#1457 - [GH-ISSUE #2938] Edit Tenant - Could not find tenant in contract endpoint - starred/CIPP

kerem commented

2026-03-02 13:44:20 +03:00

Owner

Originally created by @linussalomonsson on GitHub (Oct 11, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2938

Description

I apologize in advance as I am not a dev and not acquainted with GitHub etiquette.

When editing certain tenants, the error of not finding the tenant in the contract endpoint appears even when a reseller relationship exists.
After some troubleshooting, the error appears due to pagination when calling the contract endpoint, hence some tenants are editable and some are not.

I have updated the PowerShell code and tested on my installation and the changes below appear to work on all our tenants.

Invoke-EditTenant.ps1

Updated code:

using namespace System.Net

Function Invoke-EditTenant {
    <#
    .FUNCTIONALITY
        Entrypoint
    .ROLE
        CIPP.Core.ReadWrite
    #>
    [CmdletBinding()]
    param($Request, $TriggerMetadata)

    $APIName = $TriggerMetadata.FunctionName
    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

    $tenantDisplayName = $request.body.displayName
    $tenantDefaultDomainName = $request.body.defaultDomainName
    $Tenant = $request.body.tenantid
    $customerContextId = $request.body.customerId

    $tokens = try {
        $Graphtoken = (Get-GraphToken)
        $tenantDetails = (Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/v1.0/contracts?`$filter=customerId eq $($customerContextId)" -ContentType 'application/json' -Headers $Graphtoken).value
        $tenantObjectId = $tenantDetails.id
    }
    catch {
        $Results = "Failed to retrieve tenant. Error: $($_.Exception.Message)"
        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantDisplayName) -message "Failed to retrieve tenant. Error:$($_.Exception.Message)" -Sev 'Error'
    }


    if ($tenantObjectId) {
        try {
            $bodyToPatch = '{"displayName":"' + $tenantDisplayName + '","defaultDomainName":"' + $tenantDefaultDomainName + '"}'
            $patchTenant = (Invoke-RestMethod -Method PATCH -Uri "https://graph.microsoft.com/v1.0/contracts/$($tenantObjectId)" -Body $bodyToPatch -ContentType 'application/json' -Headers $Graphtoken -ErrorAction Stop)
            $Filter = "PartitionKey eq 'Tenants' and defaultDomainName eq '{0}'" -f $tenantDefaultDomainName
            try {
                $TenantsTable = Get-CippTable -tablename Tenants
                $Tenant = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter
                $Tenant.displayName = $tenantDisplayName
                Update-AzDataTableEntity @TenantsTable -Entity $Tenant
            }
            catch {
                $AddedText = 'but could not edit the tenant cache. Clear the tenant cache to display the updated details'
            }
            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantDisplayName -message "Edited tenant $tenantDisplayName" -Sev 'Info'
            $results = "Successfully amended details for $($Tenant.displayName) $AddedText"
        }
        catch {
            $results = "Failed to amend details for $tenantDisplayName : $($_.Exception.Message)"
            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantDisplayName -message "Failed amending details $tenantDisplayName. Error:$($_.Exception.Message)" -Sev 'Error'
        }
    }
    else {
        $Results = 'Could not find the tenant to edit in the contract endpoint. Please ensure you have a reseller relationship with the tenant you are trying to edit.'
    }

    $body = [pscustomobject]@{'Results' = $results }

    # Associate values to output bindings by calling 'Push-OutputBinding'.
    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
            StatusCode = [HttpStatusCode]::OK
            Body       = $body
        })

}

Environment data

Non-sponsored
Front end version number: 6.4.1
Back end version number: 6.5.0
Tried Tenant Cache Clear: false
Tried Token Cache Clear: false

Originally created by @linussalomonsson on GitHub (Oct 11, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2938 ### Description I apologize in advance as I am not a dev and not acquainted with GitHub etiquette. When editing certain tenants, the error of not finding the tenant in the contract endpoint appears even when a reseller relationship exists. After some troubleshooting, the error appears due to pagination when calling the contract endpoint, hence some tenants are editable and some are not. I have updated the PowerShell code and tested on my installation and the changes below appear to work on all our tenants. [Invoke-EditTenant.ps1](https://github.com/futureitpartner/CIPP-API/blob/master/Modules/CIPPCore/Public/Entrypoints/HTTP%20Functions/Tenant/Administration/Tenant/Invoke-EditTenant.ps1) Updated code: ``` using namespace System.Net Function Invoke-EditTenant { <# .FUNCTIONALITY Entrypoint .ROLE CIPP.Core.ReadWrite #> [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantDisplayName = $request.body.displayName $tenantDefaultDomainName = $request.body.defaultDomainName $Tenant = $request.body.tenantid $customerContextId = $request.body.customerId $tokens = try { $Graphtoken = (Get-GraphToken) $tenantDetails = (Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/v1.0/contracts?`$filter=customerId eq $($customerContextId)" -ContentType 'application/json' -Headers $Graphtoken).value $tenantObjectId = $tenantDetails.id } catch { $Results = "Failed to retrieve tenant. Error: $($_.Exception.Message)" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantDisplayName) -message "Failed to retrieve tenant. Error:$($_.Exception.Message)" -Sev 'Error' } if ($tenantObjectId) { try { $bodyToPatch = '{"displayName":"' + $tenantDisplayName + '","defaultDomainName":"' + $tenantDefaultDomainName + '"}' $patchTenant = (Invoke-RestMethod -Method PATCH -Uri "https://graph.microsoft.com/v1.0/contracts/$($tenantObjectId)" -Body $bodyToPatch -ContentType 'application/json' -Headers $Graphtoken -ErrorAction Stop) $Filter = "PartitionKey eq 'Tenants' and defaultDomainName eq '{0}'" -f $tenantDefaultDomainName try { $TenantsTable = Get-CippTable -tablename Tenants $Tenant = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter $Tenant.displayName = $tenantDisplayName Update-AzDataTableEntity @TenantsTable -Entity $Tenant } catch { $AddedText = 'but could not edit the tenant cache. Clear the tenant cache to display the updated details' } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantDisplayName -message "Edited tenant $tenantDisplayName" -Sev 'Info' $results = "Successfully amended details for $($Tenant.displayName) $AddedText" } catch { $results = "Failed to amend details for $tenantDisplayName : $($_.Exception.Message)" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantDisplayName -message "Failed amending details $tenantDisplayName. Error:$($_.Exception.Message)" -Sev 'Error' } } else { $Results = 'Could not find the tenant to edit in the contract endpoint. Please ensure you have a reseller relationship with the tenant you are trying to edit.' } $body = [pscustomobject]@{'Results' = $results } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = $body }) } ``` ### Environment data ```PowerShell Non-sponsored Front end version number: 6.4.1 Back end version number: 6.5.0 Tried Tenant Cache Clear: false Tried Token Cache Clear: false ```

kerem

2026-03-02 13:44:20 +03:00

closed this issue
added the
bug

unconfirmed-by-user
labels

kerem commented

2026-03-02 13:44:21 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Oct 11, 2024):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug."

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

@github-actions[bot] commented on GitHub (Oct 11, 2024): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/ If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug." Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented

2026-03-02 13:44:21 +03:00

Author

Owner

@linussalomonsson commented on GitHub (Oct 11, 2024):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

@linussalomonsson commented on GitHub (Oct 11, 2024): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

kerem commented

2026-03-02 13:44:21 +03:00

Author

Owner

@KelvinTegelaar commented on GitHub (Oct 11, 2024):

Microsoft only supports GET for this endpoint: https://learn.microsoft.com/en-us/graph/api/resources/contract?view=graph-rest-beta. Sending a patch to this endpoint actually sends a patch to the underlying organization, getting results you would not want in many cases. The old windows.net endpoint is also being shutdown.

Editing the tenant is no longer possible, as Microsoft does not want a separation between the name in Partner Center vs the name the tenant actually has. If you want the names to match after a change you can clear CIPPs tenant cache to refresh the name within CIPP, if it is out-dated.

@KelvinTegelaar commented on GitHub (Oct 11, 2024): Microsoft only supports GET for this endpoint: https://learn.microsoft.com/en-us/graph/api/resources/contract?view=graph-rest-beta. Sending a patch to this endpoint actually sends a patch to the underlying organization, getting results you would not want in many cases. The old windows.net endpoint is also being shutdown. Editing the tenant is no longer possible, as Microsoft does not want a separation between the name in Partner Center vs the name the tenant actually has. If you want the names to match after a change you can clear CIPPs tenant cache to refresh the name within CIPP, if it is out-dated.

kerem referenced this issue

2026-03-02 13:57:28 +03:00

[PR #1457] [MERGED] Dev to release #3240

kerem referenced this issue

2026-03-02 13:57:42 +03:00

[PR #1555] [CLOSED] on prem user creation #3299

kerem referenced this issue

2026-03-02 13:57:45 +03:00

[PR #1573] [CLOSED] Added List Devices link to dashboard #3309

kerem referenced this issue

2026-03-02 13:57:46 +03:00

[PR #1575] [CLOSED] Added Sharepoint Quota to dashboard #3312