fix: edit group add and remove owner in same request

JohnDuprey · JohnDuprey · commit e7bc5be4e83d · 2025-03-25T12:31:02.000-04:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1
@@ -167,29 +167,7 @@ function Invoke-EditGroup {
     $AddOwners = $userobj.AddOwner
     try {
         if ($AddOwners) {
-            if ($GroupType -eq 'Distribution List' -or $GroupType -eq 'Mail-Enabled Security') {
-                $CurrentOwners = New-ExoRequest -tenantid $TenantId -cmdlet 'Get-DistributionGroup' -cmdParams @{ Identity = $userobj.groupid } -UseSystemMailbox $true | Select-Object -ExpandProperty ManagedBy
-                $NewManagedBy = [System.Collections.Generic.List[string]]::new()
-                foreach ($CurrentOwner in $CurrentOwners) {
-                    $NewManagedBy.Add($CurrentOwner)
-                }
-                foreach ($NewOwner in $AddOwners) {
-                    $NewManagedBy.Add($NewOwner.addedFields.id)
-                }
-
-                $NewManagedBy = $NewManagedBy | Sort-Object -Unique
-                $params = @{ Identity = $userobj.groupid; ManagedBy = $NewManagedBy }
-                $ExoBulkRequests.Add(@{
-                        CmdletInput = @{
-                            CmdletName = 'Set-DistributionGroup'
-                            Parameters = $params
-                        }
-                    })
-                $ExoLogs.Add(@{
-                        message = "Added owner(s) $($AddOwners.value -join ', ') to $($GroupName) group"
-                        target  = $userobj.groupid
-                    })
-            } else {
+            if ($GroupType -notin @('Distribution List', 'Mail-Enabled Security')) {
                 $AddOwners | ForEach-Object {
                     $Owner = $_.value
                     $ID = $_.addedFields.id
@@ -219,22 +197,7 @@ function Invoke-EditGroup {
     $RemoveOwners = $userobj.RemoveOwner
     try {
         if ($RemoveOwners) {
-            if ($GroupType -eq 'Distribution List' -or $GroupType -eq 'Mail-Enabled Security') {
-                # get current owners
-                $CurrentOwners = New-ExoRequest -tenantid $TenantId -cmdlet 'Get-DistributionGroup' -cmdParams @{ Identity = $userobj.groupid } -UseSystemMailbox $true | Select-Object -ExpandProperty ManagedBy
-                $NewManagedBy = $CurrentOwners | Where-Object { $_ -notin $RemoveOwners.addedFields.id }
-                $params = @{ Identity = $userobj.groupid; ManagedBy = $NewManagedBy }
-                $ExoBulkRequests.Add(@{
-                        CmdletInput = @{
-                            CmdletName = 'Set-DistributionGroup'
-                            Parameters = $params
-                        }
-                    })
-                $ExoLogs.Add(@{
-                        message = "Removed owner(s) $($RemoveOwners.value -join ', ') from $($GroupName) group"
-                        target  = $userobj.groupid
-                    })
-            } else {
+            if ($GroupType -notin @('Distribution List', 'Mail-Enabled Security')) {
                 $RemoveOwners | ForEach-Object {
                     $ID = $_.addedFields.id
                     $BulkRequests.Add(@{
@@ -253,6 +216,41 @@ function Invoke-EditGroup {
         Write-Warning "Error in RemoveOwners: $($_.Exception.Message)"
     }
 
+    if ($GroupType -in @( 'Distribution List', 'Mail-Enabled Security') -and ($AddOwners -or $RemoveOwners)) {
+        $CurrentOwners = New-ExoRequest -tenantid $TenantId -cmdlet 'Get-DistributionGroup' -cmdParams @{ Identity = $userobj.groupid } -UseSystemMailbox $true | Select-Object -ExpandProperty ManagedBy
+
+        $NewManagedBy = [system.collections.generic.list[string]]::new()
+        foreach ($CurrentOwner in $CurrentOwners) {
+            if ($RemoveOwners -and $RemoveOwners.addedFields.id -contains $CurrentOwner) {
+                $OwnerToRemove = $RemoveOwners | Where-Object { $_.addedFields.id -eq $CurrentOwner }
+                $ExoLogs.Add(@{
+                        message = "Removed owner $($OwnerToRemove.label) from $($GroupName) group"
+                        target  = $userobj.groupid
+                    })
+                continue
+            }
+            $NewManagedBy.Add($CurrentOwner)
+        }
+        if ($AddOwners) {
+            foreach ($NewOwner in $AddOwners) {
+                $NewManagedBy.Add($NewOwner.addedFields.id)
+                $ExoLogs.Add(@{
+                        message = "Added owner $($NewOwner.label) to $($GroupName) group"
+                        target  = $userobj.groupid
+                    })
+            }
+        }
+
+        $NewManagedBy = $NewManagedBy | Sort-Object -Unique
+        $params = @{ Identity = $userobj.groupid; ManagedBy = $NewManagedBy }
+        $ExoBulkRequests.Add(@{
+                CmdletInput = @{
+                    CmdletName = 'Set-DistributionGroup'
+                    Parameters = $params
+                }
+            })
+    }
+
     Write-Information "Graph Bulk Requests: $($BulkRequests.Count)"
     if ($BulkRequests.Count -gt 0) {
         #Write-Warning 'EditUser - Executing Graph Bulk Requests'
