Enable GDAP auto-extend using Microsoft Graph and PowerShell

Description

The following applies to Microsoft CSP and Partner Centers. If you don’t have enabled auto-extend enabled on your customer GDAP-relationships, you can use this script to modify the property called “autoExtendDuration”, to enable it.

Examples

• autoExtendDuration: PT0S or 00:00:00 - relationship will expire at end date (i.e. auto-extend not enabled).
• autoExtendDuration: P180D - relationship will renew at end date, with a duration of 180 days (i.e. auto-extend enabled).

Notes

• GDAP-relationships with Global Administrator role cannot be auto-extended.
• No emails will be sent to notify partner and customer.
• Customer consent isn’t needed to set auto-extend for existing active GDAP-relationships.

You can find more under Microsoft GDAP FAQ

Prerequisites

• Requires Microsoft Graph module.
• Requires AdminAgent or Global Administrator role.

Example:

Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force

Details

• The script will only process GDAP-relationships that have the status “Created” and “Active”, which is the only relationships you can modify the autoExtendDuration property on.
• The script will only look at the relationships that has autoExtendDuration value set to “PT0S” or “00:00:00”, which is equivalent of auto-extend not enabled.
• The script will set the autoExtendDuration value to P180D (180 days). The relationship will then have auto-extend enabled and extend every 180 days.
• The script is set to modify relationships expiring within 60 days as an example. Adjust this value to your needs ($_.EndDateTime on line 5).

Normally, we’d use Set-MgTenantRelationshipDelegatedAdminRelationship to set the autoExtendDuration property, but this commandlet is currently missing implementation to handle a required If-Match in the request header. See Github issue.

The workaround is to use Invoke-MgGraphRequest as demonstrated with this script.

PowerShell Script

Write-Output "Opening browser for Partner Center authentication.."
Connect-MgGraph -Scopes "DelegatedAdminRelationship.ReadWrite.All"

Write-Output "Fetching GDAP-relationships.."
$gdap = Get-MgTenantRelationshipDelegatedAdminRelationship -All | Where-Object {($_.status -eq "created" -or $_.status -eq "active") -and $_.EndDateTime -lt $(get-date).AddDays(60) -and ($_.AdditionalProperties.autoExtendDuration -eq "PT0S" -or $_.AutoExtendDuration -eq "00:00:00")}

$total = $gdap.count
$count = 0
$params = @{autoExtendDuration = "P180D"}

Write-Output "Modifying autoExtendDuration values.."
Foreach-Object ($rel in $gdap) {
    $count++
    Write-Progress -Activity "Enabling auto-extend on: $($rel.displayname)" -Status "($count/$total)"
    $GDAPAutoExtend = $null
    try {
        Invoke-MgGraphRequest -Uri "v1.0/tenantRelationships/delegatedAdminRelationships/$($rel.id)" -Method PATCH -Body $params -Headers @{"If-Match" = $rel.AdditionalProperties['@odata.etag']} | out-null
    }
    catch {
        "$($rel.DisplayName): $($_.Exception.Message)"
    }
}
Write-Output "Finished ($count/$total)"

Disconnect-Graph

Microsoft references

• GDAP FAQ
• delegatedAdminRelationship resource
• Get-MgTenantRelationshipDelegatedAdminRelationship

Similar posts

• List GDAP-relationships with reseller customers using Microsoft Graph and PowerShell
• Build A Blog With Jekyll And GitHub Pages