From fed1ce01ed0d257f3b57c561bc8dd41b6b6a371c Mon Sep 17 00:00:00 2001
From: Fabian Bader <fabian.bader@glueckkanja-gab.com>
Date: Mon, 22 Jul 2024 22:59:54 +0200
Subject: [PATCH] Add skip for CAP not scoped to internal users

---
 .../Test-MtCaExclusionForDirectorySyncAccount.ps1    | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1 b/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1
index 5a21e646..353da5bd 100644
--- a/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1
+++ b/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1
@@ -48,7 +48,17 @@ function Test-MtCaExclusionForDirectorySyncAccount {
         if ( $policy.conditions.applications.includeApplications -ne "All" ) {
             # Skip this policy, because it does not apply to all applications
             $currentresult = $true
-            Write-Verbose "Skipping $($policy.displayName) - $currentresult"
+            Write-Verbose "Skipping $($policy.displayName) because it's not scoped to all apps - $currentresult"
+            continue
+        }
+
+        if ( [string]::IsNullOrWhiteSpace($policy.conditions.users.includeUsers) -and `
+                [string]::IsNullOrWhiteSpace($policy.conditions.users.includeGroups) -and `
+                [string]::IsNullOrWhiteSpace($policy.conditions.users.includeRoles) -and `
+            ( -not [string]::IsNullOrWhiteSpace($policy.conditions.users.includeGuestsOrExternalUsers) ) ) {
+            # Skip this policy, because it does not apply to any internal users, but only guests
+            $currentresult = $true
+            Write-Verbose "Skipping $($policy.displayName) because no internal users is scoped - $currentresult"
             continue
         }