Skip to content

Commit

Permalink
Merge pull request #1112 from kris6673/dev
Browse files Browse the repository at this point in the history
Fix MS CNAME DKIM breaking DA and fix default domain duplication for deleted tenants
  • Loading branch information
JohnDuprey authored Sep 17, 2024
2 parents 59255d5 + abeaa39 commit 8e60c31
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -256,13 +256,16 @@ function Push-DomainAnalyserDomain {
continue
}
# Test if there are already MSCNAME values set, skip domain if there is
$CurrentMSCNAMEInfo = ConvertFrom-Json $DomainObject.DomainAnalyser -Depth 10
if (![string]::IsNullOrWhiteSpace($CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors.selector1.Value) -and
![string]::IsNullOrWhiteSpace($CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors.selector2.Value)) {
$Result.MSCNAMEDKIMSelectors = $CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors
continue
if ($null -ne $DomainObject.DomainAnalyser) {
$CurrentMSCNAMEInfo = ConvertFrom-Json $DomainObject.DomainAnalyser -Depth 10
if (![string]::IsNullOrWhiteSpace($CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors.selector1.Value) -and
![string]::IsNullOrWhiteSpace($CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors.selector2.Value)) {
$Result.MSCNAMEDKIMSelectors = $CurrentMSCNAMEInfo.MSCNAMEDKIMSelectors
continue
}
}


# Compute the DKIM CNAME records from $Tenant.InitialDomainName according to this logic: https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure#syntax-for-dkim-cname-records
# Test if it has a - in the domain name
if ($Domain -like '*-*') {
Expand Down Expand Up @@ -298,9 +301,9 @@ function Push-DomainAnalyserDomain {
}
$Result.MSCNAMEDKIMSelectors = $MSCNAMERecords
} catch {
$Message = 'MS DKIM CNAME Error'
Write-LogMessage -API 'DomainAnalyser' -tenant $DomainObject.TenantId -message $Message -LogData (Get-CippException -Exception $_) -sev Error
return $Message
$ErrorMessage = Get-CippException -Exception $_
Write-LogMessage -API 'DomainAnalyser' -tenant $DomainObject.TenantId -message "MS CNAME DKIM error: $($ErrorMessage.NormalizedError)" -LogData $ErrorMessage -sev Error
return $ErrorMessage.NormalizedError
}
}

Expand Down
22 changes: 14 additions & 8 deletions Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ function Get-Tenants {
}

if ($CleanOld) {
$GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime`$top=300" -NoAuthCheck:$true
$GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime&`$top=300" -NoAuthCheck:$true
$GDAPList = foreach ($Relationship in $GDAPRelationships) {
[PSCustomObject]@{
customerId = $Relationship.customer.tenantId
Expand Down Expand Up @@ -86,7 +86,9 @@ function Get-Tenants {

$ActiveRelationships = $GDAPList | Where-Object $IncludedTenantFilter | Where-Object { $_.customerId -notin $SkipListCache.customerId }
$TenantList = $ActiveRelationships | Group-Object -Property customerId | ForEach-Object {
#Write-Host "Processing $($_.Name) to add to tenant list."

# Write-Host (ConvertTo-Json -InputObject $_ -Depth 10)
# Write-Host "Processing $($_.Name), $($_.displayName) to add to tenant list."
$ExistingTenantInfo = Get-CIPPAzDataTableEntity @TenantsTable -Filter "PartitionKey eq 'Tenants' and RowKey eq '$($_.Name)'"
if ($TriggerRefresh.IsPresent -and $ExistingTenantInfo.customerId) {
# Reset error count
Expand All @@ -111,13 +113,17 @@ function Get-Tenants {
} catch {
try {
#doing alternative method to temporarily get domains. Nightly refresh will fix this as it will be marked for renew.
$Domain = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/tenantRelationships/findTenantInformationByTenantId(tenantId='$($LatestRelationship.customerId)')" -NoAuthCheck:$true).defaultDomainName
$defaultDomainName = $Domain
$initialDomainName = $Domain
Write-Host 'Main method failed, trying alternative method.'
Write-Host "Domain variable is $Domain"
$Domain = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/tenantRelationships/findTenantInformationByTenantId(tenantId='$($LatestRelationship.customerId)')" -NoAuthCheck:$true ).defaultDomainName
Write-Host "Alternative method worked, got domain $Domain."
$RequiresRefresh = $true

} catch {
Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -level 'Critical'
$ErrorMessage = Get-CippException -Exception $_
Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -Sev 'Critical' -LogData $ErrorMessage
} finally {
$defaultDomainName = $Domain
$initialDomainName = $Domain
}
}
Write-Host 'finished getting domain'
Expand Down Expand Up @@ -175,7 +181,7 @@ function Get-Tenants {

}
foreach ($Tenant in $TenantList | Where-Object $IncludedTenantFilter) {
if ($Tenant.defaultDomainName -eq 'Invalid' -or !$Tenant.defaultDomainName) {
if ($Tenant.defaultDomainName -eq 'Invalid' -or [string]::IsNullOrWhiteSpace($Tenant.defaultDomainName)) {
Write-LogMessage -API 'Get-Tenants' -message "We're skipping $($Tenant.displayName) as it has an invalid default domain name. Something is up with this instance." -level 'Critical'
continue
}
Expand Down

0 comments on commit 8e60c31

Please sign in to comment.