feat: Add -UpdateObjectId and -ObjectId params to Import-D365External…#907
Conversation
…User Fixes d365collaborative#904 - Add optional [switch] $UpdateObjectId: when set, queries Microsoft Graph (v1.0/users?$filter=mail eq ... or userPrincipalName eq ...) to resolve the user's ObjectId and passes it to Import-AadUserIntoD365FO. - Add optional [string] $ObjectId: caller-supplied override; takes precedence over the Graph lookup when both params are provided. - Without either param, $resolvedObjectId = "" preserving existing behavior. - Updated CBH with .PARAMETER docs and two new .EXAMPLE entries. Root cause: Import-D365ExternalUser called Import-AadUserIntoD365FO without -ObjectId, so the SQL script copied the admin OBJECTID into the new user row, causing login failures after a Tier-2 DB restore to Tier-1.
|
Looks good and tests successfully on my end. Our automated checks are not happy though 😄 One reason is the same as in #905 with the mandatory parameters with default values. While that fix is now in master, this pr does not know about it yet. To get those changes, you can merge or rebase the feature branch with the updated master. The other reason is explained in Building tools.
|
This pull request was automatically created by the d365fo.tools-Generate-Text action'
…ll-request-patch-for-branch-fix/904-import-d365externaluser-objectid 🤖 Fix best practice deviations

Closes #904
Problem
When
Import-D365ExternalUserimports a user, it calls the internalImport-AadUserIntoD365FOwithout the-ObjectIdparameter. The underlying SQL script (New-D365FOUser) copies the environment admin'sOBJECTIDinto the new user's row whenObjectIdis an empty string. This causes the new user to share the admin's Object ID, which breaks sign-in on Tier-1 environments after a Tier-2 database restore.Solution
[switch] $UpdateObjectId: when set, queries Microsoft Graph (/v1.0/users?$filter=mail eq '...' or userPrincipalName eq '...') to resolve the user's Azure AD Object ID and pass it toImport-AadUserIntoD365FO. Mirrors the Graph lookup already used inImport-D365AadUser.[string] $ObjectId: caller-supplied override; takes precedence over the Graph lookup when both params are provided.$resolvedObjectId = ""— existing behavior is fully preserved (no breaking change).Requires an active
Connect-AzAccountsession when-UpdateObjectIdis used.Usage