Tuesday, February 3, 2015

Different ways to manage O365 through Powershell without prompted password



There are multiple ways to interact with Office 365 as IT pro. The most is using powershell scripts with the following three interfaces.
  1. SharePoint Online/MSOL cmdlets
  2. CSOM
  3. Web service
However, all of the powershell cmdlets need to enter password and it will be difficult to automate these script as backend jobs. In this article, I will provide the examples to provide the encrypted password and avoid enter manually. 

1. SharePoint Online/MSOL cmdlets
Before you could use SharePoint Online/MSOL cmdlets, you need to install the following online service management tools. If you need to integrate with SharePoint on-premises, I would recommend to install them on ONE on-premises SharePoint Server 2013 web server.
If you want to avoid password prompt, you could run the following command and the credential will be encrypted into a E:\MyCredential.xml file.

Get-Credential "globaladmin@domain.company.com" | Export-Clixml E:\MyCredential.xml

Now you could use the SharePoint Online/MSOL cmdlets without user name and password. Please note the highlighted parameters that will avoid any user input.

Import-Module MSOnline -force –verbose
Import-Module Microsoft.Online.SharePoint.PowerShell -force
$cred = Import-Clixml E:\MyCredential.xml
Connect-MsolService -Credential $cred

# You could run any SharePoint Online/MSOL cmdlets now
Get-MsolUser -All 


We can use the same method for SharePoint online cmdlets. Here is the cheat sheet. One example listed below.

Connect-SPOService -Url https://qualcomm-admin.sharepoint.com  -Credential $cred

If you need to configure SharePoint on-way outbound hybrid search, you have to use this method as we described in previous blog.

2. CSOM through powershell
Before you could use CSOM cmdlets, you would need to copy all the necessary dlls if you are not on running on SharePoint server. Please refer Chris' blog for details. 
If you want to avoid password prompt, you could run the following command and the password will be encrypted into C:\cred.txt file.
# Login as the user account to window server and run the following scrip
read-host -AsSecureString | ConvertFrom-SecureString | out-file C:\cred.txt
After you add the references to SharePoint client assemblies and authenticate to Office 365 site, you can use the CSOM cmelets.  Here is one example to display the count of the documents for user's OneDrive four business folder.

Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll";

$siteUrl = "https://cpmpany-my.sharepoint.com/personal/user_company_com"
$listTitle = "Documents"
$sourceFolder = "/Documents"

$o365admin = "globaladmin@domain.company.com"
$password = get-content C:\cred.txt | convertto-securestring

$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365admin,$password)

$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
$ctx.Credentials = $credentials

#Load items
$list = $ctx.Web.Lists.GetByTitle($listTitle)
$query = [Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery()
$items = $list.GetItems($query)
$ctx.Load($list)
$ctx.Load($items)
$ctx.ExecuteQuery()
$items.Count
3. Web Service through powershell
In order to use REST service, you will not need any client dlls and you could run the cmdlets from any server. 

If you want to avoid password prompt, you could run the same command we described above and the password will be encrypted into C:\cred.txt file.
# Login as the user account to window server and run the following scrip
read-host -AsSecureString | ConvertFrom-SecureString | out-file C:\cred.txt

Then you would need to authenticate to O365 through SharePointOnlineCredentials object. Here is the example to use user profile service web service to update the user SIP value.

$o365admin = "globaladmin@domain.company.com"
$password = get-content C:\cred.txt | convertto-securestring

$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365admin,$password)

$adminCookie = $Creds.GetAuthenticationCookie($adminUrl)

# Get the authentication cookie by passing the url of the web service
$siteCookie = $Creds.GetAuthenticationCookie($siteUrl);

# Create a CookieContainer to authenticate against the web service
$authContainer = New-Object System.Net.CookieContainer;

# Put the authenticationCookie string in the container
$authContainer.SetCookies($adminUrl, $authCookie);

# Concatenate the URL for Web Service / REST API
$url = $adminUrl  + "/_vti_bin/userprofileservice.asmx";

# Create the O365 REST service           
$UserProfileWS = $null;          
$UserProfileWS = New-WebServiceProxy -Uri $url  -Namespace 'SPOUserProfileService';   
$UserProfileWS.UseDefaultCredentials = $false;
$UserProfileWS.CookieContainer = New-Object System.Net.CookieContainer;
$UserProfileWS.CookieContainer = $authContainer;

# You could use the web service from now
$userProperty = $UserProfileWS.GetUserPropertyByAccountName($login, 'SPS-SipAddress')
$currentsid = $userProperty[0].Values[0].Value;
$userProperty[0].Values[0].Value = $UPNValue.Item(0);
$userProperty[0].IsValueChanged = $true;
$UserProfileWS.ModifyUserPropertyByAccountName($login, $userProperty)

There are more SharePoint Online web service functions you could use. You could also use CSOM to retrieve and update user profile properties.

You could also use window credential to connect to SharePoint. The details is here.

Please note, Microsoft is changing the API frequently and there may be better way to user powershell to manage O365 in new releases.

No comments:

Post a Comment