sync: Auto-sync from ACG-M-L5090 at 2026-01-26 16:45:54

Synced files: - Complete claude-projects import (5 catalog files) - Client directory with 12 clients - Project directory with 12 projects - Credentials updated (100+ sets) - Session logs consolidated - Agent coordination rules updated - Task management integration Major work completed: - Exhaustive cataloging of claude-projects - All session logs analyzed (38 files) - All credentials extracted and organized - Client infrastructure documented - Problem solutions cataloged (70+) Machine: ACG-M-L5090 Timestamp: 2026-01-26 16:45:54 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-26 16:46:06 -07:00
parent b396ea6b1d
commit b79c47acb9
19 changed files with 11817 additions and 184 deletions
--- a/add-rob-to-gdap-groups.ps1
+++ b/add-rob-to-gdap-groups.ps1
@@ -0,0 +1,165 @@
+# Add Rob Williams and Howard to all GDAP Security Groups
+# This fixes CIPP access issues for multiple users
+
+$ErrorActionPreference = "Stop"
+
+# Configuration
+$TenantId = "ce61461e-81a0-4c84-bb4a-7b354a9a356d"
+$ClientId = "fabb3421-8b34-484b-bc17-e46de9703418"
+$ClientSecret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO"
+
+# Users to add to GDAP groups
+$UsersToAdd = @(
+    "rob@azcomputerguru.com",
+    "howard@azcomputerguru.com"
+)
+
+# GDAP Groups (from analysis)
+$GdapGroups = @(
+    @{Name="M365 GDAP Cloud App Security Administrator"; Id="009e46ef-3ffa-48fb-9568-7e8cb7652200"},
+    @{Name="M365 GDAP Application Administrator"; Id="16e99bf8-a0bc-41d3-adf7-ce89310cece5"},
+    @{Name="M365 GDAP Teams Administrator"; Id="35fafd80-498c-4c62-a947-ea230835d9f1"},
+    @{Name="M365 GDAP Security Administrator"; Id="3ca0d8b1-a6fc-4e77-a955-2a7d749d27b4"},
+    @{Name="M365 GDAP Privileged Role Administrator"; Id="49b1b90d-d7bf-4585-8fe2-f2a037f7a374"},
+    @{Name="M365 GDAP Cloud Device Administrator"; Id="8e866fc5-c4bd-4ce7-a273-385857a4f3b4"},
+    @{Name="M365 GDAP Exchange Administrator"; Id="92401e16-c217-4330-9bbd-6a978513452d"},
+    @{Name="M365 GDAP User Administrator"; Id="baf461df-c675-4f9e-a4a3-8f03c6fe533d"},
+    @{Name="M365 GDAP Privileged Authentication Administrator"; Id="c593633a-2957-4069-ae7e-f862a0896b67"},
+    @{Name="M365 GDAP Intune Administrator"; Id="daad8ec5-d044-4d4c-bae7-5df98a637c95"},
+    @{Name="M365 GDAP SharePoint Administrator"; Id="fa55c8c1-34e3-46b7-912e-f4d303081a82"},
+    @{Name="M365 GDAP Authentication Policy Administrator"; Id="fdf38f92-8dd1-470d-8ce8-58f663235789"},
+    @{Name="AdminAgents"; Id="ecc00632-9de6-4932-a62b-de57b72c1414"}
+)
+
+Write-Host "[INFO] Authenticating to Microsoft Graph..." -ForegroundColor Cyan
+
+# Get access token
+$TokenBody = @{
+    client_id     = $ClientId
+    client_secret = $ClientSecret
+    scope         = "https://graph.microsoft.com/.default"
+    grant_type    = "client_credentials"
+}
+
+$TokenResponse = Invoke-RestMethod -Method Post `
+    -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" `
+    -Body $TokenBody
+
+$Headers = @{
+    Authorization = "Bearer $($TokenResponse.access_token)"
+}
+
+Write-Host "[OK] Authenticated successfully" -ForegroundColor Green
+Write-Host ""
+
+# Process each user
+$TotalSuccessCount = 0
+$TotalSkippedCount = 0
+$TotalErrorCount = 0
+
+foreach ($UserUpn in $UsersToAdd) {
+    Write-Host "="*80 -ForegroundColor Cyan
+    Write-Host "PROCESSING USER: $UserUpn" -ForegroundColor Cyan
+    Write-Host "="*80 -ForegroundColor Cyan
+
+    # Get user ID
+    Write-Host "[INFO] Looking up user..." -ForegroundColor Cyan
+    try {
+        $User = Invoke-RestMethod -Method Get `
+            -Uri "https://graph.microsoft.com/v1.0/users/$UserUpn" `
+            -Headers $Headers
+
+        Write-Host "[OK] Found user:" -ForegroundColor Green
+        Write-Host "  Display Name: $($User.displayName)"
+        Write-Host "  UPN: $($User.userPrincipalName)"
+        Write-Host "  ID: $($User.id)"
+        Write-Host ""
+
+        $UserId = $User.id
+    }
+    catch {
+        Write-Host "[ERROR] User not found: $($_.Exception.Message)" -ForegroundColor Red
+        Write-Host ""
+        continue
+    }
+
+    # Add user to each group
+    $SuccessCount = 0
+    $SkippedCount = 0
+    $ErrorCount = 0
+
+    foreach ($Group in $GdapGroups) {
+        Write-Host "[INFO] Adding to: $($Group.Name)" -ForegroundColor Cyan
+
+        # Check if already a member
+        try {
+            $Members = Invoke-RestMethod -Method Get `
+                -Uri "https://graph.microsoft.com/v1.0/groups/$($Group.Id)/members" `
+                -Headers $Headers
+
+            $IsMember = $Members.value | Where-Object { $_.id -eq $UserId }
+
+            if ($IsMember) {
+                Write-Host "[SKIP] Already a member" -ForegroundColor Yellow
+                $SkippedCount++
+                continue
+            }
+        }
+        catch {
+            Write-Host "[WARNING] Could not check membership: $($_.Exception.Message)" -ForegroundColor Yellow
+        }
+
+        # Add to group
+        try {
+            $Body = @{
+                "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$UserId"
+            } | ConvertTo-Json
+
+            Invoke-RestMethod -Method Post `
+                -Uri "https://graph.microsoft.com/v1.0/groups/$($Group.Id)/members/`$ref" `
+                -Headers $Headers `
+                -Body $Body `
+                -ContentType "application/json" | Out-Null
+
+            Write-Host "[SUCCESS] Added to group" -ForegroundColor Green
+            $SuccessCount++
+        }
+        catch {
+            Write-Host "[ERROR] Failed to add: $($_.Exception.Message)" -ForegroundColor Red
+            $ErrorCount++
+        }
+
+        Start-Sleep -Milliseconds 500  # Rate limiting
+    }
+
+    # User summary
+    Write-Host ""
+    Write-Host "Summary for $($User.displayName):" -ForegroundColor Cyan
+    Write-Host "  Successfully added:  $SuccessCount groups" -ForegroundColor Green
+    Write-Host "  Already member of:   $SkippedCount groups" -ForegroundColor Yellow
+    Write-Host "  Errors:              $ErrorCount groups" -ForegroundColor $(if($ErrorCount -gt 0){"Red"}else{"Green"})
+    Write-Host ""
+
+    $TotalSuccessCount += $SuccessCount
+    $TotalSkippedCount += $SkippedCount
+    $TotalErrorCount += $ErrorCount
+}
+
+Write-Host ""
+Write-Host "="*80 -ForegroundColor Cyan
+Write-Host "FINAL SUMMARY" -ForegroundColor Cyan
+Write-Host "="*80 -ForegroundColor Cyan
+Write-Host "Total users processed: $($UsersToAdd.Count)"
+Write-Host "Total additions:       $TotalSuccessCount groups" -ForegroundColor Green
+Write-Host "Total already members: $TotalSkippedCount groups" -ForegroundColor Yellow
+Write-Host "Total errors:          $TotalErrorCount groups" -ForegroundColor $(if($TotalErrorCount -gt 0){"Red"}else{"Green"})
+Write-Host ""
+
+if ($TotalSuccessCount -gt 0 -or $TotalSkippedCount -gt 0) {
+    Write-Host "[OK] Users should now be able to access all client tenants through CIPP!" -ForegroundColor Green
+    Write-Host "[INFO] It may take 5-10 minutes for group membership to fully propagate." -ForegroundColor Cyan
+    Write-Host "[INFO] Ask users to sign out of CIPP and sign back in." -ForegroundColor Cyan
+}
+else {
+    Write-Host "[WARNING] Some operations failed. Review errors above." -ForegroundColor Yellow
+}