I am using the AzureAd Powershell module for user management. However it does not have all the functionality that I need, specifically, I can't assign Application Extension values to objects, (although I can create delete and remove application extensions themselves via [Get/New/Remove]-AzureADApplicationExtensionProperty).
I know from watching the API calls with Fiddler that the graph calls are using bearer tokens, and I've called the graph API directly from Postman manually so I know how to use the Bearer token if I could get it. How do I get it?
To get the token simply use:
$token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken']
But how could one come to this conclusion?
First look for where the module is located:
(Get-Module AzureAd).Path
C:\Program Files\WindowsPowerShell\Modules\AzureAD\2.0.1.3\Microsoft.Open.AzureAD16.Graph.PowerShell.dll
Now lets just make 2 assumptions. First that the token is stored in a static member of a static class, and second that it might not be stored in that dll, but any of the DLLs in the folder.
$fileInfo = New-Object 'IO.FileInfo' (Get-Module AzureAd).Path
$moduleFolder = $fileInfo.Directory.FullName
$assemblies = [AppDomain]::CurrentDomain.GetAssemblies() | where { $_.Location -ne $null -and $_.Location.StartsWith($moduleFolder)}
$assemblies | select -expandproperty ExportedTypes | Where { $_.IsSealed -and $_.IsAbstract } | Select Name, FullName
That last line btw is because of the weird way static types are noted in IL.
Which outputs a very small list:
Name FullName
---- --------
RestSharpExtensionMethods Microsoft.Open.Azure.AD.CommonLibrary.RestSharpExtensionMethods
AzureSession Microsoft.Open.Azure.AD.CommonLibrary.AzureSession
DictionaryExtensions Microsoft.Open.Azure.AD.CommonLibrary.DictionaryExtensions
Logger Microsoft.Open.Azure.AD.CommonLibrary.Logger
ImageUtils Microsoft.Open.Azure.AD.CommonLibrary.Utilities.ImageUtils
SecureStringExtension Microsoft.Open.Azure.AD.CommonLibrary.Extensions.SecureStringExtension
AzureEnvironmentConstants Microsoft.Open.Azure.AD.CommonLibrary.AzureEnvironment+AzureEnvironmentConstants
TypeToOdataTypeMapping Microsoft.Open.AzureAD16.Client.TypeToOdataTypeMapping
JsonConvert Newtonsoft.Json.JsonConvert
Extensions Newtonsoft.Json.Linq.Extensions
Extensions Newtonsoft.Json.Schema.Extensions
TypeToOdataTypeMapping Microsoft.Open.MSGraphV10.Client.TypeToOdataTypeMapping
AdalError Microsoft.IdentityModel.Clients.ActiveDirectory.AdalError
AuthenticationContextIntegratedAuthExtensions Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions
AdalOption Microsoft.IdentityModel.Clients.ActiveDirectory.AdalOption
MiscExtensions RestSharp.Extensions.MiscExtensions
ReflectionExtensions RestSharp.Extensions.ReflectionExtensions
ResponseExtensions RestSharp.Extensions.ResponseExtensions
ResponseStatusExtensions RestSharp.Extensions.ResponseStatusExtensions
StringExtensions RestSharp.Extensions.StringExtensions
XmlExtensions RestSharp.Extensions.XmlExtensions
RestClientExtensions RestSharp.RestClientExtensions
SimpleJson RestSharp.SimpleJson
We could pipe through Out-Gridview if the list was longer, but my attention was immediatly drawn to AzureSession. After that a little PowerShell autocomplete, and I found my way to [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken']
Related
I am trying to generate a report with all unique permissions in all folders of a SharePoint Online library (and not user permissions, the goal is to retrieve group permissions). I wrote a Powershell script using SharePoint PnP. Please see below.
$permissionCSV = "path-to-csv.csv"
$CAMLQuery = "<View Scope='RecursiveAll'><RowLimit>5000</RowLimit></View>"
$items = Get-PnPListItem -List "My-List" -Query $CAMLQuery
$ctx = $Get-PnPContext
foreach($item in $items) {
if(item.FileSystemObjectType -eq 'folder') {
Get-PnPProperty -ClientObject $item -Property HasUniqueRoleAssignments
if ($item.HasUniqueRoleAssignments) {
$ctx.load($item.RoleAssignments)
$ctx.load($item.Folder)
$ctx.ExecuteQuery()
foreach($RoleAssignments in $item.RoleAssignments) {
$ctx.Load($RoleAssignments.Member)
$ctx.Load($RoleAssignments.RoleDefinitionBindings)
$ctx.ExecuteQuery()
foreach($RoleDefinition in $RoleAssignments.RoleDefinitionBindings) {
$RoleDefinition |
Select #{expression={$item.Folder.Name};Label="Name"},
#{expression={$item.Folder.ServerRelativeUrl};Label="Path"},
#{expression={$RoleAssignments.Member.Title};Label="Role"},
#{expression={$_.Name};Label="Permission"}|
Export-CSV $permissionCSV -Append -Force -Encoding UTF8 -NoTypeInformation
}
}
}
}
}
This code works. However, because our library is very large (more than 5000 folders), such a script would take days to be executed. So I am wondering if I am taking a wrong approach. All the posts I read only mention this method, which requires network communication for each single folder...
Does anyone knows the best way to generate such report without taking days? Any idea is welcome, including using other programming languages, but I would like to avoid paid third-party services if possible.
Thank you for your help.
I'm looking for a way to retrieve the target framework attribute (e.g. .NETCoreApp,Version=v2.1) from a DLL when using PowerShell Core, ideally without loading the DLL directly into the main session.
I can do this in Windows PowerShell 5, as it has access to the ReflectionOnlyLoadFrom method...
$dllPath = 'C:\Temp\ADALV3\microsoft.identitymodel.clients.activedirectory.2.28.4\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll'
[Reflection.Assembly]::ReflectionOnlyLoadFrom($dllPath).CustomAttributes |
Where-Object {$_.AttributeType.Name -eq 'TargetFrameworkAttribute'} |
Select -ExpandProperty ConstructorArguments |
Select -ExpandProperty value
However, I realise that this approach isn't available in .NET Core.
Editor's note: Even though the documentation (as of this writing) misleadingly suggests that the ReflectionOnlyLoadFrom method is available in .NET Core, it is not, as explained here.
From what I've seen, it looks likely that I should be able to access the custom attributes that hold the target framework attribute by using an instance of the System.Reflection.Metadata.MetadataReader class that's available in .NET Core (a couple of examples of this in use can be found here: https://csharp.hotexamples.com/examples/System.Reflection.Metadata/MetadataReader/GetCustomAttribute/php-metadatareader-getcustomattribute-method-examples.html ). However, all the constructors for this type seem to use a Byte* type, as the following shows when running from PowerShell Core:
([type] 'System.Reflection.Metadata.MetadataReader').GetConstructors() | % {$_.GetParameters() | ft}
I have no idea how to create a Byte* type in any version of PowerShell. Perhaps there's a method in System.Reflection.Metadata that I should be using before creating the MetadataReader object, but I haven't found it yet.
Apologies for the length of this question, but I'm hoping by sharing my notes I'll help in tracking down the solution. Any advice on how this target framework information can be obtained using PowerShell Core?
After quite a bit of work, I managed to put together a PowerShell script that works (without external dependencies) in PowerShell Core that pulls in the target framework from a DLL:
$dllPath = 'C:\Temp\ADALV3\microsoft.identitymodel.clients.activedirectory.2.28.4\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll'
$stream = [System.IO.File]::OpenRead($dllPath)
$peReader = [System.Reflection.PortableExecutable.PEReader]::new($stream, [System.Reflection.PortableExecutable.PEStreamOptions]::LeaveOpen -bor [System.Reflection.PortableExecutable.PEStreamOptions]::PrefetchMetadata)
$metadataReader = [System.Reflection.Metadata.PEReaderExtensions]::GetMetadataReader($peReader)
$assemblyDefinition = $metadataReader.GetAssemblyDefinition()
$assemblyCustomAttributes = $assemblyDefinition.GetCustomAttributes()
$metadataCustomAttributes = $assemblyCustomAttributes | % {$metadataReader.GetCustomAttribute($_)}
foreach ($attribute in $metadataCustomAttributes) {
$ctor = $metadataReader.GetMemberReference([System.Reflection.Metadata.MemberReferenceHandle]$attribute.Constructor)
$attrType = $metadataReader.GetTypeReference([System.Reflection.Metadata.TypeReferenceHandle]$ctor.Parent)
$attrName = $metadataReader.GetString($attrType.Name)
$attrValBytes = $metadataReader.GetBlobContent($attribute.Value)
$attrVal = [System.Text.Encoding]::UTF8.GetString($attrValBytes)
if($attrName -eq 'TargetFrameworkAttribute') {Write-Output "AttributeName: $attrName, AttributeValue: $attrVal"}
}
$peReader.Dispose()
I'm mostly happy with it, the only issue I'd still like to sort out is that I'm getting some unhandled characters in the string output. I'll try to get rid of them.
I am using powershell to check, if a SharePoint I just added has changed. To do so, I first add the item via
$spFile = $spFiles.Add(...)
after that I regularly do this:
$spFile.Item["propertyName"]
The result is the same every time, even if I change the property in SharePoint. So I guess I have to refresh the item in Powershell. How can this be done?
You need to get the document library once again and then only you can get the changed value. It stores in cache, Something like this you need to do
$library = $web.Lists["DocumentLibrary"]
$spFiles= $library.Items | where {$_.FileSystemObjectType -eq "File"}
foreach ($spFile in $spFiles) {
$spFile.Item["propertyName"]
}
I am new to powershell and a bit more experienced with Sharepoint.
I need to assign rights to a folder within a list to a specific user with Contribute.
Site is http://contoso.com/stores/Form1/001
List: Form1
Folder: 001
User: contoso\user001
I want the simplest code possible to assign a single user the "Contribute" right for the folder 001.
Thank you very much everyone!
When I google on the subject, every thread gets back to this site but I am unable to make this work. If someone could tweak it for me with my informations or make a new code for me it would be very appreciated. I will be glad to accept answer and boost your rep for it!
http://sharepoint2010tutor.blogspot.com.au/2011/08/grant-folder-permissionsharepoint-using.html
You need to pass in the user id of an existing SharePoint user when you call the GrantUserPermission function. Right now you're passing the permission level you want assign. That is already set in the role binding.
if($folder.Name.Equals("001"))
{
# don't pass the permission level here --> GrantUserPermission("Contribute")
# pass a valid SharePoint user.
GrantUserPermission("adventureworks\jdoe")
}
Currently this is what I was using:
Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue
Add-SPShellAdmin
cls
$site = new-object Microsoft.SharePoint.SPSite("http://contoso.com/stores")
$web = $site.OpenWeb()
function GrantUserpermission($userName)
{
[Microsoft.SharePoint.SPUserCollection]$spusers= [Microsoft.SharePoint.SPUserCollection]$web.SiteUsers
[Microsoft.SharePoint.SPUser]$spuser=$spusers[$userName]
$sproleass=new-object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$spuser)
$folder.BreakRoleInheritance("true")
$sproleass.RoleDefinitionBindings.Add($web.RoleDefinitions["Contribute"])
$folder.RoleAssignments.Add($sproleass);
Write-Host "Permission provided for user ", $userName
}
$doclib=[Microsoft.SharePoint.SPDocumentLibrary]$web.Lists["Form1"]
$foldercoll=$doclib.Folders;
foreach($folder in $foldercoll)
{
Write-Host $folder.Name
if($folder.Name.Equals("001"))
{
GrantUserPermission("Contribute")
}
}
Write-Host "Completed...."
$web.Close()
$site.Dispose()
I am not sure if this is possible or not with PowerShell.
But basically I have a Windows Forms program that configures a program called EO Server. The EO Server has an API, and I make a reference to EOServerAPI.dll to make the following code run.
using EOserverAPI;
...
private void myButton_Click(object sender, EventArgs e)
{
String MDSConnString="Data Source=MSI;Initial Catalog=EOMDS;Integrated Security=True;";
//Create the connection
IEOMDSAPI myEOMDSAPI = EOMDSAPI.Create(MDSConnString);
//Get JobID
Guid myMasterJobID = myEOMDSAPI.GetJobID("myJobRocks");
}
Is it possible to interact with an API DLL file and make the same types of calls as you would in a Windows Forms application?
Yes, you can:
Add-Type -Path $customDll
$a = new-object custom.type
You call a static method like so:
[custom.type]::method()
Instead of Add-Type, you can also use reflection:
[Reflection.Assembly]::LoadFile($customDll)
(Note that even the above is calling the Reflection library and the LoadFile static method.)
Take a look at the blog post Load a Custom DLL from PowerShell. If you can interact with an object in .NET, you can probably do it in PowerShell too.
Actually the other offered solutions don't work for me, here it's an alternative that works perfectly for me:
$AssemblyPath = "C:\SomePath\SomeLIB.dll"
$bytes = [System.IO.File]::ReadAllBytes($AssemblyPath)
[System.Reflection.Assembly]::Load($bytes)
c# dll
Add-Type -Path $dllPath
(new-object namespace.class)::Main() #Where namespace=dllnamespace, class=dllclass, Main()=dllstartvoid
info. get namespace&classes
$types = Add-Type -Path $dllPath -PassThru
$types | ft fullname
$types
if it's not "executable" dll (something get/set dll) then this is the best that i know (not needed vs for sample dll creating):
https://kazunposh.wordpress.com/2012/03/19/проверка-корректного-ввода-distinguished-name-в-скри/