[GH-ISSUE #2963] Editing calendar permissions fails if user added to calendar has a personal Microsoft account #1473

New issue

Closed

opened 2026-03-02 13:44:30 +03:00 by kerem · 7 comments

kerem commented 2026-03-02 13:44:30 +03:00

Owner

Copy link

Originally created by @kris6673 on GitHub (Oct 30, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2963

Originally assigned to: @kris6673 on GitHub.

Description

1. Disable External calendar sharing
2. Wait 1 Microsoft minute
3. Find user with personal MS account with the same UPN
4. Find a random user to add permissions to
5. Try to add/edit/remove the user with the personal MS account permissions, from the random users calendar
6. Observe the success it returns but no edits have been made. The $CalParam.Identity in the return message is blank for some reason.

This happens cause for some reason, the personal account take precedence over the internal user in the tenant. Very odd why this happens.
Changing to use ExternalDirectoryObjectId instead, will make EXO understand that we mean the internal user in the tenant, and not the external personal MS account.

Environment data

Sponsored instance
Frontend: 6.4.1
Backend: 6.5.2
Tried Tenant Cache Clear: true
Tried Token Cache Clear: true

Originally created by @kris6673 on GitHub (Oct 30, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2963 Originally assigned to: @kris6673 on GitHub. ### Description 1. Disable External calendar sharing 2. Wait 1 Microsoft minute 3. Find user with personal MS account with the same UPN 4. Find a random user to add permissions to 5. Try to add/edit/remove the user with the personal MS account permissions, from the random users calendar 6. Observe the success it returns but no edits have been made. The $CalParam.Identity in the return message is blank for some reason. This happens cause for some reason, the personal account take precedence over the internal user in the tenant. Very odd why this happens. Changing to use ExternalDirectoryObjectId instead, will make EXO understand that we mean the internal user in the tenant, and not the external personal MS account. ### Environment data ```PowerShell Sponsored instance Frontend: 6.4.1 Backend: 6.5.2 Tried Tenant Cache Clear: true Tried Token Cache Clear: true ```

kerem 2026-03-02 13:44:30 +03:00

• closed this issue
• added the
  bug
  no-activity
  unconfirmed-by-user
  labels

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 30, 2024):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug."

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:2448177284 --> @github-actions[bot] commented on GitHub (Oct 30, 2024): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/ If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug." Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Oct 30, 2024):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

<!-- gh-comment-id:2448177551 --> @kris6673 commented on GitHub (Oct 30, 2024): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Oct 30, 2024):

I would like to work on this please!

<!-- gh-comment-id:2448177882 --> @kris6673 commented on GitHub (Oct 30, 2024): I would like to work on this please!

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 30, 2024):

Great! I assigned you (@kris6673) to the issue. Have fun working on it!

<!-- gh-comment-id:2448178269 --> @github-actions[bot] commented on GitHub (Oct 30, 2024): Great! I assigned you (@kris6673) to the issue. Have fun working on it!

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Oct 30, 2024):

Gonna fix this after the frontend rewrite, since it requires a change in the frontend

<!-- gh-comment-id:2448181088 --> @kris6673 commented on GitHub (Oct 30, 2024): Gonna fix this after the frontend rewrite, since it requires a change in the frontend

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Oct 30, 2024):

Hello, I've fixed this issue!

This is what I've done: I have identified the issue with calendar permissions for users with personal Microsoft accounts. The problem occurs because the personal account takes precedence over the internal user in the tenant. To resolve this, I've modified the EditCalendarPermissions.jsx file to use the ExternalDirectoryObjectId instead of the UPN when adding or removing calendar permissions. This change will ensure that Exchange Online understands we are referring to the internal user in the tenant, not the external personal Microsoft account.

I also created pull request: #2964

Caution

Disclaimer: This fix was created by Latta AI and you should never merge before you check the correctness of generated code!

This bug was fixed for free by Latta AI - https://latta.ai/ourmission

Very close, but you need to add ExternalDirectoryObjectId to the returned parameters in Modules\CIPPCore\Public\Entrypoints\Invoke-ListMailboxes.ps1 too, otherwise ExternalDirectoryObjectId will be missing from the table in the frontend

<!-- gh-comment-id:2448224934 --> @kris6673 commented on GitHub (Oct 30, 2024): > Hello, I've fixed this issue! > > This is what I've done: I have identified the issue with calendar permissions for users with personal Microsoft accounts. The problem occurs because the personal account takes precedence over the internal user in the tenant. To resolve this, I've modified the `EditCalendarPermissions.jsx` file to use the `ExternalDirectoryObjectId` instead of the UPN when adding or removing calendar permissions. This change will ensure that Exchange Online understands we are referring to the internal user in the tenant, not the external personal Microsoft account. > > I also created pull request: #2964 > > Caution > > Disclaimer: This fix was created by Latta AI and you should never merge before you check the correctness of generated code! > > This bug was fixed for free by Latta AI - https://latta.ai/ourmission Very close, but you need to add ExternalDirectoryObjectId to the returned parameters in Modules\CIPPCore\Public\Entrypoints\Invoke-ListMailboxes.ps1 too, otherwise ExternalDirectoryObjectId will be missing from the table in the frontend

kerem commented 2026-03-02 13:44:31 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Nov 9, 2024):

This issue is stale because it has been open 10 days with no activity. We will close this issue soon. If you want this feature implemented you can contribute it. See: https://docs.cipp.app/dev-documentation/contributing-to-the-code . Please notify the team if you are working on this yourself.

<!-- gh-comment-id:2465986883 --> @github-actions[bot] commented on GitHub (Nov 9, 2024): This issue is stale because it has been open 10 days with no activity. We will close this issue soon. If you want this feature implemented you can contribute it. See: https://docs.cipp.app/dev-documentation/contributing-to-the-code . Please notify the team if you are working on this yourself.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1473

No description provided.