# Import the AzureAD module Import-Module AzureAD # Connect to Azure AD Write-Host "Connecting to Azure AD..." Connect-AzureAD # Define the path to the CSV file $csvPath = "C:\HRM users License Report\cleanup\DisabledAccont12Nov2024.csv" # Import the CSV file Write-Host "Importing user list from CSV..." $users = Import-Csv -Path $csvPath # Loop through each user in the CSV file and delete the account Write-Host "Starting user deletion process..." foreach ($user in $users) { $userPrincipalName = $user.UserPrincipalName # Adjust the column name if needed try { # Retrieve the user by UserPrincipalName using the filter approach $azureADUser = Get-AzureADUser -Filter "UserPrincipalName eq '$userPrincipalName'" if ($azureADUser) { # Delete the user using ObjectId Write-Host "Attempting to delete user: $userPrincipalName" Remove-AzureADUser -ObjectId $azureADUser.ObjectId Write-Host "Deleted user: $userPrincipalName" -ForegroundColor Green } else { Write-Host "User not found: $userPrincipalName" -ForegroundColor Yellow } } catch { Write-Host "Failed to delete user: $userPrincipalName. Error: $_" -ForegroundColor Red } } Write-Host "User deletion process completed."
Friday, November 15, 2024
Delete AzureAD user
Friday, January 26, 2024
Azure AD users Sign in logs for 30 days report
#PowerShell script reads the All guest account details as a CSV and check in Azure AD sign in logs 30 days and generates the report file # Install the AzureAD module (if not already installed) Install-Module -Name AzureAD -Force -AllowClobber # Import the AzureAD module Import-Module AzureAD # Connect to Azure AD (you will be prompted for credentials) Connect-AzureAD # Read CSV file $csvPath = "C:\Report\AllGuestUsers.CSV" $csvData = Import-Csv -Path $csvPath # Array to store results $results = @() # Iterate through each row in the CSV foreach ($row in $csvData) { $email = $row.email Write-Host $email -ForegroundColor Green # Get sign-in logs for the specific email $signInLogs = Get-AzureADAuditSignInLogs -Filter "startsWith(userPrincipalName, '$email')" # Check if any sign-in logs were found $status = if ($signInLogs.Count -gt 0) { 'Found' } else { 'Not Found' } # Create an object with the email and status $result = [PSCustomObject]@{ Email = $email Status = $status } # Add the result to the array $results += $result } # Export results to CSV $results | Export-Csv -Path "C:\Report\Results.csv" -NoTypeInformation # Display a confirmation message Write-Output "Results exported to Results.csv"
Disable guest account from Azure AD reading CSV file
#This PowerShell script is used to read a CSV file having list of User Principal name (not email) #and disable the account in azure AD # Install the AzureAD PowerShell module if not already installed Install-Module -Name AzureAD -Force -AllowClobber -Scope CurrentUser # Import the AzureAD module Import-Module AzureAD # Connect to Azure AD Connect-AzureAD # -Credential $credential # Specify the path to your CSV file $csvFilePath = "C:\Report\Final\UserPrinicpalList.csv" # Read the CSV file $csvData = Import-Csv -Path $csvFilePath # Iterate through each row in the CSV foreach ($row in $csvData) { $upn = $row.UserPrincipalName # Get the user object from Azure AD $azureADUser = Get-AzureADUser -Filter "UserPrincipalName eq '$upn'" if ($azureADUser) { Write-Host $email -ForegroundColor Green # Disable the user account Set-AzureADUser -ObjectId $azureADUser.ObjectId -UserPrincipalName $upn -AccountEnabled $false Write-Host "Azure AD account for $email has been disabled." } else { Write-Host $upn -ForegroundColor Red Write-Host "User with email $upn not found in Azure AD." } }
Thursday, December 21, 2023
Connect SharePoint site with Azure AD app registration client id and secret
#Script is used to test that sharepoint site gets connected with Azure AD app registration client id and secret. $abc=Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-2" -ClientId "920cf67c-2973-423a-b419-" -ClientSecret "Rol8Q~WyNV_fA0IdCXWfyl5hhq2V5LA5_PMBLakt" Get-PnPWeb New-PnPList -Title "Contoso AD App List" -Template GenericList
Azure AD APP API Sites.Selected - 2
#Get-InstalledModule -Name "PnP.PowerShell" #Uninstall-Module -Name PnP.PowerShell #Install-Module -Name PnP.PowerShell -RequiredVersion 1.12.0 #Get-Command -Module PnP.Powershell #Update-Module -Name "PnP.PowerShell" #Script reads a csv file name "file.csv" having threee columns SiteURL,AppID and AppDisplayName
#Script grant Azure AD App having API sites.selected to access SharePoint site with "FullControl" permission.try { $csvData = Import-Csv -Path "file.csv" # Get the current date and time $timestamp = Get-Date -Format "yyyyMMdd-HHmmss" foreach ($row in $csvData) { $siteURL = $row.SiteURL $appID = $row.AppID $appDisplayName = $row.AppDisplayName $displayNameConcatenated = "$appID - $appDisplayName" Connect-PnPOnline -Url $siteURL -Interactive # Grant Write permissions to the Azure AD app on the site Grant-PnPAzureADAppSitePermission -AppId $appID -DisplayName $displayNameConcatenated -Site $siteURL -Permissions Write # Fetch Permission ID $PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $appID # Set permissions to FullControl using the fetched permission ID Set-PnPAzureADAppSitePermission -Site $siteURL -PermissionId $($PermissionId.Id) -Permissions "FullControl" # Construct the filename with a timestamp $filename = "Success-AzureADAppSitePermissions_$timestamp.txt" # Retrieve Azure AD app permissions for the site and store the output in a file $permissionOutput = Get-PnPAzureADAppSitePermission -Site $siteURL $permissionOutput | Out-File -FilePath $filename -Encoding UTF8 -Force # Completion message in green Write-Host "Script executed successfully!" -ForegroundColor Green } } catch { # Display error message in red Write-Host "An error occurred: $($_.Exception.Message)" -ForegroundColor Red # Log error to a separate file $errorLogFilename = "ErrorLog_$timestamp.txt" $_.Exception.Message | Out-File -FilePath $errorLogFilename -Encoding UTF8 -Force }
Thursday, February 9, 2023
Azure AD APP API Sites.Selected
This is always an issue to control SharePoint sites permission access. If this is for the user or the Application.
User permission can be controlled by SharePoint permission list but Application permission can not be controlled directly and that is possible from the Application configuration through graph API .
1) Select sites.selected from API for requested App
2) Run PS script to allow respective app to connect with specific SharePoint site with provided roles only
Install-Module -Name PnP.PowerShell -RequiredVersion 1.12.0
Install-Module PnP.PowerShellc Get-Command -Module PnP.Powershell
#Connect with PnP online # NO WEBLOGIN This will work with Get-Credential ONLY having Global Admin rights Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-1/" -Credential (Get-Credential) #Get All Lists Get-PnPList 1) Approach-1
Grant-PnPAzureADAppSitePermission -AppId 'e5b3606c-341c-492f-8b65-e109c94be' -DisplayName 'TESTSP' -Site 'https://miracl.sharepoint.com/sites/testsite-1' -Permissions Write Grant-PnPAzureADAppSitePermission -AppId 'e5b3606c-341c-492f-8b65-e109c94be' -DisplayName 'TESTSP' -Site 'https://miracl.sharepoint.com/sites/testsite-1' -Permissions Read
here -DisplayName can be any name , just to recognize the configured appbelow command will confirm the applied changes.Get-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1
2) Approach-2
Need to execute two commandlets. First grant Read or Write permissions. Then update it to Manage or FullControl
https://www.blimped.nl/running-application-with-limited-sharepoint-permissions/https://www.leonarmston.com/2022/01/pnp-powershell-csom-now-works-with-sharepoint-sites-selected-permission-using-azure-ad-app/$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity e5b3606c-341c-492f-8b65-e109c94be # $PermissionId will return ID, Roles and Apps name and ID
Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "FullControl" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Read" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Write" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Manage"
Revoke the Access
Connect-PnPOnline -Url $siteURL -Interactive
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $appID
Revoke-PnPAzureADAppSitePermission -PermissionId $PermissionId.Id -Force
Test with Client ID and Secret
$abc=Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-2" -ClientId "920cf67c-2973-423a-b419-" -ClientSecret "Rol8Q~WyNV_fA0IdCXWfyl5hhq2V5LA5_PMBLakt"
Get-PnPWeb
New-PnPList -Title "Contoso AD App List" -Template GenericList
###################Complete Script is mentioned in another blog###################
Tuesday, August 30, 2022
Copy page from one sharepoint site to other sharepoint site
$group_list = Import-Csv 'C:\WW\SiteList.csv'
$srcUrl = "https://shared.sharepoint.com/sites/fj-mech-dev/"
$pageName = "Home-Team.aspx"
#$cred = Get-Credential
Connect-PnPOnline -Url $srcUrl -Credentials $cred
#$Cred=Get-Credential
foreach ($group in $group_list)
{
try {
$destUrl = $group.SiteName #Read-Host "Enter the destination site url"
$tempFile = [System.IO.Path]::GetTempFileName();
Export-PnPClientSidePage -Force -Identity $pageName -Out $tempFile
Connect-PnPOnline -Url $destUrl -Credentials $cred
Invoke-PnPSiteTemplate -Path $tempFile
$group.SiteName
Write-Host "ModernPage is successfully copied."
sleep 10
Set-PnPHomePage -RootFolderRelativeUrl "sitepages/Home-Team.aspx"#$pageName
} catch {
$group.SiteName
Write-Host -ForegroundColor Red 'Error ', ':'
$Error[0].ToString();
sleep 10
}
}
Subscribe to:
Posts (Atom)