fix: pnp spo graph module load error
This commit is contained in:
DrIOS
@@ -20,6 +20,16 @@ function Assert-ModuleAvailability {
|
|||||||
else {
|
else {
|
||||||
Write-Verbose "$ModuleName module is already at required version or newer."
|
Write-Verbose "$ModuleName module is already at required version or newer."
|
||||||
}
|
}
|
||||||
|
if ($ModuleName -eq "Microsoft.Graph") {
|
||||||
|
Write-Verbose "Preloading Microsoft.Graph assembly to prevent type-loading issues..."
|
||||||
|
try {
|
||||||
|
# Run a harmless cmdlet to preload the assembly
|
||||||
|
Get-MgGroup -Top 1 -ErrorAction SilentlyContinue | Out-Null
|
||||||
|
}
|
||||||
|
catch {
|
||||||
|
Write-Verbose "Could not preload Microsoft.Graph assembly. Error: $_"
|
||||||
|
}
|
||||||
|
}
|
||||||
if ($SubModules.Count -gt 0) {
|
if ($SubModules.Count -gt 0) {
|
||||||
foreach ($subModule in $SubModules) {
|
foreach ($subModule in $SubModules) {
|
||||||
Write-Verbose "Importing submodule $ModuleName.$subModule..."
|
Write-Verbose "Importing submodule $ModuleName.$subModule..."
|
||||||
|
|||||||
@@ -38,12 +38,26 @@ function Get-CISMgOutput {
|
|||||||
Write-Verbose "Get-CISMgOutput: Returning data for Rec: $Rec"
|
Write-Verbose "Get-CISMgOutput: Returning data for Rec: $Rec"
|
||||||
switch ($rec) {
|
switch ($rec) {
|
||||||
'1.1.1' {
|
'1.1.1' {
|
||||||
# V4 needs same info
|
if ($script:Version400) {
|
||||||
# 1.1.1 - MicrosoftGraphPlaceholder
|
$DirectoryRoles = Get-MgDirectoryRole
|
||||||
|
# Get privileged role IDs
|
||||||
|
$PrivilegedRoles = $DirectoryRoles | Where-Object {
|
||||||
|
$_.DisplayName -like '*Administrator*' -or $_.DisplayName -eq 'Global Reader'
|
||||||
|
}
|
||||||
|
# Get the members of these various roles
|
||||||
|
$RoleMembers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.Id } |
|
||||||
|
Select-Object Id -Unique
|
||||||
|
$PrivilegedUsers = $RoleMembers | ForEach-Object {
|
||||||
|
Get-MgUser -UserId $_.Id -Property UserPrincipalName, DisplayName, Id, OnPremisesSyncEnabled
|
||||||
|
}
|
||||||
|
return $PrivilegedUsers
|
||||||
|
}
|
||||||
|
else {
|
||||||
# Test-AdministrativeAccountCompliance
|
# Test-AdministrativeAccountCompliance
|
||||||
$AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
|
$AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
|
||||||
return $AdminRoleAssignmentsAndUsers
|
return $AdminRoleAssignmentsAndUsers
|
||||||
}
|
}
|
||||||
|
}
|
||||||
'1.1.4' {
|
'1.1.4' {
|
||||||
# 1.1.4 - MicrosoftGraphPlaceholder
|
# 1.1.4 - MicrosoftGraphPlaceholder
|
||||||
# Placeholder for Test-AdminAccountLicenses
|
# Placeholder for Test-AdminAccountLicenses
|
||||||
|
|||||||
@@ -26,7 +26,11 @@ function Invoke-TestFunction {
|
|||||||
$paramList.ApprovedFederatedDomains = $ApprovedFederatedDomains
|
$paramList.ApprovedFederatedDomains = $ApprovedFederatedDomains
|
||||||
}
|
}
|
||||||
# Version-aware logging
|
# Version-aware logging
|
||||||
Write-Verbose "Running $functionName (Version: $($script:Version400 ? '4.0.0' : '3.0.0'))..."
|
if ($script:Version400) {
|
||||||
|
Write-Verbose "Running $functionName (Version: 4.0.0)..."
|
||||||
|
} else {
|
||||||
|
Write-Verbose "Running $functionName (Version: 3.0.0)..."
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
$result = & $functionName @paramList
|
$result = & $functionName @paramList
|
||||||
# Assuming each function returns an array of CISAuditResult or a single CISAuditResult
|
# Assuming each function returns an array of CISAuditResult or a single CISAuditResult
|
||||||
|
|||||||
51
source/tests/Test-AdministrativeAccountCompliance4.ps1
Normal file
51
source/tests/Test-AdministrativeAccountCompliance4.ps1
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
function Test-AdministrativeAccountCompliance4 {
|
||||||
|
[CmdletBinding()]
|
||||||
|
param ()
|
||||||
|
begin {
|
||||||
|
$RecNum = "1.1.1"
|
||||||
|
Write-Verbose "Starting Test-AdministrativeAccountCompliance4 for Rec: $RecNum"
|
||||||
|
}
|
||||||
|
process {
|
||||||
|
try {
|
||||||
|
# Retrieve privileged users with OnPremisesSyncEnabled
|
||||||
|
Write-Verbose "Retrieving data for privileged users"
|
||||||
|
$PrivilegedUsers = Get-CISMgOutput -Rec $RecNum
|
||||||
|
# Filter for users with OnPremisesSyncEnabled
|
||||||
|
$NonCompliantUsers = $PrivilegedUsers | Where-Object { $_.OnPremisesSyncEnabled -eq $true }
|
||||||
|
if ($NonCompliantUsers.Count -gt 0) {
|
||||||
|
Write-Verbose "Non-compliant users found: $($NonCompliantUsers.Count)"
|
||||||
|
# Generate pipe-delimited failure table as plain text
|
||||||
|
$Header = "DisplayName|UserPrincipalName|OnPremisesSyncEnabled"
|
||||||
|
$FailureRows = $NonCompliantUsers | ForEach-Object {
|
||||||
|
"$($_.DisplayName)|$($_.UserPrincipalName)|$($_.OnPremisesSyncEnabled)"
|
||||||
|
}
|
||||||
|
$Details = "$Header`n$($FailureRows -join "`n")"
|
||||||
|
$Status = "Fail"
|
||||||
|
$FailureReason = "Non-compliant accounts detected: $($NonCompliantUsers.Count)"
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Write-Verbose "All accounts are compliant."
|
||||||
|
$Details = "N/A"
|
||||||
|
$Status = "Pass"
|
||||||
|
$FailureReason = "All administrative accounts are cloud-only."
|
||||||
|
}
|
||||||
|
# Prepare audit result
|
||||||
|
$Params = @{
|
||||||
|
Rec = $RecNum
|
||||||
|
Result = ($NonCompliantUsers.Count -eq 0)
|
||||||
|
Status = $Status
|
||||||
|
Details = $Details
|
||||||
|
FailureReason = $FailureReason
|
||||||
|
}
|
||||||
|
$AuditResult = Initialize-CISAuditResult @Params
|
||||||
|
}
|
||||||
|
catch {
|
||||||
|
Write-Error "Error during compliance check: $_"
|
||||||
|
$AuditResult = Get-TestError -LastError $_ -RecNum $RecNum
|
||||||
|
}
|
||||||
|
}
|
||||||
|
end {
|
||||||
|
# Output result
|
||||||
|
return $AuditResult
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user