Merge pull request KelvinTegelaar#1894 from kris6673/SID

feat: Add SID conversion to group and role functions

Author: KelvinTegelaar

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroups.ps1

@@ -107,6 +107,7 @@ function Invoke-ListGroups {
                 allowExternal          = (!$OnlyAllowInternal)
                 sendCopies             = $SendCopies
                 hideFromOutlookClients = if ($GroupType -eq 'Microsoft 365') { $UnifiedGroupInfo.HiddenFromExchangeClientsEnabled } else { $null }
+                SID                    = (Convert-AzureAdObjectIdToSid -ObjectID $((($RawGraphRequest | Where-Object { $_.id -eq 1 }).body).id))
             }
         } else {
             $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupID)/$($members)?`$top=999&select=$SelectString" -tenantid $TenantFilter | Select-Object *, @{ Name = 'primDomain'; Expression = { $_.mail -split '@' | Select-Object -Last 1 } },
@@ -126,7 +127,8 @@ function Invoke-ListGroups {
                     elseif (([string]::isNullOrEmpty($_.groupTypes)) -and ($_.mailEnabled) -and (-not $_.securityEnabled)) { 'distributionList' }
                 }
             },
-            @{Name = 'dynamicGroupBool'; Expression = { if ($_.groupTypes -contains 'DynamicMembership') { $true } else { $false } } }
+            @{Name = 'dynamicGroupBool'; Expression = { if ($_.groupTypes -contains 'DynamicMembership') { $true } else { $false } } },
+            @{Name = 'SID'; Expression = { Convert-AzureAdObjectIdToSid -ObjectID $_.id } }
             $GraphRequest = @($GraphRequest | Sort-Object displayName)
         }
 

Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1

@@ -26,6 +26,7 @@ function Invoke-ListRoles {
                 DisplayName    = $Role.displayName
                 Description    = $Role.description
                 Members        = @($Members)
+                SID            = (Convert-AzureAdObjectIdToSid -ObjectID $Role.id)
             }
         }
         $StatusCode = [HttpStatusCode]::OK

Modules/CIPPCore/Public/Tools/Convert-AzureAdObjectIdToSid.ps1

@@ -0,0 +1,28 @@
+function Convert-AzureAdObjectIdToSid {
+    <#
+    .SYNOPSIS
+        Converts an Azure AD / Entra ID Object ID (GUID) to its Windows SID representation.
+    .DESCRIPTION
+        Parses the 16-byte GUID of an Azure AD Object ID and re-interprets the bytes as four
+        unsigned 32-bit integers, producing a SID in the form S-1-12-1-{b0}-{b1}-{b2}-{b3}.
+        This is the format used by Microsoft when translating cloud identities to on-premises
+        or hybrid Windows security contexts.
+    .PARAMETER ObjectID
+        The Azure AD / Entra ID Object ID (GUID) to convert. Must be a valid GUID string.
+    .FUNCTIONALITY
+        Internal
+    .EXAMPLE
+        Convert-AzureAdObjectIdToSid -ObjectID '00000000-0000-0000-0000-000000000001'
+        Returns the Windows SID corresponding to the specified Entra ID Object ID.
+    #>
+    param (
+        [parameter(Mandatory = $true)][string]$ObjectID
+    )
+
+    $Bytes = [Guid]::Parse($ObjectId).ToByteArray()
+    $Array = New-Object 'UInt32[]' 4
+
+    [Buffer]::BlockCopy($Bytes, 0, $Array, 0, 16)
+    $Sid = "S-1-12-1-$Array".Replace(' ', '-')
+    return $Sid
+}