Merge branch 'KelvinTegelaar:master' into master

daveroyer · Jul 17, 2024 · d7fd071 · d7fd071
2 parents 90eeaf8 + bd57189
commit d7fd071
Show file tree

Hide file tree

Showing 214 changed files with 3,527 additions and 3,528 deletions.
diff --git a/Modules/CIPPCore/CIPPCore.psm1 b/Modules/CIPPCore/CIPPCore.psm1
@@ -4,8 +4,7 @@ $Functions = $Public + $Private
 foreach ($import in @($Functions)) {
     try {
         . $import.FullName
-    }
-    catch {
+    } catch {
         Write-Error -Message "Failed to import function $($import.FullName): $_"
     }
 }

diff --git a/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 b/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1
@@ -41,10 +41,11 @@ function Add-CIPPApplicationPermission {
     $counter = 0
     foreach ($Grant in $Grants) {
         try {
-            $SettingsRequest = New-GraphPOSTRequest -body ($Grant | ConvertTo-Json) -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignedTo" -tenantid $Tenantfilter -type POST -NoAuthCheck $true
+            $SettingsRequest = New-GraphPOSTRequest -body (ConvertTo-Json -InputObject $Grant -Depth 5) -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignedTo" -tenantid $Tenantfilter -type POST -NoAuthCheck $true
             $counter++
         } catch {
-            $Results.add("Failed to grant $($Grant.appRoleId) to $($Grant.resourceId): $($_.Exception.Message)") | Out-Null
+            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+            $Results.add("Failed to grant $($Grant.appRoleId) to $($Grant.resourceId): $ErrorMessage") | Out-Null
         }
     }
     "Added $counter Application permissions to $($ourSVCPrincipal.displayName)"

diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
@@ -134,7 +134,8 @@ function Add-CIPPAzDataTableEntity {
                     }
 
                 } catch {
-                    throw "Error processing entity: $($_.Exception.Message) Linenumner: $($_.InvocationInfo.ScriptLineNumber)"
+                    $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+                    throw "Error processing entity: $ErrorMessage Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
                 }
             } else {
                 Write-Information "THE ERROR IS $($_.Exception.ErrorCode). The size of the entity is $entitySize."

diff --git a/Modules/CIPPCore/Public/Add-CIPPBPAField.ps1 b/Modules/CIPPCore/Public/Add-CIPPBPAField.ps1
@@ -30,12 +30,12 @@ function Add-CIPPBPAField {
             $Result["$fieldName"] = [bool]$FieldValue
         }
         'JSON' {
-            if ($FieldValue -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldValue -Compress) }
+            if ($null -eq $FieldValue) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldValue -Compress) }
             $Result[$fieldName] = [string]$JsonString
         }
         'string' {
             $Result[$fieldName], [string]$FieldValue
         }
     }
     Add-CIPPAzDataTableEntity @Table -Entity $Result -Force
-}
+}
diff --git a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1
@@ -19,19 +19,19 @@ function Add-CIPPScheduledTask {
     $propertiesToCheck = @('Webhook', 'Email', 'PSA')
     $PostExecution = ($propertiesToCheck | Where-Object { $task.PostExecution.$_ -eq $true }) -join ','
     $Parameters = [System.Collections.Hashtable]@{}
-    foreach ($Key in $task.Parameters.Keys) {
+    foreach ($Key in $task.Parameters.PSObject.Properties.Name) {
         $Param = $task.Parameters.$Key
-        if ($Param.Key) {
+        if ($Param -is [System.Collections.IDictionary]) {
             $ht = @{}
-            foreach ($p in $Param) {
-                Write-Host $p.Key
+            foreach ($p in $Param.GetEnumerator()) {
                 $ht[$p.Key] = $p.Value
             }
             $Parameters[$Key] = [PSCustomObject]$ht
         } else {
             $Parameters[$Key] = $Param
         }
     }
+
     $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress)
     $AdditionalProperties = [System.Collections.Hashtable]@{}
     foreach ($Prop in $task.AdditionalProperties) {
@@ -72,7 +72,8 @@ function Add-CIPPScheduledTask {
     try {
         Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
     } catch {
-        return "Could not add task: $($_.Exception.Message)"
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        return "Could not add task: $ErrorMessage"
     }
     return "Successfully added task: $($entity.Name)"
 }
diff --git a/Modules/CIPPCore/Public/AdditionalPermissions.json b/Modules/CIPPCore/Public/AdditionalPermissions.json
@@ -2,14 +2,5 @@
   {
     "resourceAppId": "00000003-0000-0ff1-ce00-000000000000",
     "resourceAccess": [{ "id": "AllProfiles.Manage", "type": "Scope" }]
-  },
-  {
-    "resourceAppId": "fb78d390-0c51-40cd-8e17-fdbfab77341b",
-    "resourceAccess": [
-      { "id": "AdminApi.AccessAsUser.All", "type": "Scope" },
-      { "id": "FfoPowerShell.AccessAsUser.All", "type": "Scope" },
-      { "id": "RemotePowerShell.AccessAsUser.All", "type": "Scope" },
-      { "id": "VivaFeatureAccessPolicy.Manage.All", "type": "Scope" }
-    ]
   }
 ]
diff --git a/Modules/CIPPCore/Public/Assert-CippVersion.ps1 b/Modules/CIPPCore/Public/Assert-CippVersion.ps1
@@ -24,4 +24,4 @@ function Assert-CippVersion {
         OutOfDateCIPP        = ([version]$RemoteCIPPVersion -gt [version]$CIPPVersion)
         OutOfDateCIPPAPI     = ([version]$RemoteAPIVersion -gt [version]$APIVersion)
     }
-}
+}
diff --git a/Modules/CIPPCore/Public/Clear-CippDurables.ps1 b/Modules/CIPPCore/Public/Clear-CippDurables.ps1
@@ -59,4 +59,4 @@ function Clear-CippDurables {
     }
     $null = Get-CippTable -TableName ('{0}History' -f $FunctionName)
     Write-Information 'Durable Orchestrators and Queues have been cleared'
-}
+}
diff --git a/...s/CIPPCore/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-GetTenantDomains.ps1 b/...s/CIPPCore/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-GetTenantDomains.ps1
@@ -2,6 +2,6 @@ function Push-GetTenantDomains {
     Param($Item)
     $DomainTable = Get-CippTable -tablename 'Domains'
     $Filter = "PartitionKey eq 'TenantDomains' and TenantGUID eq '{0}'" -f $Item.TenantGUID
-    $Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property RowKey | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }
+    $Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property PartitionKey, RowKey | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }
     return @($Domains)
-}
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1
@@ -5,9 +5,9 @@ function Push-GetPendingWebhooks {
     #>
     Param($Item)
     $Table = Get-CIPPTable -TableName WebhookIncoming
-    $Webhooks = Get-CIPPAzDataTableEntity @Table -Property RowKey, FunctionName -First 10000
+    $Webhooks = Get-CIPPAzDataTableEntity @Table -Property PartitionKey, RowKey, FunctionName -First 10000
     $WebhookCount = ($Webhooks | Measure-Object).Count
     $Message = 'Processing {0} webhooks' -f $WebhookCount
     Write-LogMessage -API 'Webhooks' -message $Message -sev Info
     return $Webhooks
-}
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1
@@ -51,7 +51,7 @@ function Invoke-ExecDurableFunctions {
             if ($Request.Query.PartitionKey) {
                 $HistoryTable = Get-CippTable -TableName ('{0}History' -f $FunctionName)
                 $Filter = "PartitionKey eq '{0}'" -f $Request.Query.PartitionKey
-                $History = Get-CippAzDataTableEntity @HistoryTable -Filter $Filter -Property RowKey, Timestamp, EventType, Name, IsPlayed, OrchestrationStatus | Select-Object * -ExcludeProperty ETag
+                $History = Get-CippAzDataTableEntity @HistoryTable -Filter $Filter -Property PartitionKey, RowKey, Timestamp, EventType, Name, IsPlayed, OrchestrationStatus | Select-Object * -ExcludeProperty ETag
 
                 $Body = [PSCustomObject]@{
                     Results = @($History)
@@ -173,4 +173,4 @@ function Invoke-ExecDurableFunctions {
             StatusCode = [HttpStatusCode]::OK
             Body       = $Body
         })
-}
+}
diff --git a/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 b/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1
@@ -19,14 +19,14 @@ Function Invoke-ExecSetCIPPAutoBackup {
         }
         Remove-AzDataTableEntity @Table -Entity $task | Out-Null
 
-        $TaskBody = @{
+        $TaskBody = [pscustomobject]@{
             TenantFilter  = 'AllTenants'
             Name          = 'Automated CIPP Backup'
             Command       = @{
                 value = 'New-CIPPBackup'
                 label = 'New-CIPPBackup'
             }
-            Parameters    = @{ backupType = 'CIPP' }
+            Parameters    = [pscustomobject]@{ backupType = 'CIPP' }
             ScheduledTime = $unixtime
             Recurrence    = '1d'
         }

diff --git a/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 b/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1
@@ -57,7 +57,7 @@ Function Invoke-ExecExtensionsConfig {
                     }
                 }
                 if ($Request.Body.$APIKey.PSObject.Properties -notcontains 'APIKey') {
-                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault' -PassThru
+                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
                 } else {
                     $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
                 }

diff --git a/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 b/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1
@@ -9,7 +9,7 @@ Function Invoke-AddScheduledItem {
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
-    if ($Request.query.hidden -eq $null) {
+    if ($null -eq $Request.query.hidden) {
         $hidden = $false
     } else {
         $hidden = $true

diff --git a/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 b/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1
@@ -10,14 +10,17 @@ Function Invoke-RemoveScheduledItem {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
+    $APIName = 'RemoveScheduledItem'
+    $User = $request.headers.'x-ms-client-principal'
+
     $task = @{
         RowKey       = $Request.Query.ID
         PartitionKey = 'ScheduledTask'
     }
     $Table = Get-CIPPTable -TableName 'ScheduledTasks'
     Remove-AzDataTableEntity @Table -Entity $task
 
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Task removed: $($task.Name)" -Sev 'Info'
+    Write-LogMessage -user $User -API $APINAME -message "Task removed: $($task.RowKey)" -Sev 'Info'
 
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1
@@ -21,7 +21,7 @@ Function Invoke-ExecAccessChecks {
     }
 
     if ($Request.Query.Tenants -eq 'true') {
-        $Results = Test-CIPPAccessTenant -TenantCSV $Request.Body.tenantid
+        $Results = Test-CIPPAccessTenant -TenantCSV $Request.Body.tenantid -ExecutingUser $Request.Headers.'x-ms-client-principal'
     }
     if ($Request.Query.GDAP -eq 'true') {
         $Results = Test-CIPPGDAPRelationships

diff --git a/...lic/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 b/...lic/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1
@@ -9,7 +9,6 @@ Function Invoke-AddGroupTemplate {
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
-
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
@@ -36,8 +35,7 @@ Function Invoke-AddGroupTemplate {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Group template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
 
         $body = [pscustomobject]@{'Results' = 'Successfully added template' }
-    }
-    catch {
+    } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Group Template Creation failed: $($_.Exception.Message)" -Sev 'Error'
         $body = [pscustomobject]@{'Results' = "Group Template Creation failed: $($_.Exception.Message)" }
     }

diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1
@@ -20,13 +20,13 @@ Function Invoke-ExecClrImmId {
     Try {
         $TenantFilter = $Request.Query.TenantFilter
         $UserID = $Request.Query.ID
-        $Body = [pscustomobject] @{
-            onPremisesImmutableId = $null
-        } | ConvertTo-Json
-        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
+        $Body = [pscustomobject]@{ onPremisesImmutableId = $null }
+        $Body = ConvertTo-Json -InputObject $Body -Depth 5 -Compress
+        $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
         $Results = [pscustomobject]@{'Results' = 'Successfully Cleared ImmutableId' }
     } catch {
-        $Results = [pscustomobject]@{'Results' = "Failed. $_.Exception.Message"; colour = 'danger' }
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception
+        $Results = [pscustomobject]@{'Results' = "Failed. $ErrorMessage"; colour = 'danger' }
         $_.Exception
     }
 
@@ -35,5 +35,4 @@ Function Invoke-ExecClrImmId {
             StatusCode = [HttpStatusCode]::OK
             Body       = $Results
         })
-
 }
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -11,7 +11,9 @@ Function Invoke-ExecJITAdmin {
     param($Request, $TriggerMetadata)
 
     $APIName = 'ExecJITAdmin'
-    Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $User = $Request.Headers.'x-ms-client-principal'
+
+    Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     if ($Request.Query.Action -eq 'List') {
         $Schema = Get-CIPPSchemaExtensions | Where-Object { $_.id -match '_cippUser' }
@@ -61,14 +63,14 @@ Function Invoke-ExecJITAdmin {
         if ($Request.Body.UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
             $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.UserId)" -tenantid $Request.Body.TenantFilter).userPrincipalName
         }
-        Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message "Executing JIT Admin for $Username" -Sev 'Info'
+        Write-LogMessage -user $User -API $APINAME -message "Executing JIT Admin for $Username" -Sev 'Info'
 
         $Start = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate)).DateTime.ToLocalTime()
         $Expiration = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.EndDate)).DateTime.ToLocalTime()
         $Results = [System.Collections.Generic.List[string]]::new()
 
-        if ($Request.Body.useraction -eq 'create') {
-            Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message "Creating JIT Admin user $($Request.Body.UserPrincipalName)" -Sev 'Info'
+        if ($Request.Body.useraction -eq 'Create') {
+            Write-LogMessage -user $User -API $APINAME -message "Creating JIT Admin user $($Request.Body.UserPrincipalName)" -Sev 'Info'
             Write-Information "Creating JIT Admin user $($Request.Body.UserPrincipalName)"
             $JITAdmin = @{
                 User         = @{
@@ -86,7 +88,7 @@ Function Invoke-ExecJITAdmin {
             if (!$Request.Body.UseTAP) {
                 $Results.Add("Password: $($CreateResult.password)")
             }
-            $Results.Add("JIT Expires: $($Expiration)")
+            $Results.Add("JIT Admin Expires: $($Expiration)")
             Start-Sleep -Seconds 1
         }
 
@@ -101,14 +103,27 @@ Function Invoke-ExecJITAdmin {
                     $TapBody = '{}'
                 }
                 Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
-                $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $Request.Body.TenantFilter -type POST -body $TapBody
+                # Retry creating the TAP up to 5 times, since it can fail due to the user not being fully created yet
+                $Retries = 0
+                do {
+                    try {
+                        $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $Request.Body.TenantFilter -type POST -body $TapBody
+                    } catch {
+                        Start-Sleep -Seconds 2
+                        Write-Information 'ERROR: Failed to create TAP, retrying'
+                        Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
+                    }
+                    $Retries++
+                } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le 5 )
 
                 $TempPass = $TapRequest.temporaryAccessPass
                 $PasswordExpiration = $TapRequest.LifetimeInMinutes
 
                 $PasswordLink = New-PwPushLink -Payload $TempPass
                 if ($PasswordLink) {
                     $Password = $PasswordLink
+                } else {
+                    $Password = $TempPass
                 }
                 $Results.Add("Temporary Access Pass: $Password")
                 $Results.Add("This TAP is usable starting at $($TapRequest.startDateTime) UTC for the next $PasswordExpiration minutes")
@@ -147,21 +162,23 @@ Function Invoke-ExecJITAdmin {
                 }
             }
             Add-CIPPScheduledTask -Task $TaskBody -hidden $false
-            Set-CIPPUserJITAdminProperties -TenantFilter $Request.Body.TenantFilter -UserId $Request.Body.UserId -Expiration $Expiration
+            if ($Request.Body.useraction -ne 'Create') {
+                Set-CIPPUserJITAdminProperties -TenantFilter $Request.Body.TenantFilter -UserId $Request.Body.UserId -Expiration $Expiration
+            }
             $Results.Add("Scheduling JIT Admin enable task for $Username")
         } else {
             $Results.Add("Executing JIT Admin enable task for $Username")
             Set-CIPPUserJITAdmin @Parameters
         }
 
-        $DisableTaskBody = @{
+        $DisableTaskBody = [pscustomobject]@{
             TenantFilter  = $Request.Body.TenantFilter
             Name          = "JIT Admin ($($Request.Body.ExpireAction)): $Username"
             Command       = @{
                 value = 'Set-CIPPUserJITAdmin'
                 label = 'Set-CIPPUserJITAdmin'
             }
-            Parameters    = @{
+            Parameters    = [pscustomobject]@{
                 TenantFilter = $Request.Body.TenantFilter
                 User         = @{
                     'UserPrincipalName' = $Username
@@ -176,7 +193,7 @@ Function Invoke-ExecJITAdmin {
             }
             ScheduledTime = $Request.Body.EndDate
         }
-        Add-CIPPScheduledTask -Task $DisableTaskBody -hidden $false
+        $null = Add-CIPPScheduledTask -Task $DisableTaskBody -hidden $false
         $Results.Add("Scheduling JIT Admin $($Request.Body.ExpireAction) task for $Username")
         $Body = @{
             Results = @($Results)

diff --git a/...blic/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 b/...blic/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1
@@ -23,7 +23,7 @@ Function Invoke-ExecOffboardUser {
                     Command       = @{
                         value = 'Invoke-CIPPOffboardingJob'
                     }
-                    Parameters    = @{
+                    Parameters    = [pscustomobject]@{
                         Username     = $Username
                         APIName      = 'Scheduled Offboarding'
                         options      = $request.body

diff --git a/.../CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/.../CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1
@@ -18,14 +18,14 @@ Function Invoke-ExecCAExclusion {
     }
     if ($Request.body.vacation -eq 'true') {
         $StartDate = $Request.body.StartDate
-        $TaskBody = @{
+        $TaskBody = [pscustomobject]@{
             TenantFilter  = $Request.body.TenantFilter
             Name          = "Add CA Exclusion Vacation Mode: $Username - $($Request.body.TenantFilter)"
             Command       = @{
                 value = 'Set-CIPPCAExclusion'
                 label = 'Set-CIPPCAExclusion'
             }
-            Parameters    = @{
+            Parameters    = [pscustomobject]@{
                 ExclusionType = 'Add'
                 UserID        = $Request.body.UserID
                 PolicyId      = $Request.body.PolicyId

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1
@@ -21,7 +21,7 @@ Function Invoke-ListDomains {
     $TenantFilter = $Request.Query.TenantFilter
 
     try {
-        $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | Select-Object id, isdefault, isinitial | Sort-Object isdefault
+        $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | Select-Object id, isdefault, isinitial | Sort-Object isdefault -Descending
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,4 +24,4 @@ function Assert-CippVersion { @@
             OutOfDateCIPP        = ([version]$RemoteCIPPVersion -gt [version]$CIPPVersion)
             OutOfDateCIPPAPI     = ([version]$RemoteAPIVersion -gt [version]$APIVersion)
         }
-    }
+    }