I've registered an app using the Azure AD portal which I am successfully accessing using invoke-webrequest from a Powershell script. The app tries to list signins but is returning up to the limit of 1000 signin objects. When I try to use query parameters to restrict the fields and amount of data returned, the web request returns an error saying that the AllowedQueryOptions and EnableQueryAttributes need to be updated for the parameters used, eg. select, top, skip. I've tried v1.0 and beta APIs without success.
Is there a way to manipulate these options via powershell so that the query parameters are recognized? I've seen some references to OAuth and ASP.NET Core to do this. Is powershell the "right" way to automate signin retrieval? Will this functionality to manipulate query options ever come to powershell?
Cheers,
-Emanuel
As you mentioned in comments, if it is unnecessary for you to use graph api, I think use Powershell command is an option for your reference.
You can use this command in your Powershell:
Get-AzureADAuditSignInLogs
If you want to use query parameters to restrict the fields and amount of data returned, you can refer to the sample as below:
Get-AzureADAuditSignInLogs -Top 5 | Select-Object -Property Id, UserDisplayName
Hope it helps~
Related
I'm taking calls at a Helpdesk, and I use PowerShell 5.1 (in restrained language mode with no access to additional modules), running "net user query (username) /dom" for every call.
I'm trying to create a script that makes this process easier and wanted to create a function with the result that I get, but am unsure how to.
How do I select a specific result that comes from the information once net user query command is completed? such as attribute "Full name" and "account log in status"? Is this possible without having any modules installed?
I was hoping to create a variable from the results of some of the information that is returned and then plug them in to other commands.
I'm trying get Refresh Logs for each dataset from Power BI rest API with Power Shell script.
Documentation for API https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/getrefreshhistory
But I'm getting below error in power shell. could you please help me ?
At first sight, you should use Invoke-PowerBIRestMethod instead of the generic Invoke-RestMethod. The first one will take care of adding the authorization token in the request for you, which you must add manually when using the generic cmdlet (and you didn't).
MS Graph API for Teams can create a team without resourceProvisioningOptions property set.
But, when get all teams with PowerShell 0.9.5(Microsoft.TeamsCmdlets.PowerShell.Custom.dll), it calls HTTP Get with "https://graph.microsoft.com/beta/groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')"
So, it cannot returns all teams.
According to your description, I assume you want to list the teams by using the Power Shell.
I have tied this, and it works. First, I tried the following API GET https://graph.microsoft.com/beta/groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team') on the MS Graph Explorer. And it works. Then, I tried this API on the PowerShell, it works too.
According to this document,
If the group was created less than 15 minutes ago, it's possible for the Create team call to fail with a 404 error code due to replication delays.
So it maybe the reason about you could not get all the teams
Does Azure AD Graph API support batch processing on users? As an example, if I want to update the location for several hundred users in my organization, is there any way I can do that? The only information I could find was what is described here: https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-batch-processing
But as I understand, you can only batch operations on a single user entity in a given batch operation, and even that is limited to 5 operations per changeset. So my only option seems to be to sequentially invoke the API to update every single user in my list. I couldn't find any officially documented rate limiting that may be enforced by Microsoft. So I'm not sure if that approach would even work. Is there a better way to do this?
Yes , Azure AD Graph API support batch processing on users . Please refer to this code sample , check the CreateUsersTest function in that code sample . To make that sample work , you need to add Read and write directory data app permission for your client app :
Another way is to use powershell to add multiple users using a bulk import process:
first create a csv file with appropriate attributes like :
Then you could install Azure ActiveDirectory Powershell (MSOnline).
Connect the service :
PS C:\WINDOWS\system32> connect-msolservice
Import users from csv file :
$users = Import-Csv E:\a.csv
Create users with New-MsolUser command .
$users | ForEach-Object {New-MsolUser -UserPrincipalName $_.UserName -FirstName $_.FirstName -LastName $_.LastName –DisplayName $_.DisplayName -Title $_.JobTitle -Department $_.Department -Country $_.Country}
Update :
Please refer to document : https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-batch-processing
The Graph API supports a subset of the functionality defined by the OData specification:
A single batch can contain a maximum of five queries and/or change sets combined.
A change set can contain a maximum of one source object modification and up to 20 add-link and delete-link operations combined. All operations in the change set must be on a single source entity.
In your scenario ,a single source entity means one user entity , you could create a user , modify that user in a change set , but can't create two users in one change set, since they're two entities .
It seems there is no such document lists rate limiting for batch process , but i have tested create 2000+ users with above code and it works fine .
Where do I retrieve the NextToken from when using the AWS Powershell CmdLets?
For example when I call Get-CDDeploymentList I need to supply the NextToken to retrieve the next set of deployment IDs. However the Get-CDDeploymentList command only returns an array of deployment IDs and not a NextToken.
The NextToken is contained in the $AWSHistory.LastServiceResponse variable.
In the case of the Get-CDDeploymentList command the LastServiceResponse will contain the properties Deployments and the NextToken, so the NextToken can be retrieved using:
$AWSHistory.LastServiceResponse.NextToken
For more information on the $AWSHistory object see http://docs.aws.amazon.com/powershell/latest/userguide/pstools-pipelines.html.
Actually you don't need to use NextToken unless you want or need to take manual control of pagination. By default, if NextToken isn't supplied to the vast majority of the cmdlets, they will automatically handle pagination for you internally and make multiple calls to the underlying service api to emit the full data set to the pipeline.
There are a couple of service apis where the response data from the api call contains more than one field that we would emit to the pipeline (imagine a call that returned a list of 'success' elements as well as a list of 'failed' elements). In these scenarios the cmdlets will emit the entire response object to the pipeline and it will contain the next token element -- for these you (the user) have to manually paginate.
I'm sure we used to note when cmdlets auto-paginate (and when they don't) in the cmdlet documentation but in looking at the linked cmdlet documentation it seems we've dropped this somewhere along the way - I'll investigate and get this fixed.