update for groups

cisagov · Dec 16, 2024 · 62dafde · 62dafde
1 parent e7be3f4
commit 62dafde
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1
@@ -448,6 +448,22 @@ function LoadObjectDataIntoPrivilegedUserHashtable {
                     $PrivilegedUsers[$GroupMember.Id].roles += $RoleName
                 }
             }
+            elseif ($Objecttype -eq "serviceprincipal") {
+
+                # In this section we need to add the service principal information to the "service principal" hashtable
+                if (-Not $PrivilegedUsers.ContainsKey($ObjectId)) {
+                    $AADServicePrincipal = Get-MgBetaServicePrincipal -ServicePrincipalId $ObjectId -ErrorAction Stop
+                    $PrivilegedUsers[$ObjectId] = @{
+                        "DisplayName" = $AADServicePrincipal.DisplayName
+                        "ServicePrincipalId" = $AADServicePrincipal.Id
+                        "AppId" = $AADServicePrincipal.AppId
+                        "roles" = @()
+                    }
+                }
+                if ($PrivilegedUsers[$ObjectId].roles -notcontains $RoleName) {
+                    $PrivilegedUsers[$ObjectId].roles += $RoleName
+                }
+            }
         }
 
         # Since this is a group, we need to also process assignments in PIM in case it is in PIM for Groups