Skip to content

feat: Add -UpdateObjectId and -ObjectId params to Import-D365External…#907

Merged
FH-Inway merged 4 commits into
d365collaborative:masterfrom
pavankadabala-png:fix/904-import-d365externaluser-objectid
Jun 28, 2026
Merged

feat: Add -UpdateObjectId and -ObjectId params to Import-D365External…#907
FH-Inway merged 4 commits into
d365collaborative:masterfrom
pavankadabala-png:fix/904-import-d365externaluser-objectid

Conversation

@pavankadabala-png

Copy link
Copy Markdown
Contributor

Closes #904

Problem

When Import-D365ExternalUser imports a user, it calls the internal Import-AadUserIntoD365FO without the -ObjectId parameter. The underlying SQL script (New-D365FOUser) copies the environment admin's OBJECTID into the new user's row when ObjectId is an empty string. This causes the new user to share the admin's Object ID, which breaks sign-in on Tier-1 environments after a Tier-2 database restore.

Solution

  • Add [switch] $UpdateObjectId: when set, queries Microsoft Graph (/v1.0/users?$filter=mail eq '...' or userPrincipalName eq '...') to resolve the user's Azure AD Object ID and pass it to Import-AadUserIntoD365FO. Mirrors the Graph lookup already used in Import-D365AadUser.
  • Add [string] $ObjectId: caller-supplied override; takes precedence over the Graph lookup when both params are provided.
  • Without either parameter, $resolvedObjectId = "" — existing behavior is fully preserved (no breaking change).

Requires an active Connect-AzAccount session when -UpdateObjectId is used.

Usage

# New: resolve ObjectId from Graph automatically
Connect-AzAccount
Import-D365ExternalUser -Id "John" -Name "John Doe" -Email "John@contoso.com" -UpdateObjectId

# New: supply ObjectId directly (no Graph call)
Import-D365ExternalUser -Id "John" -Name "John Doe" -Email "John@contoso.com" -ObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Existing: unchanged behavior
Import-D365ExternalUser -Id "John" -Name "John Doe" -Email "John@contoso.com"

…User

Fixes d365collaborative#904

- Add optional [switch] $UpdateObjectId: when set, queries Microsoft Graph
  (v1.0/users?$filter=mail eq ... or userPrincipalName eq ...) to resolve the
  user's ObjectId and passes it to Import-AadUserIntoD365FO.
- Add optional [string] $ObjectId: caller-supplied override; takes precedence
  over the Graph lookup when both params are provided.
- Without either param, $resolvedObjectId = "" preserving existing behavior.
- Updated CBH with .PARAMETER docs and two new .EXAMPLE entries.

Root cause: Import-D365ExternalUser called Import-AadUserIntoD365FO without
-ObjectId, so the SQL script copied the admin OBJECTID into the new user row,
causing login failures after a Tier-2 DB restore to Tier-1.
@FH-Inway

Copy link
Copy Markdown
Member

Looks good and tests successfully on my end.

Our automated checks are not happy though 😄

One reason is the same as in #905 with the mandatory parameters with default values. While that fix is now in master, this pr does not know about it yet. To get those changes, you can merge or rebase the feature branch with the updated master.

The other reason is explained in Building tools.
Essentially, we have some scripts to update tests and documentation. The checks compare those against the actual functions and fail if they are not in sync. Since this PR adds new parameters, the function is now out of sync with its unit tests and documentation. The easiest way to get them back into sync is to run the d365fo.tools-Generate-Text action in your fork of the repository. Make sure to change the branch to the feature branch before running it. That will create a pull request with the changes generated by the action into your feature branch. Once that is merged, the checks should be successful.

image

pavankadabala-png and others added 3 commits June 23, 2026 19:40
This pull request was automatically created by the d365fo.tools-Generate-Text action'
…ll-request-patch-for-branch-fix/904-import-d365externaluser-objectid

🤖 Fix best practice deviations
@FH-Inway FH-Inway merged commit a5fea0e into d365collaborative:master Jun 28, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Error logging into D365 F&O Tier1 after DB restore from Tier2

2 participants