Power Platform Community Forum Thread Details

I have taken over a flow someone else setup to restore deleted Teams. This flow was working without issue before DLP was implemented. On turning DELP back off I am now getting errors:.

The flow itself reads from a Microsoft Form where the user enters the GUID/ID of the deleted Team,

On submit the flow runs.

I can confirm all the data in the flow is being collected as expected.

After setting a runbook to perform action then checking the runbook result (get jobID) I get a return failure as below:

"Comments"="User BusinessUnitCode ($RequesterBusinessUnitCode) does not match the Team BusinessUnitCode ($TeamBusinessUnitCode)"}

Comments"="User BusinessUnitCode 1234 does not match the Team BusinessUnitCode 0000" (and it is always returning 0000 here)

I can't figure out why I am only getting 0000 back as the BusinessUnitCode

I can see in my flow I am sending the variables required : BusinessUnitCode and TeamID

Subscription and accounts removed in the below

This is the code in the Runbook.


    Param(
        [Parameter(Mandatory = $true)]
        [string] $RequesterBusinessUnitCode,
        [Parameter(Mandatory = $true)]
        [string] $TeamID

    )
	#convert BusinessUnitcode to a 4 digit string
	$BusinessUnitCode = "{0:0000}" -f [int]$BusinessUnitCode

    $VaultName = Get-AutomationVariable -name VaultName 
    $SecretName = Get-AutomationVariable -name sGroupRWAll
    $ClientID_MSG = Get-AutomationVariable -name vGroupRWAll
    $loginURL_MSG = Get-AutomationVariable -name loginURL_MSG
    $resource_MSG = Get-AutomationVariable -name resource_MSG

    try
    {
        $AzureContext = (Connect-AzAccount -Identity).context
    }
    catch 
    {
        exit
    }
    # Get secrets from Key Vaults
    $ClientSecret_MSG = Get-AzKeyVaultSecret -VaultName $VaultName -Name $SecretName -AsPlainText

    # Get an access token
    #Credential and authorization strings will be used based on the values above
    $Cred_MSG = @{grant_type="client_credentials";resource=$resource_MSG;client_id=$ClientID_MSG;client_secret=$ClientSecret_msg}
    $oauth_MSG = Invoke-RestMethod -Method Post -Uri $loginURL_MSG/oauth2/token -Body $Cred_MSG
    $headerParams_MSG = @{
        'Authorization'="$($oauth_MSG.token_type) $($oauth_MSG.access_token)"
        'ConsistencyLevel' = 'eventual'
    }
    #first, locate the deleted team and get the deleted team's BusinessUnitcode
    $LocateTeamURI = "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.group/$TeamID"
    try {
        $DeletedGroup = Invoke-RestMethod -uri $LocateTeamURI -Method get -headers $headerParams_MSG
        #compare the deleted team's BusinessUnitcode to the requesters BusinessUnitcode $RequesterBusinessUnitCode
        $RequesterBusinessUnitCode = "{0:0000}" -f [int]$RequesterBusinessUnitCode
        $TeamBusinessUnitCode = "{0:0000}" -f [int]$($deletedgroup.extension_*removedforsecurity*_SyncSource_BusinessUnitId)
        $TeamName = $DeletedGroup.displayname

        if ($TeamBusinessUnitCode -ne $RequesterBusinessUnitCode) {
            #if they are not the same, send a failure block back to power automate
            $output = @{"Completed"="Failure"; "TeamID"="$TeamID"; "TeamName"="$TeamName"; "Comments"="User BusinessUnitCode ($RequesterBusinessUnitCode) does not match the Team BusinessUnitCode ($TeamBusinessUnitCode)"}
            Write-Output ($output | ConvertTo-Json)
        } else {
            #if they are the same, restore the team 
            $RestoreTeamURI = "https://graph.microsoft.com/v1.0/directory/deletedItems/$TeamID/restore"
            try {
                $restored = Invoke-RestMethod -uri $RestoreTeamURI -Method post -headers $headerParams_MSG -contenttype application/json
                $success = $true
            } catch {
                #unable to restore the team. send a failure block back to power automate
                $output = @{"Completed"="Failure"; "TeamID"="$TeamID"; "TeamName"="$TeamName"; "Comments"="Error occured when trying to restore the Team."}
                Write-Output ($output | ConvertTo-Json)
            }
            if ($success) {
                #send a success block to power automate
                $output = @{"Completed"="Success"; "TeamID"="$TeamID"; "TeamName"="$TeamName"; "Comments"="Restored Successfully"}
                Write-Output ($output | ConvertTo-Json)
            }
        }
    } catch {
        #unable to restore the team as it is not in deleted state. send a failure block back to power automate
                $output = @{"Completed"="Failure"; "TeamID"="$TeamID"; "TeamName"="$TeamName"; "Comments"="The team was not located when trying to restore. Please confirm it is still deleted, noting it may take up to 5 minutes to appear."}
                Write-Output ($output | ConvertTo-Json)
    }

Hoping this is enough details for help?

Any help is greatly appreciated.

Thank you

Categories:

General topics