From 8f44424962322ecf9ff3d8658f440ebad388c89d Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:27:01 -0500
Subject: [PATCH] fix: Error handling in 1.1.1 test

---
 .../Test-AdministrativeAccountCompliance.ps1  | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/source/tests/Test-AdministrativeAccountCompliance.ps1 b/source/tests/Test-AdministrativeAccountCompliance.ps1
index 597936a..3273774 100644
--- a/source/tests/Test-AdministrativeAccountCompliance.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance.ps1
@@ -8,23 +8,29 @@ function Test-AdministrativeAccountCompliance {
         $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     }
     process {
-
         $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
         $adminRoleUsers = @()
+
         foreach ($role in $adminRoles) {
             $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
             foreach ($assignment in $roleAssignments) {
-                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled"
-                $licenses = (Get-MgUserLicenseDetail -UserId $assignment.PrincipalId).SkuPartNumber -join '|'
-                $adminRoleUsers += [PSCustomObject]@{
-                    UserName   = $userDetails.UserPrincipalName
-                    RoleName   = $role.DisplayName
-                    UserId     = $userDetails.Id
-                    HybridUser = $userDetails.OnPremisesSyncEnabled
-                    Licenses   = $licenses
+                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+                if ($userDetails) {
+                    $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
+                    $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
+
+                    $adminRoleUsers += [PSCustomObject]@{
+                        UserName   = $userDetails.UserPrincipalName
+                        RoleName   = $role.DisplayName
+                        UserId     = $userDetails.Id
+                        HybridUser = $userDetails.OnPremisesSyncEnabled
+                        Licenses   = $licenseString
+                    }
                 }
             }
         }
+
         $uniqueAdminRoleUsers = $adminRoleUsers | Group-Object -Property UserName | ForEach-Object {
             $first = $_.Group | Select-Object -First 1
             $roles = ($_.Group.RoleName -join ', ')
@@ -32,10 +38,12 @@ function Test-AdministrativeAccountCompliance {
 
             $first | Select-Object UserName, UserId, HybridUser, @{Name = 'Roles'; Expression = { $roles } }, @{Name = 'Licenses'; Expression = { $licenses -join '|' } }
         }
+
         $nonCompliantUsers = $uniqueAdminRoleUsers | Where-Object {
             $_.HybridUser -or
             -not ($_.Licenses -split '\|' | Where-Object { $validLicenses -contains $_ })
         }
+
         $failureReasons = $nonCompliantUsers | ForEach-Object {
             $accountType = if ($_.HybridUser) { "Hybrid" } else { "Cloud-Only" }
             $missingLicenses = $validLicenses | Where-Object { $_ -notin ($_.Licenses -split '\|') }
@@ -64,4 +72,4 @@ function Test-AdministrativeAccountCompliance {
         # Output the result
         return $auditResult
     }
-}
\ No newline at end of file
+}