Tommy Gjertsen

About

Hi, I'm Tommy. I'm a Cloud Architect based in Norway. This is blog is a personal collection of technical resources, hopefully useful for others as well.

Published: 16 Aug 2024Author:

Enable GDAP auto-extend using Microsoft Graph and PowerShell

Description

The following applies to Microsoft CSP. If you don’t have auto-extend enabled on your customer GDAP-relationships, you can use this script to modify the property called “autoExtendDuration”, to enable it.

Prerequisites

Install the module:

Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force

PowerShell Script

Write-Output "Opening browser for Partner Center authentication.."
Connect-MgGraph -Scopes "DelegatedAdminRelationship.ReadWrite.All" -NoWelcome

Write-Output "Fetching GDAP-Relationships.."
$Relationships = Get-MgTenantRelationshipDelegatedAdminRelationship -All | Where-Object {($_.status -eq "created" -or $_.status -eq "active") -and ($_.AdditionalProperties.autoExtendDuration -eq "PT0S" -or $_.AutoExtendDuration -eq "00:00:00")}

$total = $gdap.count
$count = 0
$params = @{autoExtendDuration = "P180D"}

Write-Output "Modifying autoExtendDuration values.."
Foreach-Object ($Relationship in $Relationships) {
    $count++
    Write-Progress -Activity "Enabling auto-extend on: $($Relationship.displayname)" -Status "($count/$total)"
    $GDAPAutoExtend = $null
    try {
        Invoke-MgGraphRequest -Uri "v1.0/tenantRelationships/delegatedAdminRelationships/$($Relationship.id)" -Method PATCH -Body $params -Headers @{"If-Match" = $Relationship.AdditionalProperties['@odata.etag']} | out-null
    }
    catch {
        "$($Relationship.DisplayName): $($_.Exception.Message)"
    }
}
Write-Output "Finished ($count/$total)"

Disconnect-Graph

Explanation

Connect to Microsoft Graph using the required scope DelegatedAdminRelationship.ReadWrite.All to modify GDAP-relationships:

Connect-MgGraph -Scopes "DelegatedAdminRelationship.ReadWrite.All" -NoWelcome

Fetch all GDAP-relationships with

  • Status created or active, which are the only ones that you can modify the auto-extend property on.
  • Has AutoExtendDuration set to PT0S, which is equal to auto extend not enabled
$Relationships = Get-MgTenantRelationshipDelegatedAdminRelationship -All | Where-Object {($_.status -eq "created" -or $_.status -eq "active") -and ($_.AdditionalProperties.autoExtendDuration -eq "PT0S"}

Send an HTTP request to modify the auto-extend property to P180D, which will renew the relationship automatically every 180 days.

$params = @{autoExtendDuration = "P180D"}
Invoke-MgGraphRequest -Uri "v1.0/tenantRelationships/delegatedAdminRelationships/$($Relationship.id)" -Method PATCH -Body $params -Headers @{"If-Match" = $Rel.AdditionalProperties['@odata.etag']} | out-null

Normally, you’d think we can use Set-MgTenantRelationshipDelegatedAdminRelationship to set the autoExtendDuration property, but at the time of writing, this commandlet is currently missing implementation to handle a required If-Match in the request header. See Github issue.

The workaround is to use Invoke-MgGraphRequest as demonstrated in the script.

Options

Here’s some useful conditions you can use at line 5 to adjust the target GDAP-relationships.

Expiring within the next 60 days:

$_.EndDateTime -lt $(get-date).AddDays(60)

GDAP-relationships that contains a certain string in the name:

$_.DisplayName -match "RelationshipDisplayName"

Microsoft references

Similar posts