I have a MS Access 2003 application where I need the current Windows logged on user's exchange email address.
Do I need to query Active Directory to do this or is there a simpler way?
We have different domains in our organization and querying AD would be cumbersome.
Thanks,
Bruno
You might be able to retrieve this using the Environment variables via VBA.
http://vlaurie.com/computers2/Articles/environment.htm
Environ Function code samples for VBA
For example if you know your users login to the system as 'firstname.lastname#exchange.com' the Environ will give you 'FirstName.LastName', then you might be able to add your exchange email at the end.
Related
I'm quite new to SharePoint/Azure/PowerShell, so apologies if what I'm asking is a stupid question!
We currently have client SharePoint sites hosted on our O365 tenant, with access to each site to be rolled out to each of our respective clients shortly. Initially, only the senior management of each client will have access to the sites, however as time goes on it's likely we'll be adding everyone else too; To streamline the new user process and save us from having to add each individual staff member, we've been considering using a Flow to automate user access instead, with the goal of adding authenticated external users without much real input from administrators other than a simple approval/rejection process.
The overall plan is as follows:
Visio Outline<
Each Client site has a SharePoint Custom List, titled "Employee Access List". Said list will have the following columns: Request ID (Text), First Name (Text), Last Name (Text), Job Title (Text), Company (Text), Contact Number (Text), E-Mail (Text), SharePoint Access (Yes/No Boolean).
If a member of staff requires access to the SharePoint site, then their respective manager will add the staff member to the list and fill in all the above fields, setting the "SharePoint Access" item value to "Yes".
This will trigger the flow and an approval email to be sent to myself and another administrator, with said email detailing the user to be created, and who has submitted the request.
Script insertion somehow - This would then run if the request was approved, and set the user up with access.
Email notification is automatically then sent to the creator of SharePoint list item, notifying them that the user now has access.
Step 4 is where I'm a little stuck in regards to what to do if the request is approved - I've written a little PowerShell script below which nearly achieves what I'm going for, in that it creates an external user PnP Group and PnP Role Definition (If there isn't one already), pulls what's in the "E-mail" fields on the "Employee Access" list and runs Add-PnPUsertoGroup to pull the users to the PnP group, which then sends the users an email with a link to the SharePoint site, allowing them to access it. However:
The script I've written targets everyone on the SharePoint List, whereas ideally I would just want the script to target the sole user that's been newly added to the list/is listed in the approval email, and only them. I'm assuming that I'd have to pipe information from the Flow into a script, which I'm not even sure is possible, and if it is, I haven't got a clue how to do it.
I know that that Azure Functions and Azure Automation can be used to insert scripts into Flows, but I don't have experience of either so I'm not sure which is the more suitable option. Is there any guidance on how to insert PowerShell scripts with them, and how to pipe what's in a flow into said scripts?
PowerShell Script as follows:
Hope this all makes sense - Any guidance would be appreciated.
Thank you!
EDIT:
Just as a bit of extra information, here is the Flow as it currently is:
Flow Part 1
Flow Part 2
Flow Part 3
Have since found an answer to the above - whilst Azure Functions/Automation are an option, you don't necessarily need them or PowerShell scripts running from Flow, in this case my goal scenario was achieved using an MS Graph Invitation API, App Permissions and a HTTP SharePoint call instead.
See attached screenshots:
Flow Answer 1
Flow Answer 2
Flow Answer 3
Step 1: Set up an App with permissions to make calls to MS Graph - use this guide for help on how to do so - http://blogopaxio.azurewebsites.net/accessing-graph-api-from-microsoft-flow-using-application-permissions-2/
Step 2: Add HTTP to MS Graph and set parameters as in screenshot 1 of this post - this action will create guest user and invitation URL the user would need to sign in to the site.
Step 3: At this point, run the flow so that we can get the 'inviteRedeemURL' from the body of the Output for the HTTP step - you will need this particular URL to send separately in your email to the end user.
Step 4: Throw in a pause for a minute or 2 just to make sure that the information from the previous actions 'sticks' - provided it all works, at this point, the user will actually have their guest account created and you'll be able to see them under Users in your O365 admin centre, however they won't be aware of their account access yet (We'll notify them of this in our email at the end).
Step 5: Add the user to SharePoint security group with a "Send HTTP Request to SharePoint" action. Please note that the "sitegroups(19)" in the URI of this action refers to the ID number of the PnP group you're putting them in, so in my case the group ID was 19. If you're unsure of the ID of your group, connect to your SharePoint Site through PowerShell with PnP commands, then run Get-PnPGroup.
Step 6: Send the email to the invited user with the Outlook Send Email action - FYI -the "SharePoint Site" variable in my screenshot is actually the "inviteRedeemURL".
Hope this helps anyone else that's unsure of how to do this. If anyone has a better solution that achieves this by all means post it!
Thanks!
We have a Powershell script that creates some guest users using the New-AzureADMSInvitation cmdlet, and its return value has a handy-dandy InviteRedeemUrl property that we include in a nice welcome email to the user to get them started with setting their account up and using our application. This works fine when inviting individual or small numbers of users.
However, we'll need to do this for many users, and carefully control when the emails go out, and I can't see any other way of retrieving this URL after-the-fact... the only option seems to be the "Resend invitation" button on the guest user in AD, which sends a Microsoft-branded email from "Microsoft Invitations" with the redeem URL, which is kind of a problem... For marketing reasons we need to put the invite redeem URL in our own welcome email, so we don't want Microsoft sending out those emails.
Is there any way to retrieve or calculate that invitation URL after the guest user had already been invited? I know I could delete and recreate the invitation itself, but that's still a manual process and I'd like to be able to create guest users in bulk first, and then retrieve those URLs in bulk once we're ready to send out emails. Especially since Azure AD itself seems to be able to fetch the redeem URLs later on via the "Resend invitation" button.
Alternatively , you can think of adding you company branding in the verification and invitation mails in azure AD.
Here is something similar you can find:-
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs#how-do-i-customize-verification-emails-the-content-and-the-from-field-sent-by-azure-ad-b2c
Basically you need to change the company branding in Azure active directory to have your custom logo and text.
Hope it helps.
We ended up modifying the AD invitation script to store the InviteRedeemUrl value in our CRM as a field on the customer record. Then later on when our Marketing team wants to start their email campaigns, they could include a reference to this field in the email template just like they would any other field. This way, we got all our analytics on click/open rates and retained complete control over the emails, including where each batch was being sent from (so customers could reply to the correct support staff member for their segment).
I have a problem with a shared user account that I need some help with:
In outlook, we use a user mailbox for our company contacts that I have restricted to be only accessible by a few people. Problem is that some people need access to this and we put the account on their phone, but then they have full control and can add and remove contacts at will.
Is there a way to restrict (for example an iPhone) access to the outlook account to be read only?
I have tried using the ECP (no applicable settings) and made the user a "reviewer" to their own box, but the phone still has full access.
The problem with access from a phone is that the build and applications and even the Outlook app for iPhone and Android doesn't have the ability to access Shared Mailboxes.
So the only way of getting it working on a phone, outside of having the users open the webmail which is not a nice experience on a mobile devices despite Microsofts best efforts, is to give the mailbox an Exchange license and provide the user with a username and password for the mailbox.
However doing this will give the user full access to all folders in the mailbox.
I would recommend a solution like
CiraSync, where you could sync contacts between folders directly to the users own mailbox or from the GAL directly to the users.
I would recommend other vendors that does the same but this is the only vendor that I have tested myself on customers and I have good experiences with.
Is it possible with Powershell to create Contacts inside a Exchange account?
Im not talking about creating a Contact in Active Directory, but a contact in the Exchange account there will be visable by Outlook, Webmail, and Mobile sync.
The reason for this, is that a customer wants a easy way to deploy some static adresses, without the use of using contacts in the Global Address list.
You can do this using the EWS Managed API library with Powershell for this, I have a module on GitHub which should work okay https://github.com/gscales/Powershell-Scripts/tree/master/EWSContacts
Cheers
Glen
I am on Office 365 and I (Admin of the site) have to run a query that takes a users mailbox (e. g: 'john.doe#example.com') and lists all of its contacts from the contact folder with all available attributes like name, email-address and so on. After searching heavily with Google and co. I found nothing regarding powershell handling contacts except importing and exporting. Is there a way?
You need to use an API like Exchange Web Services to access that level of information. You can use the EWS Managed API from Powershell. As it turns out, Glen Scales has a good write-up on exporting contacts that way.