Office365 Graph API grabs OneDrive/Sharepoint file information

1. Use the global administrator to log in to Office365 Azure AD to register the Graph API Application. For details, please refer to the official website link https://docs.microsoft.com/zh-cn/graph/auth-register-app-v2
2. Add the delegated application in the API permission - the following permissions are actually useless. You need to add the account running the graph api as the administrator of the read Onedrive site
Sites.Read.All
Sites.ReadWrite.All
Sites.Search.All
User.Read.All
2.1 setting up OneDrive site administrator

    $SiteUrl = "https://tenant-my.sharepoint.com/personal/username_domain_com/"
    connect-sposervice -Url "https://tenant-admin.sharepoint.com/" -Credential Get-Credential
    $sSecondaryODFBAdmin ="graphapi@tenant.onmicrosoft.com"
    Set-SPOUser -Site $SiteUrl -LoginName $sSecondaryODFBAdmin -IsSiteCollectionAdmin $true

3. In the certificate and client, create the client password
4. Generate Token function

function Graph_Auth
{
$clientID = "Client ID(36 Position)" 
$tenantName = "tenant.onmicrosoft.com"  
$ClientSecret = "Client password"
$Username = "Account with application permission"
$Password = "Above account password"
$ReqTokenBody = @{
    Grant_Type    = "Password"
    client_Id     = $clientID
    Client_Secret = $clientSecret
    Username      = $Username
    Password      = $Password
    Scope         = "https://graph.microsoft.com/.default"
} 
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$headerParams = @{
"Content-Type" = "application/json"
"Authorization"="$($TokenResponse.token_type) $($TokenResponse.access_token)"}
return $headerParams
}

5. If the invoke restmethod fails to connect to the server when running, it may be an https certificate problem. Run the following function to ignore the certificate

function Ignore-SelfSignedCerts {
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}}
"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
}

6. Grab OneDrive file information

#Refer to Onedrive log retrieved by search unifieddauditlog for specific format.
$UserId = ""                                #E-mail address
$SiteUrl= ""                                #OneDrive link
$SourceRelativeUrl = ""            #File relative address
$SourceFileName= ""               #File name
$SourceFileExtension= ""        #File attribute
Ignore-SelfSignedCerts
$headerParams = Graph_Auth
$SourceRelativeUrl = $SourceRelativeUrl -replace "^Documents/",""
$SourceFileExtension = $SourceFileExtension + "$"
if($SourceRelativeUrl -notmatch $SourceFileExtension){
if($SourceRelativeUrl -eq "Documents"){
$filepath = $SourceFileName
}else{
$filepath = $SourceRelativeUrl + "/" + $SourceFileName
}
}else{
$filepath = $SourceRelativeUrl
}
$url = "https://graph.microsoft.com/v1.0/users/"+ $UserId + "/drive/root:/" + $filepath
$result =Invoke-RestMethod -UseBasicParsing -Headers $headerParams -Uri $url -Method Get -Verbose

Tags: Windows JSON Attribute

Posted on Mon, 23 Mar 2020 10:14:07 -0400 by BANDYCANDY