Health Checker: Quick output fixes (#2524, #2381, #2508)#2547
Open
dpaulson45 wants to merge 3 commits into
Open
Health Checker: Quick output fixes (#2524, #2381, #2508)#2547dpaulson45 wants to merge 3 commits into
dpaulson45 wants to merge 3 commits into
Conversation
Replace undefined $ExScripts EMS variable with the Exchange install path from registry values, so the Get-Mitigations.ps1 script path displays correctly in the report output. Fixes #2524 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…nistrators group When Get-LocalGroupMember fails due to orphaned SIDs in the built-in Administrators group (InvalidOperationException on Server 2019/2022), display a helpful message indicating orphaned SIDs may be the cause instead of the misleading 'results were blank' message. Server 2025 handles orphaned SIDs natively so this check is only applied on older OS versions (build < 10.0.26100). Fixes #2381 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update docs and analyzer output to make it clear that Exchange specifically requires the Visual C++ 2012 and 2013 Redistributable, and that these are not replaced by newer versions. When a version is reported as outdated, the message now specifies which year's Redistributable needs updating. Fix double 'the' typo in documentation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR makes targeted Health Checker output improvements to address (1) missing mitigation script path output, (2) clearer diagnostics when local Administrators membership enumeration fails due to orphaned SIDs on older Windows Server builds, and (3) clearer Visual C++ Redistributable messaging + documentation.
Changes:
- Constructed the mitigation scripts path from
MsiInstallPathinstead of relying on EMS-only variables. - Persisted and surfaced
Get-LocalGroupMemberexceptions to provide a more accurate “orphaned SID” explanation on pre-Server-2025 OS builds. - Clarified VC++ 2012/2013 “outdated” messages and updated the corresponding documentation and Pester expectations.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| docs/Diagnostics/HealthChecker/VisualCRedistributableVersionCheck.md | Updates documentation to clarify that Exchange requires VC++ 2012/2013 and that “outdated” means update within that series. |
| Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 | Updates test expectations for the refined VC++ 2013 “outdated” output string. |
| Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 | Updates test expectations for the refined VC++ 2012/2013 “outdated” output strings. |
| Diagnostics/HealthChecker/Features/Get-HealthCheckerDataObject.ps1 | Extends the data object to carry LocalGroupMemberException into analyzers. |
| Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Invoke-JobExchangeInformationLocal.ps1 | Captures the Get-LocalGroupMember exception for later analyzer logic. |
| Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityMitigationService.ps1 | Fixes mitigation guidance output by building the Scripts path from the Exchange install path. |
| Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOsInformation.ps1 | Improves VC++ “outdated” wording and adds Exchange-specific clarification text. |
| Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1 | Uses captured exception + OS build gating to emit a clearer orphaned-SID-related failure message. |
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Quick output fixes for Health Checker addressing three issues:
Fix empty ExScripts path in mitigation service output
Fixes #2524
The `` variable is an Exchange Management Shell (EMS) variable that is not available in the Health Checker context. Replaced with a constructed path using
[System.IO.Path]::Combine(.RegistryValues.MsiInstallPath, "Scripts").Improve error message for orphaned SIDs in local Administrators group
Fixes #2381
When
Get-LocalGroupMemberthrows anInvalidOperationException("Failed to compare two elements in the array") on Windows Server 2022 and earlier, the analyzer now shows a specific message about orphaned/deleted SIDs instead of the generic "results were blank" message. This is a known OS bug fixed in Server 2025.Clarify Visual C++ Redistributable finding and documentation
Fixes #2508
https://aka.ms/HC-LatestVC) to clarify that Exchange specifically requires the Visual C++ 2012 and 2013 Redistributable, and that these are not replaced by newer versions (e.g., VC++ 2015-2022).Files Changed
Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOsInformation.ps1Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityMitigationService.ps1Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Invoke-JobExchangeInformationLocal.ps1Diagnostics/HealthChecker/Features/Get-HealthCheckerDataObject.ps1Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1docs/Diagnostics/HealthChecker/VisualCRedistributableVersionCheck.mdTesting
All Pester tests pass (91 tests, 0 failures).