I don't have access to the Sharepoint server and can't use remoting, and therefore don't have access to Microsoft.Sharepoint.Powershell which contains the SharePoint commandlets.
I also can't use 3rd party libraries which means I only have access to built in Powershell commandlets, or any .NET class.
How can I access a Sharepoint list using only built in Powershell commandlets or .NET classes?
Well if you are using SharePoint 2010 and you don't have access to the server itself and must interact with it remotely you have essentially three options:
https://msdn.microsoft.com/en-us/library/office/hh313619(v=office.14).aspx
You can use:
Client Side Object Model - this gives you a structured SharePoint classes approach to enumerating, viewing and interacting with SharePoint site artifacts
SOAP Web Services - Exactly what it sounds like...a set of XML SOAP end points that let you interact with a SharePoint site
REST Web Services - A set of endpoints that follow REST principles
FWIW, the CSOM libraries use the REST endpoints under the covers.
In given scenario you can make use of PnP Powershell which runs on client side. You just need to install small setup to enable PnP command on machine from where you will run Powershell.
Then you can use command Connect-PnPOnline to connect to desired sharepoint site.
PS:> Connect-PnPOnline -Url https://contoso.sharepoint.com
Once you provide valid credentials you will have access to PnP Context for that particular site.
Then using Get-PnPList command you can fetch list data
PS:> Get-PnPList -Identity Lists/Announcements
For more information on PnP-Powershell please refer Documentation : https://github.com/SharePoint/PnP-PowerShell/tree/master/Documentation
Hope it will help you..:)
Cheers,
Swapnil Lad
Related
We are planning connect Microsoft Identity manager with Ceridian Dayforce HRIS tool. We want to use MIM then to sync with our Active Directory to get a list of all the users, roles and other details regularly.
I found Dayforce API documentation online here https://usconfigr58.dayforcehcm.com/api/ddn/swagger/
Can I use PowerShell to query and parse rest API so that I can get the information from Dayforce to our Active Directory?
Absolutely you could, you would write Powershell scripts to query the APIs using the the endpoints stated in Swagger to query the information you want, then use the resulting objects to update whatever you wanted to in AD. In Powershell the easiest way to do it would be using invoke-restmethod then use the appropriate Powershell AD commands to update the adusers mainly set-aduser
However, if you are using MIM, then you wouldn't be using Powershell to do it, you would use mim's workflow and rest connector functionality. Otherwise what's the point of using MiM if you are going to basically write your own sync?
Is it possible to connect to exchange powershell online using registered Azure application ID/secret which allows GraphAPI/EWS access?
FYI, I know how to do it with basic auth (username/password) as guided in MSFT website: https://learn.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
it is currently possible to use the Microsoft Graph API to make calls to the exchange endpoint. However it's not the same thing as Exchange Powershell Online, please refer to the docs on the exchange graph api here : https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/office-365-rest-apis-for-mail-calendars-and-contacts
For more information on how to make calls via powershell, please look here : https://blogs.technet.microsoft.com/cloudlojik/2018/06/29/connecting-to-microsoft-graph-with-a-native-app-using-powershell/
You will also need to login with a user that has access to said exchange resources. If you login with an application/user that does not have permissions to access the exchange resources you will get a access denied error.
I'd suggest try EXO V2 preview module to connect Exchange Online PowerShell using registered Azure application.
Step1: Get an OAuth access token using Active Directory Authentication Library (ADAL) PowerShell.
Step2: Create PSCredential object
$AppCredential= New-Object System.Management.Automation.PSCredential(<UPN>,<Token>)
Step3: Pass the PSCredential to the EXO V2 module.
Connect-ExchangeOnline -Credential $AppCredential
I want to connect to Exchange Online using PowerShell and modern authentication without depending on any modules or dll's.
There's a module available for modern authentication to Exchange Online that depends on the CreateEXOPSSession.ps1 and Microsoft.Exchange.Management.ExoPowerShellModule.dll, I have decompiled the latter and found that it generates an access token as such:
TokenInformation accessToken = TokenProviderFactory.Instance.CreateTokenProvider(new TokenProviderContext(authType, "a0c73c16-a7e3-4564-9a95-2bdf47383716", this.AzureADAuthorizationEndpointUri, acquireTokenEndpoint, this.UserPrincipalName, this.Credential, clientAppRedirectUri, (Action<string>) (s => this.WriteWarning(s)))).GetAccessToken();
I want to request the access token is the same way in PowerShell but I can't seem to get the right authentication context and method of retrieving the access token.
Any ideas?
You have to have an MSOL connection and create a remote session to EXO to use EXO cmdlets. There is no workaround for this.
The dependencies are there for a reason. The backend plumbing of MSOL / Azure / O365 expects what it expects, and skirting it will just lead you down a very frustrating/hair-pulling activity.
That token is an Azure AD as MA/ADAL requires that you have an Azure AD Premium license.
MA requires use of the ADAL API/DLL. This is like asking to programmatically connect to and use Exchange on-prem EAS/EWS services without using the API/DLL, that's not a thing either.
So, no matter how you look at this, there will be dependencies, as noted below. So, if you are serious about this effort, you need to really dig into what MA really is and how it's plumbing really works. Also, MFA must be already enabled for you and users, either in O365 and or the ADAL MFA settings in Azure.
Modern Authentication – What is it?
Modern Authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms.
Microsoft identity platform authentication libraries
There is also an ADAL module on the MS PowerShellGallery.com.
Microsoft.ADAL.PowerShell 1.12
ADAL module for PowerShell
https://www.powershellgallery.com/packages/Microsoft.ADAL.PowerShell/1.12
Functions
Get-ADALAccessToken Clear-ADALAccessTokenCache
Examples are here:
Microsoft.ADAL.Powershell ```
####Example 1 This example acquire accesstoken by using RedirectUri from contoso.onmicrosoft.com Azure Active Directory for PowerBI
service. It will only prompt you to sign in for the first time, or
when cache is expired.
Get-ADALAccessToken -AuthorityName contoso.onmicrosoft.com `
-ClientId 8f710b23-d3ea-4dd3-8a0e-c5958a6bc16d `
-ResourceId https://analysis.windows.net/powerbi/api `
-RedirectUri "http://yourredirecturi.local"
See also:
Azure-AD-Authentication-with-PowerShell-and-ADAL
This is a set of really simple PowerShell scripts which allow you to get access tokens with Azure Active Directory using ADAL.
and this...
ADAL and PowerShell
I have been trying to install the Azure Active Directory Module for Windows for Powershell. So far I have not been able to find a combination of the Sign-In Assistant and Powershell module versions that allows me to create a connection in a Powershell session. My measure for success has been to run the Connect-MsolService cmdlet to create such a connection. I have tried it both from the command line and in a script. The (few) forum and blogs posts that reference this functionality have been very contradictory.
I am using the same credentials that I use to log into manage.windowsazure.com.
As to the specifics I have the following configuration:
Windows Server 2012R2
Powershell version 4.0 ($PSVersionTable.PSVersion)
Microsoft Online Services Sign-In Assistant version 7.250.4556.0
Windows Azure Active Directory Module for Windows Azure version
1.0.8362. The version number is based on the command (get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
My questions are as follows:
What versions work on Windows Server 2012R2?
Is there a specific .Net version that I might be missing?
Am I looking at it wrong? For example is the cmdlet
Connect-MsolService not the metric to be using? Is there another way
that I might verify that I have a connection?
My understanding is that the Powershell cmdlets, as well as all the other methods for managing Azure, are based on the REST API's. Would that be a better way to go? Of course I would not be able to dynamically enter commands, but I would be able to validate credentials etc.
Are you trying to authenicate with an MSA account? Try connecting with a Global Admin AAD account (eg. globaladminuser#tenant.onmicrosoft.com).
I am working on automatic deployment + azure. I'm at the point where i'm adding an ssl cert to the website. Does anyone know how to use PowerShell to upload an SSL certificate to a website using the PowerShell command (Add - Get - Set based commands)? I'm able to add a certificate to a cloud service using ...
New-AzureService $Program -Location 'East US'
Add-AzureCertificate -Password Cert123! -ServiceName $Program -CertToDeploy $CertLocation
but I have no idea how to add it to an azure website.
Thanks
edit: I've found a way using the following command, but i'm not wanting to install additional libraries on my production deployment machine.
azure site cert add -k Cert123! $CertLocation $Program
Using the newly released Azure PowerShell v. 1.1.0, you can use the following command to upload a certificate to your website
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
More information is in the following article
https://azure.microsoft.com/en-us/documentation/articles/app-service-web-app-powerhell-ssl-binding/
As far as I know the Azure PowerShell cmdlets do not offer this capability at the moment that I could find. As you point out the Cross Platform Command Line tool does. Since you don't want to add the XPlat-CLI tool to your deployment machines you can use what the XPlat-CLI tool does under the hood: a direct call against the REST api for web site management.
Note you'll need to figure out what webspace the site resides in, etc. You can use the Invoke-WebRequest to make this call so that you can verify you get that 200 response back. Or you could use the Invoke-RESTMethod as well, but that would only return an XML document (the contents of the response). The Invoke-WebRequest provides you a little more control and access to the full response object.
The Microsoft Azure Management Libraries (which the PowerShell cmdlets sit on top of) has a Web Site Management piece to it. One of the operations is an update to a site and that includes a WebSiteUpdateParameters object with a SSLCertificates property. You may check into that as well, though I've not done this myself.