fix: pnp spo graph module load error

2024-12-26 10:44:02 -06:00
parent d9b8bf2941
commit d11ebf47a6
4 changed files with 85 additions and 6 deletions
--- a/source/Private/Assert-ModuleAvailability.ps1
+++ b/source/Private/Assert-ModuleAvailability.ps1
@@ -20,6 +20,16 @@ function Assert-ModuleAvailability {
                else {
                    Write-Verbose "$ModuleName module is already at required version or newer."
                }
+                if ($ModuleName -eq "Microsoft.Graph") {
+                    Write-Verbose "Preloading Microsoft.Graph assembly to prevent type-loading issues..."
+                    try {
+                        # Run a harmless cmdlet to preload the assembly
+                        Get-MgGroup -Top 1 -ErrorAction SilentlyContinue | Out-Null
+                    }
+                    catch {
+                        Write-Verbose "Could not preload Microsoft.Graph assembly. Error: $_"
+                    }
+                }
                if ($SubModules.Count -gt 0) {
                    foreach ($subModule in $SubModules) {
                        Write-Verbose "Importing submodule $ModuleName.$subModule..."
--- a/source/Private/Get-CISMgOutput.ps1
+++ b/source/Private/Get-CISMgOutput.ps1
@@ -38,11 +38,25 @@ function Get-CISMgOutput {
            Write-Verbose "Get-CISMgOutput: Returning data for Rec: $Rec"
            switch ($rec) {
                '1.1.1' {
-                    # V4 needs same info
-                    # 1.1.1 - MicrosoftGraphPlaceholder
-                    # Test-AdministrativeAccountCompliance
-                    $AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
-                    return $AdminRoleAssignmentsAndUsers
+                    if ($script:Version400) {
+                        $DirectoryRoles = Get-MgDirectoryRole
+                        # Get privileged role IDs
+                        $PrivilegedRoles = $DirectoryRoles | Where-Object {
+                            $_.DisplayName -like '*Administrator*' -or $_.DisplayName -eq 'Global Reader'
+                        }
+                        # Get the members of these various roles
+                        $RoleMembers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.Id } |
+                        Select-Object Id -Unique
+                        $PrivilegedUsers = $RoleMembers | ForEach-Object {
+                            Get-MgUser -UserId $_.Id -Property UserPrincipalName, DisplayName, Id, OnPremisesSyncEnabled
+                        }
+                        return $PrivilegedUsers
+                    }
+                    else {
+                        # Test-AdministrativeAccountCompliance
+                        $AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
+                        return $AdminRoleAssignmentsAndUsers
+                    }
                }
                '1.1.4' {
                    # 1.1.4 - MicrosoftGraphPlaceholder
--- a/source/Private/Invoke-TestFunction.ps1
+++ b/source/Private/Invoke-TestFunction.ps1
@@ -26,7 +26,11 @@ function Invoke-TestFunction {
        $paramList.ApprovedFederatedDomains = $ApprovedFederatedDomains
    }
        # Version-aware logging
-    Write-Verbose "Running $functionName (Version: $($script:Version400 ? '4.0.0' : '3.0.0'))..."
+        if ($script:Version400) {
+            Write-Verbose "Running $functionName (Version: 4.0.0)..."
+        } else {
+            Write-Verbose "Running $functionName (Version: 3.0.0)..."
+        }
    try {
        $result = & $functionName @paramList
        # Assuming each function returns an array of CISAuditResult or a single CISAuditResult