Microsoft365DSC icon indicating copy to clipboard operation
Microsoft365DSC copied to clipboard
verified publisher icon microsoft

AADGroup: Group owners are removed (while they shouldn't if the owners property is not present in the dsc config)

Open bartvermeersch opened this issue 1 year ago • 0 comments

Description of the issue

When specifying an AADGroup resource without specifying members and owners, existing members are retained but owners are removed for groups that already exist.

For members a check is done on the $PSBoundParameters if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('Members'))

https://github.com/microsoft/Microsoft365DSC/blob/bc58574482aa7f5ebcd74a8850d21bb1f04fa291/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1#L665-L670

For owners this check is missing on line 620: https://github.com/microsoft/Microsoft365DSC/blob/bc58574482aa7f5ebcd74a8850d21bb1f04fa291/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1#L620-L623

I would expect if ($PSBoundParameters.ContainsKey('Owners')) just below line 621

Microsoft 365 DSC Version

1.24.228.1

Which workloads are affected

Azure Active Directory

The DSC configuration

AADGroup "AADGroup_TEST"
        {
            DisplayName        = "TESTGROUP"
            Description        = "TESTGROUP"
            MailNickName       = "TESTGROUP"
            MailEnabled        = $false
            SecurityEnabled    = $true
            TenantId           = $TenantId
            ApplicationId      = $ApplicationId
            CertificateThumbprint = $Thumbprint
            Ensure             = "Present"
        }

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response

bartvermeersch avatar Feb 29 '24 12:02 bartvermeersch