• State Not Answered
  • Replies 6 replies
  • Subscribers 62 subscribers
  • Views 442 views
  • Users 0 members are here
Options
Related

PowerShell Script: Initiator And Switch

craig mcfarlane
1 month ago

Hi Team. 

I hope someone can help. I have a script that connects to Sharepoint and sets a user as a site collection owner. I am looking to use this as part of a Workflow to grant access and then, 60 minutes later, remove it. This script has two issues, and I will tackle one at a time so it's less confusing.

I can obtain the users whose One Drive permissions we wish to change via $Username = $DirObj.get("samaccountname") and I don't think there are any issues there.

As part of the script process when it runs I need to obtain who the person was that initiated the script. This is then used to add them as a site owner to the One Drive. I am using the below. 

$request.WhoAmi([ref]$strSan,[ref]$strDN)
$ARSInitiator = get-QADUser $strDN | Select-Object email

However, I don't think this is actually returning the email address, as the permission change never happens. If I hardcode the email address in the script when it does work.

example rather than 

$SiteCollAdmin= $ARSInitiator

$SiteCollAdmin= "first.last@domain.com"

Any suggestions on this first issue? 

Thanks in advance 

function OneDriveAccess($Request)
{
################################################
#Disable PNP Powershell Update and Telemetry
$env:PNPPOWERSHELL_UPDATECHECK=$false
$env:PNPPOWERSHELL_DISABLETELEMETRY=$true
################################################

# Active Roles Administation Service
$ARServer = "AR-SERVER-NAME-HERE"
#
#Import Powershell Modules & Active Roles Connection
Import-Module ActiveRolesManagementShell
Import-Module PnP.PowerShell
Connect-QADService -Service $ARServer -Proxy
#
#Date & Time
$DateYear = $((Get-Date).ToString('yyyy'))
$DateMonth = $((Get-Date).ToString('MMM'))
$DateDay = $((Get-Date).ToString('dd'))
#Time
$Time = Get-Date -Format "HH-mm"
#
#Script Import Export & Logging
$ScriptPath = "C:\Temp"
New-Item -ItemType Directory -Path "$ScriptPath\$DateYear\$DateMonth\$DateDay" -Force
New-Item -ItemType Directory -Path "$ScriptPath\$DateYear\$DateMonth\$DateDay\Logs" -Force
#
#Script Log File
$LogName = "$AzureLocation-OneDrive-Permissions-$time.txt"
$logfile = "$ScriptPath\$DateYear\$DateMonth\$DateDay\Logs\$LogName"

#Details of the ARS Account being changed
$Username = $DirObj.get("samaccountname")
$DataLocation = Get-QADUser $username -IncludedProperties msDS-preferredDataLocation | Select-Object -ExpandProperty msDS-preferredDataLocation

$request.WhoAmi([ref]$strSan,[ref]$strDN)
$ARSInitiator = get-QADUser $strDN | Select-Object email

#Obtain Azure Prefered Data
$AzureLocation = $DataLocation

#Azure Location. Used for sharepoint connection
switch ($AzureLocation) {
    'GBR' { $SPURL = 'https://domain-name-here-admin.sharepoint.com' }
    default { $SPURL = "https://domain-name-here$AzureLocation-admin.sharepoint.com" }
}

#Share Point Connection Properties
$CxParams = @{
    URL        = $SPURL
    ClientID   = "ID HERE"
    Tenant     = "domain-name.onmicrosoft.com"
    Thumbprint = "ThumbPrint-HERE"
}

#Connect to SharePoint Online
Connect-PnPOnline @CxParams

$OneDriveSiteUrl = (Get-PnPUserProfileProperty -Account $Username).PersonalUrl
$SiteCollAdmin= $ARSInitiator
  
#Change OneDrive Ownership
Set-PnPTenantSite -Url $OneDriveSiteUrl -Owners $SiteCollAdmin

Write-Output "Adding $ARSInitiator  Permission to $Username One Drive : " $OneDriveSiteUrl

}