Yvand/EntraCP

No result in people picker if guest filter is enabled

Closed this issue · 13 comments

staehelir commented

We use SharePoint Foundation 2013 with the newest AzureCP version. We add a second Azure AD to the AzureCP and want to filter out guest accounts. When we enable guest filter, then the people picker can't find any account from the second Azure AD. After disable the guest account filter, then the people picker shows all account from the second Azure AD.

Yvand commented

Can you validate if the configuration of the AAD tenants is the one you expect using the script below:

Add-Type -AssemblyName "AzureCP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=65dc6b5903b51636"
$config = [azurecp.AzureCPConfig]::GetConfiguration("AzureCPConfig")
$config.AzureTenants

Can you confirm if it is AzureCP 17?

NaveenKanukuntla commented

@Yvand : I do have the same issue. I do not seem to get any results if 'filter guest users' is selected when configuring my Azure Connection.

Yvand commented

Ok, I was waiting for @staehelir to send more data but it looks like an actual bug, I will repro it soon and let you know the result

Yvand commented

I tested with 2 tenants, 1 has ExcludeGuests set to true and the other to false:

Add-Type -AssemblyName "AzureCP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=65dc6b5903b51636"
$config = [azurecp.AzureCPConfig]::GetConfiguration("AzureCPConfig")
$config.AzureTenants[0].ExcludeGuests=$true
$config.AzureTenants[1].ExcludeGuests=$false
$config.Update()

It all works as expected: guest accounts of AzureTenants[0] are filtered out and both members and guests are shown in AzureTenants[1].
@NaveenKanukuntla @staehelir am I missing something?

NaveenKanukuntla commented

@Yvand : I think I now understand what is going wrong.

When we add a Tenant, we have a choice to select 'Filter our Guest Users' on the configuration screen

image

So, when I configure like above and perform a search, the below is what I get.

image

image

But, when I configure the connection without selecting the 'Filter out Guest users on this tenant' and use PowerShell to update the filter attribute it works.

Identifier                  : xxxx
Name                        : xxxx
ApplicationId               : xxxx
ApplicationSecret           : xxxx
ExcludeMembers              : False
ExcludeGuests               : True
ClientCertificatePrivateKey : 
AuthenticationMode          : ClientSecret
GraphService                : 
UserFilter                  : 
GroupFilter                 : 
UserSelect                  : 
GroupSelect                 : 
UpgradedPersistedProperties : {}

So, if I do it through UI it does not work, but with PowerShell it does. Now, I do not know if the update made through PowerShell is really working, since I do not have any guest users in my tenant.

Interestingly, that does not reflect on the configuration page, even though it does show in my PowerShell result.
image
image

I will add some guest users and see. But for now, this is what I found out.

Yvand commented

@NaveenKanukuntla thank you for the details, it pointed me directly to the problem, it's really a dump issue: I set property ExcludeMembers instead of ExcludeGuests when the option was set in the new AAD tenant dialog...
It's fixed in 229c14d

NaveenKanukuntla commented

@Yvand : Great. Let me know when the latest version is out and I will test it for you.

  • 👍1
staehelir commented

@Yvand @NaveenKanukuntla thank you. It works over PowerShell!

  • 👍2
Yvand commented

@NaveenKanukuntla I just published the pre-release, here is the link: https://github.com/Yvand/AzureCP/releases/tag/19.0.20201207.1262
Thanks!

vargasfe commented
Yvand commented

@vargasfe this bug is for the guest accounts filter, please open a separate issue for your scenario that is different.
Thanks

Yvand commented

@NaveenKanukuntla were you able to test the release?

NaveenKanukuntla commented

@Yvand : The issue is now resolved with the latest release. Thank you very much.

  • 👍1