Problem
Two bugs in discovery/Invoke-TenantDiscovery.ps1:
1. Incorrect Resource Group Name Extraction (Line 336)
($log.ResourceId -split '/')[-1]
This extracts the resource name (last segment), not the resource group name. For nested resources like /subscriptions/.../resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm, this returns my-vm instead of my-rg.
Fix: Use the standard pattern to extract the RG segment:
($log.ResourceId -split '/resourceGroups/')[1] -split '/' | Select-Object -First 1
2. Orphan Detection Checks User Presence Instead of Account Status (Line 338)
The orphan detection logic checks whether the creator user exists in the user array, but should instead check the AccountEnabled property to detect disabled/orphaned accounts.
Impact
- Resource groups may be misclassified as orphaned or not orphaned
- Cleanup decisions based on incorrect creator-to-RG mapping
Labels
bug, priority:high
Problem
Two bugs in
discovery/Invoke-TenantDiscovery.ps1:1. Incorrect Resource Group Name Extraction (Line 336)
This extracts the resource name (last segment), not the resource group name. For nested resources like
/subscriptions/.../resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm, this returnsmy-vminstead ofmy-rg.Fix: Use the standard pattern to extract the RG segment:
2. Orphan Detection Checks User Presence Instead of Account Status (Line 338)
The orphan detection logic checks whether the creator user exists in the user array, but should instead check the
AccountEnabledproperty to detect disabled/orphaned accounts.Impact
Labels
bug,priority:high