Administrator checkbox overlaps Azure AD groups

Avatar de Vinicius
Vinicius

Share with

Lately, I have been working a lot in Sitecore environments integrated with Azure AD and last week while troubleshooting a permission issue which I couldn’t reproduce using my user.

After struggling a bit, I decided to compare the problematic user with mine and move forward from there.

Azure AD membership

I want to check which groups I belong that are different from the problematic user, and vice-versa. In order to have a better overview I executed the following Powershell that highlights the differences between two users

Please note the Powershell script below shows ALL Azure AD groups and not just the ones used for Sitecore Claiming Roles, it is up to you to look into the output and make adjustments using the right groups

$referenceUser = “[email protected]

$differenceUser = “[email protected]

Compare-Object -ReferenceObject (Get-AzureADUser -SearchString $referenceUser | Get-AzureADUserMembership -All $true | ? {$_.ObjectType -ne “Role”} | % {Get-AzureADGroup -ObjectId $_.ObjectId | select DisplayName | sort-object -property displayname}) -DifferenceObject (Get-AzureADUser -SearchString $differenceUser | Get-AzureADUserMembership -All $true | ? {$_.ObjectType -ne “Role”} | % {Get-AzureADGroup -ObjectId $_.ObjectId | select DisplayName | sort-object -property displayname}) -property DisplayName -passthru

Powershell Azure AD Blog Vinicius Deschamps

The result of the comparison indicates whether a property value appeared only the reference object (<=) or only in the difference object (=>)

Having the following output, you will be able to determine whether you should be added / removed to match the reference User.

Then, I did adjustments and now I was part of the same Azure AD groups as the problematic user but still not able to reproduce the issue…

So, I’ve decided to double check Sitecore User Manager

Sitecore User Manager

When you first sign-in to a Sitecore that is integrated with Azure AD, a username is created into User Manager, and in a randomic set of letters and numbers as you can see

Sitecore User Manager List Blog Vinicius Deschamps

When I double-clicked at my user, I noticed that I had the Administrator checkbox marked

Sitecore User Manager Edit Azure AD Administrator Checkbox Blog Vinicius Deschamps

I decided to uncheck the Administrator box, sign out from Sitecore CM and access it again.

Voilá! I was able to reproduce the issue, and figure out the Administrator box overlap the Azure AD claiming.

I hope you liked it, and I’ll see you on my next post!

Tagged in :

,
Avatar de Vinicius
Vinicius

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

More Articles & Posts