Merge pull request #305 from KelvinTegelaar/dev

pull[bot] · web-flow · commit a8d45c2d58e1 · 2025-06-12T18:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecAddTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecAddTenant.ps1
@@ -22,7 +22,10 @@ function Invoke-ExecAddTenant {
         # Check if tenant already exists
         $ExistingTenant = Get-CIPPAzDataTableEntity @TenantsTable -Filter "PartitionKey eq 'Tenants' and RowKey eq '$tenantId'"
 
-        if ($ExistingTenant) {
+        if ($tenantId -eq $env:TenantID) {
+            # If the tenant is the partner tenant, return an error because you cannot add the partner tenant as direct tenant
+            $Results = @{'message' = 'You cannot add the partner tenant as a direct tenant. Please connect the tenant using the "Connect to Partner Tenant" option. '; 'severity' = 'error'; }
+        } elseif ($ExistingTenant) {
             # Update existing tenant
             $ExistingTenant.delegatedPrivilegeStatus = 'directTenant'
             Add-CIPPAzDataTableEntity @TenantsTable -Entity $ExistingTenant -Force | Out-Null
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1
@@ -21,7 +21,7 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
     $TenantsTable = Get-CippTable -tablename 'Tenants'
     $Filter = "PartitionKey eq 'Tenants' and delegatedPrivilegeStatus eq 'directTenant'"
     $ClientType = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter | Where-Object { $_.customerId -eq $tenantid -or $_.defaultDomainName -eq $tenantid }
-    if ($clientType.delegatedPrivilegeStatus -eq 'directTenant') {
+    if ($tenantid -ne $env:TenantID -and $clientType.delegatedPrivilegeStatus -eq 'directTenant') {
         Write-Host "Using direct tenant refresh token for $($clientType.customerId)"
         $ClientRefreshToken = Get-Item -Path "env:\$($clientType.customerId)" -ErrorAction SilentlyContinue
         $refreshToken = $ClientRefreshToken.Value
