@@ -190,11 +190,16 @@ function Test-CIPPAuditLogRules {
190190 # Try CippReportingDB first (pre-populated by timer, same pattern as Add-CIPPApplicationPermission)
191191 Write-Information " Checking CippReportingDB for directory data for tenant $TenantFilter "
192192 try {
193- $Users = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Users' )
194- $ServicePrincipals = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' ServicePrincipals' )
193+ $Users = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Users' ) | Select-Object id, displayName, userPrincipalName, accountEnabled
194+ $Groups = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Groups' ) | Select-Object id, displayName, mailEnabled, securityEnabled
195+ $Devices = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Devices' ) | Select-Object id, displayName, deviceId
196+ $ServicePrincipals = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' ServicePrincipals' ) | Select-Object id, appId, displayName, appDisplayName, accountEnabled, servicePrincipalType, tags
197+ Write-Information " Loaded from CippReportingDB: $ ( $Users.Count ) users, $ ( $Groups.Count ) groups, $ ( $Devices.Count ) devices, $ ( $ServicePrincipals.Count ) service principals"
195198 } catch {
196199 Write-Information " CippReportingDB query failed for ${TenantFilter} : $ ( $_.Exception.Message ) "
197200 $Users = @ ()
201+ $Groups = @ ()
202+ $Devices = @ ()
198203 $ServicePrincipals = @ ()
199204 }
200205
@@ -227,18 +232,8 @@ function Test-CIPPAuditLogRules {
227232 $Users = ($Response | Where-Object { $_.id -eq ' users' }).body.value ?? @ ()
228233 $Groups = ($Response | Where-Object { $_.id -eq ' groups' }).body.value ?? @ ()
229234 $Devices = ($Response | Where-Object { $_.id -eq ' devices' }).body.value ?? @ ()
230- $ServicePrincipals = ( $Response | Where-Object { $_.id -eq ' servicePrincipals' }).body.value ?? @ ()
235+ $ServicePrincipals = @ (( $Response | Where-Object { $_.id -eq ' servicePrincipals' }).body.value) | Select-Object id , displayName
231236 $Response = $null
232- } else {
233- try {
234- $Groups = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Groups' )
235- $Devices = @ (New-CIPPDbRequest - TenantFilter $TenantFilter - Type ' Devices' )
236- } catch {
237- Write-Information " CippReportingDB Groups/Devices query failed for ${TenantFilter} : $ ( $_.Exception.Message ) "
238- $Groups = @ ()
239- $Devices = @ ()
240- }
241- Write-Information " Loaded from CippReportingDB: $ ( $Users.Count ) users, $ ( $Groups.Count ) groups, $ ( $Devices.Count ) devices, $ ( $ServicePrincipals.Count ) service principals"
242237 }
243238
244239 # Build hashtables for O(1) GUID lookups
@@ -322,15 +317,28 @@ function Test-CIPPAuditLogRules {
322317 $UserLookup = ($UsersLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue - AsHashtable) ?? @ {}
323318 $GroupLookup = ($GroupsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue - AsHashtable) ?? @ {}
324319 $DeviceLookup = ($DevicesLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue - AsHashtable) ?? @ {}
325- $ServicePrincipalLookup = ($ServicePrincipalsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue - AsHashtable) ?? @ {}
320+ $ServicePrincipalLookup = @ {}
321+ $RawSPLookup = ($ServicePrincipalsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue - AsHashtable) ?? @ {}
322+ foreach ($key in $RawSPLookup.Keys ) {
323+ $sp = $RawSPLookup [$key ]
324+ $ServicePrincipalLookup [$key ] = [ordered ]@ {
325+ id = $sp.id
326+ appId = $sp.appId
327+ displayName = $sp.displayName
328+ appDisplayName = $sp.appDisplayName
329+ accountEnabled = $sp.accountEnabled
330+ servicePrincipalType = $sp.servicePrincipalType
331+ tags = $sp.tags
332+ }
333+ }
326334 Write-Information " Loaded hashtables: $ ( $UserLookup.Count ) users, $ ( $GroupLookup.Count ) groups, $ ( $DeviceLookup.Count ) devices, $ ( $ServicePrincipalLookup.Count ) service principals"
327335 } else {
328336 # Old format (array) - convert to hashtables
329337 Write-Information " Converting legacy array cache to hashtables for tenant $TenantFilter "
330- $Users = ( $UsersLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue) ?? @ ()
331- $Groups = ( $GroupsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue) ?? @ ()
332- $Devices = ( $DevicesLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue) ?? @ ()
333- $ServicePrincipals = ( $ServicePrincipalsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue) ?? @ ()
338+ $Users = @ (( $UsersLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue)) | Select-Object id , displayName , userPrincipalName , accountEnabled
339+ $Groups = @ (( $GroupsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue)) | Select-Object id , displayName , mailEnabled , securityEnabled
340+ $Devices = @ (( $DevicesLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue)) | Select-Object id , displayName , deviceId
341+ $ServicePrincipals = @ (( $ServicePrincipalsLookup.Data | ConvertFrom-Json - ErrorAction SilentlyContinue)) | Select-Object id , appId , displayName , appDisplayName , accountEnabled , servicePrincipalType , tags
334342
335343 # Build hashtables
336344 $UserLookup = @ {}
0 commit comments