AADServicePrincipal AppId ID as Key Identifier does not work

Open d4ppius opened this issue 8 months ago • 1 comments

Description of the issue

In AADServicePrincipal DSC Resouce. When I assign the value of AppID to the ID, I always get a False when comparing the CurrentValue with the DesiredValue. This happens because the Display Name is returned as the CurrentValue in the code.

Example with "Apple Internet Accounts" Application. It doesn't matter which app.

Microsoft 365 DSC Version

1.25.402.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

AADServicePrincipal "AADServicePrincipal-Test"
        {
           ApplicationId                             = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint                     = $ConfigurationData.NonNodeData.CertificateThumbprint;
            TenantId                                  = $OrganizationName;
            AccountEnabled                     = $True;
            AppId                              = "f8d98a96-0999-43f5-8af3-69971c7bb423";
            AppRoleAssignmentRequired          = $False;
            DisplayName                        = "Apple Internet Accounts";
            Ensure                             = "Present";
            ReplyURLs                          = @("com.apple.mobilemail://oauth-redirect","com.apple.Preferences://oauth-redirect/","urn:ietf:wg:oauth:2.0:oob","com.apple.preferences.internetaccounts://oauth-redirect/");
            ServicePrincipalNames              = @("f8d98a96-0999-43f5-8af3-69971c7bb423");
            ServicePrincipalType               = "Application";
            Tags                               = @("WindowsAzureActiveDirectoryIntegratedApp");
        }

Verbose logs showing the problem

VERBOSE: [PC-XXX]: LCM:  [ Start  Test     ]  [[AADServicePrincipal]DirectResourceAccess]
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Testing configuration of Azure AD ServicePrincipal
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Getting configuration of Azure AD ServicePrincipal
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] GET https://graph.microsoft.com/v1.0/servicePrincipals/eb6d82a5-ff2c-4bfb-b377-ee7af3280858/delegatedPermissionClassifications with 0-byte payload
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] received 167-byte response of content type application/json
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] GET https://graph.microsoft.com/beta/servicePrincipals/eb6d82a5-ff2c-4bfb-b377-ee7af3280858?$select=customSecurityAttributes with 0-byte payload
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] received 147-byte response of content type application/json
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Get-TargetResource Result: 
 AccessTokens=$null
AccountEnabled=True
AlternativeNames=()
AppId=Apple Internet Accounts
ApplicationId=***
ApplicationSecret=$null
AppRoleAssignedTo=()
AppRoleAssignmentRequired=False
CertificateThumbprint=***
Credential=$null
CustomSecurityAttributes=()
DelegatedPermissionClassifications=()
DisplayName=Apple Internet Accounts
Ensure=Present
ErrorUrl=$null
Homepage=$null
KeyCredentials=()
LogoutUrl=$null
Managedidentity=False
Notes=$null
ObjectID=eb6d82a5-ff2c-4bfb-b377-ee7af3280858
Owners=()
PasswordCredentials=()
PreferredSingleSignOnMode=$null
PublisherName=$null
ReplyURLs=(com.apple.mobilemail://oauth-redirect,com.apple.Preferences://oauth-redirect/,urn:ietf:wg:oauth:2.0:oob,com.apple.preferences.internetaccounts://oauth-redirect/)
SamlMetadataURL=$null
ServicePrincipalNames=(f8d98a96-0999-43f5-8af3-69971c7bb423)
ServicePrincipalType=Application
Tags=(WindowsAzureActiveDirectoryIntegratedApp)
TenantId=***
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] AppId was provided as a GUID, translating into a DisplayName
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Current Values: AccessTokens=$null
AccountEnabled=True
AlternativeNames=()
AppId=Apple Internet Accounts
ApplicationId=***
ApplicationSecret=$null
AppRoleAssignedTo=()
AppRoleAssignmentRequired=False
CertificateThumbprint=***
Credential=$null
CustomSecurityAttributes=()
DelegatedPermissionClassifications=()
DisplayName=Apple Internet Accounts
Ensure=Present
ErrorUrl=$null
Homepage=$null
KeyCredentials=()
LogoutUrl=$null
Managedidentity=False
Notes=$null
ObjectID=eb6d82a5-ff2c-4bfb-b377-ee7af3280858
Owners=()
PasswordCredentials=()
PreferredSingleSignOnMode=$null
PublisherName=$null
ReplyURLs=(com.apple.mobilemail://oauth-redirect,com.apple.Preferences://oauth-redirect/,urn:ietf:wg:oauth:2.0:oob,com.apple.preferences.internetaccounts://oauth-redirect/)
SamlMetadataURL=$null
ServicePrincipalNames=(f8d98a96-0999-43f5-8af3-69971c7bb423)
ServicePrincipalType=Application
Tags=(WindowsAzureActiveDirectoryIntegratedApp)
TenantId=***
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Target Values: AccountEnabled=True
AppId=f8d98a96-0999-43f5-8af3-69971c7bb423
ApplicationId=***
AppRoleAssignmentRequired=False
CertificateThumbprint=***
DisplayName=Apple Internet Accounts
Ensure=Present
ReplyUrls=(com.apple.mobilemail://oauth-redirect,com.apple.Preferences://oauth-redirect/,urn:ietf:wg:oauth:2.0:oob,com.apple.preferences.internetaccounts://oauth-redirect/)
ServicePrincipalNames=(f8d98a96-0999-43f5-8af3-69971c7bb423)
ServicePrincipalType=Application
Tags=(WindowsAzureActiveDirectoryIntegratedApp)
TenantId=***
Verbose=True
VERBOSE: [PC-XXX]:                            [[AADServicePrincipal]DirectResourceAccess] Test-TargetResource returned False
VERBOSE: [PC-XXX]: LCM:  [ End    Test     ]  [[AADServicePrincipal]DirectResourceAccess] False in 2.9750 seconds.
VERBOSE: [PC-XXX]: LCM:  [ End    Set      ]    in  3.1850 seconds.
VERBOSE: Vorgang "CIM-Methode aufrufen" wurde abgeschlossen.

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-Bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE, fr-FR, it-IT}

Key   : PSVersion
Value : 5.1.22621.4391
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.22621.4391
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion

Apr 23 '25 16:04 d4ppius

Error when check the discrepancy

`New-M365DSCDeltaReport –Source C:\M365\M365TenantConfig1.ps1 -Destination C:\M365\M365TenantConfig2.ps1 -OutputPath C:\M365\Report\DiscrepancyReport.html Error parsing configuration: At line:84986 char:9

    AADServicePrincipal "AADServicePrincipal-2"

```
    ~~~~~~~~~~~~~~~~~~~
```

Resource 'AADServicePrincipal' requires that a value of type 'String' be provided for property 'AppId'`

May 28 '25 04:05 Aussupport