+            displayName     = $displayName
+            description     = $description
             groupType       = $groupType
             membershipRules = $Request.Body.membershipRules
             allowExternal   = $Request.Body.allowExternal
-            username        = $Request.Body.username
+            username        = $Request.Body.username  # Can contain variables like @%tenantfilter%
             GUID            = $GUID
         } | ConvertTo-Json
         $Table = Get-CippTable -tablename 'templates'
@@ -44,7 +59,7 @@ function Invoke-AddGroupTemplate {
             RowKey       = "$GUID"
             PartitionKey = 'GroupTemplate'
         }
-        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Group template named $($Request.Body.displayname) with GUID $GUID" -Sev 'Debug'
+        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Group template named $displayName with GUID $GUID" -Sev 'Debug'
 
         $body = [pscustomobject]@{'Results' = 'Successfully added template' }
     } catch {
 
@@ -22,10 +22,26 @@ function Invoke-ListGroupTemplates {
     $Filter = "PartitionKey eq 'GroupTemplate'"
     $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
         $data = $_.JSON | ConvertFrom-Json
+
+        # Normalize groupType to camelCase for consistent frontend handling
+        $normalizedGroupType = switch -Wildcard ($data.groupType.ToLower()) {
+            '*dynamicdistribution*' { 'dynamicDistribution'; break }
+            '*dynamic*' { 'dynamic'; break }
+            '*azurerole*' { 'azureRole'; break }
+            '*unified*' { 'm365'; break }
+            '*microsoft*' { 'm365'; break }
+            '*m365*' { 'm365'; break }
+            '*generic*' { 'generic'; break }
+            '*security*' { 'security'; break }
+            '*distribution*' { 'distribution'; break }
+            '*mail*' { 'distribution'; break }
+            default { $data.groupType }
+        }
+
         [PSCustomObject]@{
             displayName     = $data.displayName
             description     = $data.description
-            groupType       = $data.groupType
+            groupType       = $normalizedGroupType
             membershipRules = $data.membershipRules
             allowExternal   = $data.allowExternal
             username        = $data.username