I am looking for the siteID in admin center of sharepoint and I cannot find it. I can get it via graphAPI but I need to find it via admin center as well, and the reason is our customer has multi-tenant application and they want each tenant enter their own sharepoint/graphAPI settings in the application.
I don't believe it is possible to get the site Id for SharePoint Online sites from the SPO admin center. You can use Microsoft Graph, SharePoint Online PowerShell, Client Side Object Model (CSOM), and more. Additionally if you navigate to a site in a browser and append "/_api/site" to the URL you can see the Guid for the site, but you'll need to parse the XML response.
It seems that there is not a way to get site id in CA.
I write a pnp powershell script to get all site id for your reference.
$username = "amos#contoso.onmicrosoft.com"
$password = "Password"
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $(convertto-securestring $Password -asplaintext -force)
$TenantSiteURL = "https://contoso-admin.sharepoint.com/"
$CSVFilePath = "C:\Temp\AllSitesData.csv"
#Connect to Tenant Admin Site
Connect-PnPOnline -Url $TenantSiteURL -Credentials $cred
$sites=Get-PnPTenantSite -Detailed
$listItemData=#()
foreach($site in $sites){
Connect-PnPOnline -Url $site.Url -Credentials $cred
#Get the site collection with ID property
$Site = Get-PnPSite -Includes ID
$listItemData += New-Object PSObject -Property #{
"Site Url" = $site.Url
"Site Collection ID" = $Site.Id
}
}
$listItemData |Export-Csv -NoTypeInformation -Path $CSVFilePath
As stated above, you need access to the admin center. Instead of using Get-PnPTenantSite, use
(Get-PnPListItem -List DO_NOT_DELETE_SPLIST_TENANTADMIN_AGGREGATED_SITECOLLECTIONS -PageSize 5000) | Where-Object { <#YOUR CRITERIA#> }
Related
A customer of ours changed the mail domain. So I would like to change the UPN on request of this customer.
Azure B2C blocks with the Error: "Unable to update this user because the user principal name provided is not on a verified domain."
$username = "admin#tenant.onmicrosoft.com"
$password = ConvertTo-SecureString "sEcReT" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)
$oldUPN = "user#someoldcompany.com"
$newUPN = "user#tsomenewcompany.org"
$tenant = "1234567-1a75-438f-8f2c-1234567"
Connect-MSolService -Credential $psCred
Connect-AzureAD -TenantId $tenant -Credential $psCred
Connect-MSolService -Credential $psCred
Set-MsolUserPrincipalName -UserPrincipalName $oldUPN -NewUserPrincipalName $newUPN -TenantId $tenant
Only option I see is to add the customer domain as a verified domain. But that is inconvenient in a B2C scenario. As most of the users did a self registration.
Any workaround? Any --force attribute, either to change the UPN or the verify a custom domain.
As you already found, UPNs need to include a validated domain. It should not affect any user, being Azure AD or consumer, local or federated.
I am looking for some guidance on combining a PowerShell script that combines the following scripts:
Connect-AzureAD
Revoke-AzureADUserAllRefreshToken -ObjectId johndoe#contoso.com
Get-AzureADUserRegisteredDevice -ObjectId johndoe#contoso.com | Set-AzureADDevice -AccountEnabled $false
What I am hoping to achieve is to combine all three cmdlets to a single script that my staff can run, where it will prompt for the user name that we wish to run the script upon. Assuming I need to add $ObjectID = Read-Host -Promptsomewhere in this script.
Thank you in advance for any advice or guidance on how to do this.
Assuming I understood your question and you just wanted a way to assemble all that together in the correct order, here it is.
# Use one or the other depending on if you want to use the username or objectID
$Username = Read-Host -Prompt
#$ObjectId = Read-Host -Prompt
Connect-AzureAD
# Use one or the other depending on if you want to use the username or objectID
$User = Get-AzureADUser -SearchString $Username
#$User = Get-AzureADUser -ObjectId $ObjectId
if ($null -ne $User) {
Revoke-AzureADUserAllRefreshToken -ObjectId $User.ObjectId
Get-AzureADUserRegisteredDevice -ObjectId $User.ObjectId | Set-AzureADDevice -AccountEnabled $false
} else {
Write-Warning "No user found with the specified criteria"
}
I am preparing the report which contains all the users access level tenant wise from the azure.
is there any one command or script to get all the users access level from Azure tenant ?
That is a little be trick: The PS library for Azure is different from the PS library for the AD. You must cross informations.
You must get all users from you AD using the command above and save as variable
$allUsers = Get-ADUsers -Filter *
Now you can navigate to all subscriptions into your tenant, all resource groups and resources and for each and every one get the IAM (who came with the objectId of the user) and cross with the variable $allUsers to identify everyone.
The sample is not the best but maybe can help you:
Connect-AzAccount
$listIAM = New-Object System.Collections.ArrayList
$listSubscriptions = Get-AzSubscription
foreach($subscription in $listSubscriptions){
Set-AzContext -SubscriptionId $subscription.SubscriptionId
# Now you have all roleAssignements for this subscription
$subscriptionIAM = Get-AzRoleAssignment -Scope /subscriptions/$subscription.SubscriptionId
$listIAM.Add($subscriptionIAM) | Out-Null
# Navigate into resource groups
$listResourceGroups = Get-AzResourceGroup
foreach($resourceGroup in $listResourceGroups){
$rgIAM = Get-AzRoleAssignment -ResourceGroupName $resourceGroup.ResourceGroupName
$listIAM.Add($rgIAM) | Out-Null
# Navigate into resources
$listResources = Get-AzResource -ResourceGroupName $resourceGroup
foreach($resource in $listResources){
$rIAM = Get-AzRoleAssignment -Scope $resouce.ResourceId
$listIAM.Add($rIAM) | Out-Null
}
}
}
You can do this in either PowerShell or the Graph API. Both methods are in preview (the graph API calls are under the beta branch).
#Get the user
$userId = (Get-AzureADUser -Filter "userPrincipalName eq 'alice#contoso.com'").ObjectId
#Get direct role assignments to the user
$directRoles = (Get-AzureADMSRoleAssignment -Filter "principalId eq '$userId'").RoleDefinitionId
Prerequisites
AzureADPreview module when using PowerShell
Microsoft.Graph module when using PowerShell
Admin consent when using Graph Explorer for Microsoft Graph API
https://learn.microsoft.com/en-us/azure/active-directory/roles/list-role-assignments-users
Try to use SharePoint PnP to get all the sites on a SharePoint 2013 server.
From central administration, I can view all site collections as
/
/people/A
/people/B
...
The site urls are like
https://people-hr.mycompany.com
https://people-hr.mycompany.com/A/JohnAllen
https://people-hr.mycompany.com/A/SamAdams
https://people.hr.mycompany.com/B/JamesBell
...
Using
Connect-PnPOnline -Url "https://products.mycompany.com" -Credentials (Get-Credential)
or
Connect-PnPOnline -Url "https://products.mycompany.com/A/JohnAllen" -Credentials (Get-Credential)
I can get to the root site or a subsite. But there are so many sites. I need to get all the sites so I can iterate them to do some data maintenance.
I tried to use Get-PnPSite and Get-PnPSubWebs (with Recurse), but they failed to return all the sites.
Get-PnPTenantSite will return all the site collections. in order to iterate through each, Try this:
$cred = Get-Credential
Connect-PnPOnline "https://mytenant.sharepoint.com" -Credentials $cred
$SiteCollections = Get-PnPTenantSite
foreach ($SiteCollection in $SiteCollections)
{
Connect-PnPOnline -Url $SiteCollection.Url -Credentials $cred
Get-PnPSubWebs
}
You could use the command Get-PnPTenantSite to list all site collections.
Reference:
https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/get-pnptenantsite?view=sharepoint-ps
I am new to Exchange Online, and Azure, but Ive been asked if we can create O365 groups in Exchange Online, using the New-UnifiedGroup and Set-UnifiedGroup cmdlets. Then they want to be able to make those groups dynamic, based upon certain criteria. Is this even possible, or do I skip Exchange Online entirely, and in Azure use the New-AzureADMSGroup cmdlets to create a dynamic group.
Any help is appreciated.
Thanks.
Yes, you could create an Office 365 group with AzureAD PowerShell cmdlet New-AzureADMSGroup and you need to install AzureAD module first.
For example, This command creates a new dynamic group with the following rule:
user.department -contains "Marketing"
The double quotation marks are replaced with single quotation marks.
The processing state is On. This means that all users in the directory
that qualify the rule are added as members to the group. Any users
that do not qualify are removed from the group.
New-AzureADMSGroup -DisplayName "Dynamic Group 01" -Description "Dynamic group created from PS" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.department -contains ""Marketing"")" -MembershipRuleProcessingState "On"
More references: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/New-enhancements-to-the-AzureAD-PowerShell-2-0-preview-Manage/ba-p/245153
and https://blog.hubfly.com/office-365/useful-powershell-cmdlets-to-administer-office-365-groups-part-1
Ok, so here is the solution we came up with.
Requires AzureADPreview module, current version as of today 2.0.2.17
The AzureAD Module wont work, as it is missing parameters required for group membership.
Requires a Connection into AzureAD, and also Exchange Online.
The account you connect with need to be an Exchange Administrator in Exchange Online, and an User Administrator in AzureAD.
In our example we want an Office group, that is dynamic, and the membershipRule based upon extensionattribute12.
#***********************************************************************
$ADUser = "samAccountName#yourdomain"
$ADPassword = 'the password'
$ADPwd = $ADPassword | ConvertTo-SecureString -AsPlainText -Force
$UserCredential = new-object system.management.automation.pscredential $ADuser, $ADPwd
#***********************************************************************
"Connect AzureAD"
Connect-AzureAD -Credential $UserCredential
"Connect to Exchange Online"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
#######################################
function ConvertStaticGroupToDynamic
{
Param([string]$groupId, [string]$dynamicMembershipRule)
$dynamicGroupTypeString = "DynamicMembership"
#existing group types
[System.Collections.ArrayList]$groupTypes = (Get-AzureAdMsGroup -Id $groupId).GroupTypes
if($groupTypes -ne $null -and $groupTypes.Contains($dynamicGroupTypeString))
{
throw "This group is already a dynamic group. Aborting conversion.";
}
#add the dynamic group type to existing types
$groupTypes.Add($dynamicGroupTypeString)
#modify the group properties to make it a static group: i) change GroupTypes to add the dynamic type, ii) start execution of the rule, iii) set the rule
Set-AzureAdMsGroup -Id $groupId -GroupTypes $groupTypes.ToArray() -MembershipRuleProcessingState "On" -MembershipRule $dynamicMembershipRule
}
#######################################
$ExtAtt12 = "Marketing"
$NewGroupName = "O365-OfficeGroupTest"
"[$NewGroupName] create group"
New-UnifiedGroup -DisplayName $NewGroupName
Set-UnifiedGroup $NewGroupName -UnifiedGroupWelcomeMessageEnabled:$false
$ID = (Get-UnifiedGroup $NewGroupName).ExternalDirectoryObjectId
sleep 15 # Allow time for Exchange Online to Sync with AzureAD
ConvertStaticGroupToDynamic -groupId $ID -dynamicMembershipRule "(User.extensionattribute12 -eq ""$ExtAtt12"")"