There are multiple ways to interact with Office 365 as IT
pro. The most is using powershell scripts with the following three interfaces.
- SharePoint Online/MSOL cmdlets
- CSOM
- Web service
However, all of the powershell cmdlets need to enter
password and it will be difficult to automate these script as backend jobs. In
this article, I will provide the examples to provide the encrypted password and
avoid enter manually.
1. SharePoint Online/MSOL cmdlets
Before you could use SharePoint Online/MSOL cmdlets, you need to install the following online service
management tools. If you need to integrate with SharePoint on-premises, I would recommend to install them on ONE on-premises SharePoint Server 2013 web server.
- Microsoft Online Services Sign-In Assistant for IT Professionals BETA (64 bit version)
- Azure Active Directory Module for Windows PowerShell (64 bit version)
- SharePoint Online Management Shell (64 bit version)
Get-Credential "globaladmin@domain.company.com" | Export-Clixml E:\MyCredential.xml
Now you could use the SharePoint Online/MSOL cmdlets without user name and password. Please note the highlighted parameters that will avoid any user input.
Import-Module MSOnline -force –verbose
Import-Module Microsoft.Online.SharePoint.PowerShell -force
$cred = Import-Clixml E:\MyCredential.xml
Connect-MsolService -Credential $cred
# You could run any SharePoint Online/MSOL cmdlets now
Get-MsolUser -All
We can use the same method for SharePoint online cmdlets. Here is the cheat sheet. One example listed below.
Connect-SPOService -Url https://qualcomm-admin.sharepoint.com -Credential $cred
If you need to configure SharePoint on-way outbound hybrid search, you have to use this method as we described in previous blog.
2. CSOM through powershell
Before
you could use CSOM cmdlets, you would need to copy all the necessary dlls if you are not on running on SharePoint server. Please refer Chris' blog for details.
If you want to avoid password prompt, you could run the following command and the password will be encrypted into C:\cred.txt file.
# Login as the user account to window server and run the following scrip
read-host -AsSecureString | ConvertFrom-SecureString | out-file C:\cred.txt
After you add the references to SharePoint client assemblies and authenticate to Office 365 site, you can use the CSOM cmelets. Here is one example to display the count of the documents for user's OneDrive four business folder.
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll";
$siteUrl = "https://cpmpany-my.sharepoint.com/personal/user_company_com"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll";
$siteUrl = "https://cpmpany-my.sharepoint.com/personal/user_company_com"
$listTitle = "Documents"
$sourceFolder = "/Documents"
$o365admin = "globaladmin@domain.company.com"
$password = get-content C:\cred.txt | convertto-securestring
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
$ctx.Credentials = $credentials
#Load items
$list = $ctx.Web.Lists.GetByTitle($listTitle)
$query = [Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery()
$items = $list.GetItems($query)
$ctx.Load($list)
$ctx.Load($items)
$ctx.ExecuteQuery()
$items.Count
$sourceFolder = "/Documents"
$o365admin = "globaladmin@domain.company.com"
$password = get-content C:\cred.txt | convertto-securestring
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365admin,$password)
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
$ctx.Credentials = $credentials
#Load items
$list = $ctx.Web.Lists.GetByTitle($listTitle)
$query = [Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery()
$items = $list.GetItems($query)
$ctx.Load($list)
$ctx.Load($items)
$ctx.ExecuteQuery()
$items.Count
3. Web Service through powershell
In order to use REST service, you will not need any client dlls and you could run the cmdlets from any server.
If you want to avoid password prompt, you could run the same command we described above and the password will be encrypted into C:\cred.txt file.
# Login as the user account to window server and run the following scrip
read-host -AsSecureString | ConvertFrom-SecureString | out-file C:\cred.txt
Then you would need to authenticate to O365 through SharePointOnlineCredentials object. Here is the example to use user profile service web service to update the user SIP value.
$o365admin = "globaladmin@domain.company.com"
$password = get-content C:\cred.txt | convertto-securestring
$password = get-content C:\cred.txt | convertto-securestring
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365admin,$password)
$adminCookie = $Creds.GetAuthenticationCookie($adminUrl)
# Get the authentication cookie by passing the url of the web service
$siteCookie = $Creds.GetAuthenticationCookie($siteUrl);
# Create a CookieContainer to authenticate against the web service
$authContainer = New-Object System.Net.CookieContainer;
# Put the authenticationCookie string in the container
$authContainer.SetCookies($adminUrl, $authCookie);
# Concatenate the URL for Web Service / REST API
$url = $adminUrl + "/_vti_bin/userprofileservice.asmx";
# Create the O365 REST service
$UserProfileWS = $null;
$UserProfileWS = New-WebServiceProxy -Uri $url -Namespace 'SPOUserProfileService';
$UserProfileWS.UseDefaultCredentials = $false;
$UserProfileWS.CookieContainer = New-Object System.Net.CookieContainer;
$UserProfileWS.CookieContainer = $authContainer;
# You could use the web service from now
$userProperty = $UserProfileWS.GetUserPropertyByAccountName($login, 'SPS-SipAddress')
$currentsid = $userProperty[0].Values[0].Value;
$userProperty[0].Values[0].Value = $UPNValue.Item(0);
$userProperty[0].IsValueChanged = $true;
$UserProfileWS.ModifyUserPropertyByAccountName($login, $userProperty)
$currentsid = $userProperty[0].Values[0].Value;
$userProperty[0].Values[0].Value = $UPNValue.Item(0);
$userProperty[0].IsValueChanged = $true;
$UserProfileWS.ModifyUserPropertyByAccountName($login, $userProperty)
There are more SharePoint Online web service functions you could use. You could also use CSOM to retrieve and update user profile properties.
You could also use window credential to connect to SharePoint. The details is here.
Please note, Microsoft is changing the API frequently and there may be better way to user powershell to manage O365 in new releases.
No comments:
Post a Comment