Update Remediate-InvalidAADObjectRoleAssignments.ps1 #477
Conversation
Fix prereq checks
| @@ -53,9 +53,9 @@ function Pre_requisites | |||
| This command would check pre requisites modules to perform remediation. | |||
| #> | |||
|
|
|||
| Write-Host "Required modules are: Az.Resources, AzureAD, Az.Accounts" -ForegroundColor Cyan | |||
| Write-Host "Required modules are: Az.Resources, AzureAD (or AzureADPreview), Az.Accounts, Az.ResourceGraph" -ForegroundColor Cyan | |||
There was a problem hiding this comment.
Is Az.ResourceGraph really being used? @MJaithra could you confirm
There was a problem hiding this comment.
Yes, the module Az.ResourceGraph is being used
| # Checking if 'AzureAD' module is available or not. | ||
| if($availableModules.Name -notcontains 'AzureAD') | ||
| # Checking if 'AzureAD' or 'AzureADPreview' module is available or not. | ||
| if(($availableModules.Name -notcontains 'AzureAD') -and ($availableModules.Name -notcontains 'AzureADPreview')) |
There was a problem hiding this comment.
Is any command being used which might be present in AzureAd but not in preview package. @MJaithra could you please check
There was a problem hiding this comment.
Yes, a few commands, such as Get-AzureADTenantDetail and Get-AzureADObjectByObjectId are being used in this script which are available in the AzureAD module but not in the preview package.
To resolve this, we can force the installation of the AzureAD module, which will allow us to install it even if the preview module exists. Additionally, using the -Prefix parameter when importing the module can help prevent confusion between commands that are common to both modules.
There was a problem hiding this comment.
So above code needs to be modified to support the installation of the AzureAD module even if preview is available
There was a problem hiding this comment.
FYI, both the commands you mentioned are present in AzureADPreview
Fixes prereq checks.
Closes #476