Merge pull request #2514 from microsoft/dpaul-HcNullAdSchemaClass

dpaulson45 · web-flow · commit 371c2bf236bd · 2026-03-06T10:34:09.000-06:00
Handle if results from AdSchemaInfo is null
diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2021-34470.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2021-34470.ps1
@@ -43,7 +43,8 @@ function Invoke-AnalyzerSecurityCve-2021-34470 {
             TestVulnerabilitiesByBuildNumbersForDisplay -ExchangeBuildRevision "$($SecurityObject.ExchangeInformation.BuildInformation.ExchangeSetup.FileBuildPart).$($SecurityObject.ExchangeInformation.BuildInformation.ExchangeSetup.FilePrivatePart)" -SecurityFixedBuilds "1497.23" -CVENames "CVE-2021-34470"
         }
 
-        if ($SecurityObject.OrgInformation.SecurityResults.CVE202134470.Unknown -or
+        if ($null -eq $SecurityObject.OrgInformation.SecurityResults.CVE202134470 -or
+            $SecurityObject.OrgInformation.SecurityResults.CVE202134470.Unknown -or
             $SecurityObject.OrgInformation.SecurityResults.CVE202134470.IsVulnerable.ToString() -eq "Unknown") {
             Write-Verbose "Unable to query classSchema: 'ms-Exch-Storage-Group' information"
             $details = "CVE-2021-34470`r`n`t`tWarning: Unable to query classSchema: 'ms-Exch-Storage-Group' to perform testing."
diff --git a/Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Invoke-JobOrganizationInformation.ps1 b/Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Invoke-JobOrganizationInformation.ps1
@@ -241,32 +241,38 @@ function Invoke-JobOrganizationInformation {
                 Invoke-CatchActions
             }
 
-            $schemaRangeUpper = (
-                ($adSchemaInformation.msExchSchemaVersionPt.Properties["RangeUpper"])[0]).ToInt32([System.Globalization.NumberFormatInfo]::InvariantInfo)
+            $CVE202221978Results = $null
+            $CVE202134470Results = $null
+            # Only execute if we were able to return the information from the schema class.
+            if ($null -ne $adSchemaInformation.msExchSchemaVersionPt) {
 
-            if ($schemaRangeUpper -lt 15323) {
-                $schemaLevel = "2013"
-            } elseif ($schemaRangeUpper -lt 17000) {
-                $schemaLevel = "2016"
-            } else {
-                $schemaLevel = "2019"
-            }
+                $schemaRangeUpper = (
+                    ($adSchemaInformation.msExchSchemaVersionPt.Properties["RangeUpper"])[0]).ToInt32([System.Globalization.NumberFormatInfo]::InvariantInfo)
 
-            $cve21978Params = @{
-                DomainsAcls                     = $domainsAclPermissions
-                ExchangeWellKnownSecurityGroups = $wellKnownSecurityGroups
-                ExchangeSchemaLevel             = $schemaLevel
-                SplitADPermissions              = $isSplitADPermissions
-            }
+                if ($schemaRangeUpper -lt 15323) {
+                    $schemaLevel = "2013"
+                } elseif ($schemaRangeUpper -lt 17000) {
+                    $schemaLevel = "2016"
+                } else {
+                    $schemaLevel = "2019"
+                }
 
-            $cve34470Params = @{
-                MsExchStorageGroup = $adSchemaInformation.MsExchStorageGroup
+                $cve21978Params = @{
+                    DomainsAcls                     = $domainsAclPermissions
+                    ExchangeWellKnownSecurityGroups = $wellKnownSecurityGroups
+                    ExchangeSchemaLevel             = $schemaLevel
+                    SplitADPermissions              = $isSplitADPermissions
+                }
+                Get-SecurityCve-2022-21978 @cve21978Params | Invoke-RemotePipelineHandler -Result ([ref]$CVE202221978Results)
             }
 
-            $CVE202221978Results = $null
-            $CVE202134470Results = $null
-            Get-SecurityCve-2022-21978 @cve21978Params | Invoke-RemotePipelineHandler -Result ([ref]$CVE202221978Results)
-            Get-SecurityCve-2021-34470 @cve34470Params | Invoke-RemotePipelineHandler -Result ([ref]$CVE202134470Results)
+            if ($null -ne $adSchemaInformation.MsExchStorageGroup) {
+                $cve34470Params = @{
+                    MsExchStorageGroup = $adSchemaInformation.MsExchStorageGroup
+                }
+
+                Get-SecurityCve-2021-34470 @cve34470Params | Invoke-RemotePipelineHandler -Result ([ref]$CVE202134470Results)
+            }
 
             $securityResults = [PSCustomObject]@{
                 CVE202221978 = $CVE202221978Results

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,8 @@ function Invoke-AnalyzerSecurityCve-2021-34470 {`
`43`	`43`	`TestVulnerabilitiesByBuildNumbersForDisplay -ExchangeBuildRevision "$($SecurityObject.ExchangeInformation.BuildInformation.ExchangeSetup.FileBuildPart).$($SecurityObject.ExchangeInformation.BuildInformation.ExchangeSetup.FilePrivatePart)" -SecurityFixedBuilds "1497.23" -CVENames "CVE-2021-34470"`
`44`	`44`	`}`
`45`	`45`
`46`		`- if ($SecurityObject.OrgInformation.SecurityResults.CVE202134470.Unknown -or`
	`46`	`+ if ($null -eq $SecurityObject.OrgInformation.SecurityResults.CVE202134470 -or`
	`47`	`+ $SecurityObject.OrgInformation.SecurityResults.CVE202134470.Unknown -or`
`47`	`48`	`$SecurityObject.OrgInformation.SecurityResults.CVE202134470.IsVulnerable.ToString() -eq "Unknown") {`
`48`	`49`	`Write-Verbose "Unable to query classSchema: 'ms-Exch-Storage-Group' information"`
`49`	`50`	$details = "CVE-2021-34470`r`n`t`tWarning: Unable to query classSchema: 'ms-Exch-Storage-Group' to perform testing."