Our company is implementing a process where we automatically backup specific users' Exchange mailbox and OneDrive contents during the offboarding process.
My idea was pretty simple: using the cmdlets for the Compliance center to retrieve both and schedule deletion after an x period of time.
The problem is the e-mail backup is working perfectly, but for some reason OneDrive is not.
I created a test account with some e-mails in its mailbox and a added some files to its OneDrive, but for some reason it's only saving the mailbox contents.
Here's my code:
# For running on Azure runbooks
$Creds = Get-AutomationPSCredential -Name "testcred"
Connect-IPPSSession -Credential $Creds
New-ComplianceSearch -Name "test-name" -ExchangeLocation "test.user#company.com" -AllowNotFoundExchangeLocationsEnabled $true -SharePointLocation "https://company-my.sharepoint.com/personal/test_user_company_com/" | Start-ComplianceSearch
The search then pops up on https://compliance.microsoft.com/contentsearch and can be exported if necessary to access.
Problem is when I export it the contents of the OneDrive just simply don't show up even though in the compliance center it does seem to register the request for the site:
That's great, but then after extracting the contents to my PC no OneDrive contents come with:
The Exchange folder contains the .pst file with mailbox contents, but no OneDrive files to be found.
Am I missing something here?
Edit: I should mention we use a 100% cloud Office 365 environment.
Edit2: Just as an additional proof, here's the content inside the OneDrive in the preview section of the Compliance's Content Search:
I landed here when searching about another glitch on exporting Content Search OneDrive files.
Using Compliance Admin Center/Content Search I am able to export OneDrive files, but I have to explicitly set the user's URL (xxxx-my.sharepoint.com/personal/yyyy in my case).
(BTW, my problem is that the export has files with extensions such pdf_1E98101, msg_61c3b09 and so on... I am creating a question for this)
Related
I am trying to delete permissions on a public folder in Exchange Online. We inadvertently desynced mail-enabled security groups in AD-Connect. This caused all permissions to be lost in the migrated public folders (even after resyncing). I've since recreated the security groups in M365 and have the permissions working on the new groups.
However, I am unable to remove the permissions from the folder for any of the synced security groups. If I do it in the GUI it saves without error, but the permission is still there.
In Powershell, I attempt to remove the permission and receive an error of There is no existing permission entry found for user: Finance Group even though the entry shows there is. The Powershell output is below. This is my first post so I am not allowed to embed images yet - apologies.
Get-PublicFolderClientPermission "\Finance\Finance Departmental Calendar"
Powershell Results for Get-PublicFolderClientPermission
Remove-PublicFolderClientPermission -Identity "\Finance\Finance Departmental Calendar" -User "Finance Group"
Powershell Results for Remove-PublicFolderClientPermission
Thanks in advance.
If the issue is not just inheritance, microsoft has some recommendations here: https://learn.microsoft.com/en-us/exchange/troubleshoot/public-folders/public-folder-permission-issues
# check permissions on the primary pf mailbox specifically
Get-PublicFolderClientPermission \puf1 -User User1 -Mailbox (Get-Mailbox -PublicFolder | ?{$_.IsRootPublicFolderMailbox -eq "True"}).Name
# check permissions on the user's pf mailbox
Get-PublicFolderClientPermission "\puf1" -User User1 -Mailbox pubmbx1
# check the hierarchy sync status, and compare between pf mailboxes
$s = Get-PublicFolderMailboxDiagnostics pubmbx1 -IncludeHierarchyInfo
$s.HierarchyInfo
$s.SyncInfo.LastAttemptedSyncTime.LocalTime
$s.SyncInfo.LastFailedSyncTime.LocalTime
$s.SyncInfo.LastSyncFailure
# manually resync permissions to entire pf mailbox
Update-PublicFolderMailbox pubmbx1 -InvokeSynchronizer
Be careful of making changes in O365 if you're in hybrid config. You probably don't want to overwrite the newly-added permissions in O365 by surprise sync up from on-prem
In my anectodal experience, 365 also needs the original user object to exist for some reason. Probably buggy behavior with how it resolves the user name on permission entries. If possible, try and resync the old groups to 365
I have had to export, delete, and recreate a mailbox or publicfolder to fix certain rare situations
I would like to create a remote folder inside Inbox with this command wit o365 exchange when execute the following command:
New-MailboxFolder -Parent 'username#domain.com:\Inbox\Folder1' -Name 'Folder1.1'
However, this command cannot be used to create folders on other user’s mailbox.
The error is:
The specified mailbox “username#domain.com” doesn’t exist
What's the exactly problem with this command? Anybody know any Workaround? Thanks!
The cmdlet you're trying to use is not supposed to work for mailboxes other than your own (even if you have proper rights). From the documentation:
Use the New-MailboxFolder cmdlet to create folders in your own mailbox. Administrators can't use this cmdlet to create folders in other mailboxes (the cmdlet is available only from the MyBaseOptions user role).
Some possible workarounds are:
Use Create MailFolder from Graph API
Use MFCMAPI (probably not trivial to be automated)
More detailed description can be found here.
I have a requirement to remove several PDFs from specific folder our Sitecore media library, possibly over 1000 documents. We need to maintain the file names of these PDFs and would prefer to maintain the "file structure/hierarchy" of these documents.
We have tried using the Sitecore Powershell Extensions "Download" feature, but it does not appear to download the PDFs, only the content items themselves. We can create a package, but the folder that contains the resulting PDFs have had their file names replaced with GUIDs.
Is there a PS script available or any other way to do a bulk download of these media library PDFs?
P.S. I am a Powershell neophyte, so please be gentle.
Sounds like you need to use the Send-File command. When executed on a media library item, it allows you to download the associated blob stored in that item.
Example:
PS master:\>Get-Item "master:\media library\files\pdfs\mypdffile" | Send-File -Message "PDF Download"
You can pass -NoDialog to it so the user is not propmted each time.
So for multiple files you can do:
Get-Item -Path master -Query "/sitecore/#media library#/files//*[##templatename='Pdf']" |
Send-File -NoDialog
I can't see performance being great with 1000's of files for that tho. Also it will not keep the path, all files will be saved directly to your Downloads folder.
Perhaps you may be interested in using the download capability through SPE Remoting. This is an alternative solution that operates outside of Sitecore and connects through the web service.
Sample script for downloading:
https://github.com/SitecorePowerShell/Console/blob/master/Modules/Remoting%20Tests%20-%20Download%20with%20RemoteScriptCall.ps1
Book details on getting setup:
https://sitecorepowershell.gitbooks.io/sitecore-powershell-extensions/content/remoting.html
This may not even be possible without powershell (or Azure Powershell), but can I use a script to retrieve user information from AZURE active directory on a Windows 10 computer?
Since the user has already provided credentials and the user name has been pulled down from Azure, is there any other information pulled down that I can reference as a system object (for eg).
Example of code to show user name:
Set objSysInfo = CreateObject("ADSystemInfo")
wScript.Echo objSysInfo.UserName
I want to see other information such as users department(i.e. .department , so that I can map drives by identifying the users department rather than using the user name).
If I can't use vbs then is this possible with Azure powershell without re-entering user credentials and/or re-verifying user credentials?
It's possible with Azure PowerShell commandlets:
Connect-MsolService -CurrentCredential
Get-MsolUser -UserPrincipalName username#domain
I am trying to copy one file from share in my custom dsc script. This code below works great in powershell, but not working in dsc resource.
PS C:\Users\user> $wc = New-Object System.Net.WebClient
PS C:\Users\user> $wc.DownloadFile("\\DC1\Downloads\en_sql_server_2012_enterprise_edition_with_service_pack_2_x64_dvd_
4685849.iso", "C:\SQL2012SP2.iso")
Powershell 4/5 has native commandlets for get files from smb share? Or any variants?
As #arco444 alluded to, the way you're doing this is bananas. Why not use Copy-Item?
That aside, I think you would have the problem with Copy-Item as well.
DSC runs under the context of SYSTEM, so you should make sure that your share allows access from the machine account of the machine on which the DSC is to be executed.
Alternatively, you can grant read access to Authenticated Users (which includes all other users as well), or Domain Computers if you're in a domain and want all of the computers to be able to read the contents.
The Credential parameter in file resource is used to connect to the source - so you can specify credentials for the share.
However make sure that credentials are secured as described in this article - [link] http://blogs.msdn.com/b/powershell/archive/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration.aspx