Automation

Extract Audit Logs for Office 365 Services using PowerShell

Posted on Updated on

It was always confusing while using Search-UnifiedAuditLog, because you need first to load Exchange libraries.
In this script we will retrieve the Audit logs from Office 365 for the below services

  1. Skype for Business
  2. Exchange
  3. Yammer
  4. OneDrive for Business
  5. SharePoint Online

Please be aware that the command “Search-UnifiedAuditLog” will never loads until you load the Exchange New-PSSession -ConfigurationName Microsoft.Exchange, this means you have to use the Tenant admin to execute the below code.

The extraction will be very useful to get audit logs for your Office 365 Services, and it will be extracted to CSV files


$Username = "tenant.admin@henkel.com"
$TenantODFBUrl = "https://tenant-my.sharepoint.com"
$TenantAdminUrl = "https://tenant-admin.sharepoint.com"
$Pass = "PaSSword!"
[String]$Output = ".\report_$((Get-Date -uformat %Y%m%d).ToString()).csv"
$usersList = Get-Content "C:\temp\TargetUsers.txt"
$cred = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.WebRequest]::DefaultWebProxy.Credentials = $cred
$creds = New-Object System.Management.Automation.PSCredential($Username,(ConvertTo-SecureString $Pass -AsPlainText -Force));
$session = New-PSSession -ConfigurationName Microsoft.Exchange -Authentication Basic -ConnectionUri https://ps.outlook.com/powershell -AllowRedirection:$true -Credential $creds
Import-PSSession $session -AllowClobber
$startDate = $(Get-Date).AddDays(-60).Date
$endDate = $(Get-Date).AddDays(-1).Date
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -ResultSize 5000 |Sort-Object CreationDate -Descending | Export-Csv .\SearchResult.csv -NoTypeInformation
#Skype for Business
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -RecordType "SkypeForBusinessCmdlets","SkypeForBusinessPSTNUsage","SkypeForBusinessUsersBlocked" |Sort-Object CreationDate -Descending | Export-Csv .\SkypeSearchResult.csv -NoTypeInformation
#Exchange
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -RecordType "ExchangeAdmin","ExchangeItemGroup","ExchangeItem","ExchangeAggregatedOperation" |Sort-Object CreationDate -Descending | Export-Csv .\ExchangeSearchResult.csv -NoTypeInformation
#Yammer
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -UserIds $usersList -RecordType "yammer" |Sort-Object CreationDate -Descending | Export-Csv .\YammerSearchResult.csv -NoTypeInformation
#OneDriveForBusiness
$OneDriveworkload = '*"Workload"' + ":" + '"OneDrive"*'
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -UserIds $usersList | Where-Object {$_.AuditData -like $OneDriveworkload } |Sort-Object CreationDate -Descending | Export-Csv .\OneDriveSearchResult.csv -NoTypeInformation
#SharePoint Online
$workload = '*"Workload"' + ":" + '"SharePoint"*'
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -UserIds $usersList -RecordType "SharePointFileOperation","SharePoint","SharePointSharingOperation" | Where-Object {$_.AuditData -like $workload} |Sort-Object CreationDate -Descending | Export-Csv .\SPSearchResult.csv -NoTypeInformation

Please leave me a comment if you faced any issues with it
Regards !

Advertisements

Get SharePoint Online Event Receivers

Posted on Updated on

In this article we will get list of Event receivers attached to SiteCollection or Web Levels.
Please follow these steps :

  1. Make sure Microsoft.SharePoint.Client.dll and Microsoft.SharePoint.Client.Runtime.dll
  2. Open PowerShell ISE & Run the Below script after setting the target parameter
    # Paths to SDK. Please verify location on your computer.
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
    #declare the variables
    $tenantSite = "https://tenant-admin.sharepoint.com"
    #read file
    $siteurl = "https://tenant.sharepoint.com/teams/site1"
    $UserName = "admin@tenant.onmicrosoft.com"
    $SecurePassword = Read-Host -Prompt "Please enter your password" -AsSecureString
    $Credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $SecurePassword
    $SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName, $SecurePassword)
    Connect-SPOService -Url $tenantSite -Credential $Credentials
    $context = New-Object Microsoft.SharePoint.Client.ClientContext($siteurl)
    $context.Credentials = $SPOCredentials
    $web = $context.Site.RootWeb #You can make it only $context.Site if you want to get the Events on Site Collection level
    $context.Load($web)
    $context.Load($web.EventReceivers)
    $context.ExecuteQuery()
    $eventReceivers = $web.EventReceivers
    foreach($eventReceiver in $eventReceivers)
    {
    Write-Host $eventReceiver.ReceiverId " " $eventReceiver.EventType.ToString() " " $eventReceiver.ReceiverName
    }
  3. Output will be as follow

Of course the above script can be modified to be compatible with If you want to verify your results, you can use SharePoint Client Browser (SPCB)
It is a free helpful open source tool that can give you nice insights about your Site/Web event receivers and it supports 3 versions (SP2013, SP2016, & SPOnline)

 

Get SharePoint Admins for All SharePoint Online Sites

Posted on Updated on

In this article we will get list of all SharePoint Online Sites, and then List Site Admins using PnP library
Please follow these steps :

      1. Set-up PnP module latest version from here https://github.com/SharePoint/PnP-PowerShell/releases
      2. Run the Below script after setting the target parameter
        #Connect to SPO tenant
        $CurrentCred = Get-Credential
        Connect-SPOService "https://tenant-admin.sharepoint.com" -Credential $CurrentCred
        #Get all Site collections
        $sites = Get-SPOSite -Limit All
        foreach ($site in $sites)
        {
        Connect-PnPOnline -Url $site.Url -Credential $CurrentCred
        $admins = Get-PnPSiteCollectionAdmin | select Title #You can also add ,Email
        $allAdmins=""
        foreach($admin in $admins)
        {
        $allAdmins += $admin.Title +";" #You can have also $admin.Email
        }
        Write-host ($site.Url+","+$allAdmins) -ForegroundColor Green
        ($site.Url+","+$allAdmins) >> "C:\temp\SiteCollectionAdmins.csv"
        }

Then you will have a CSV file with SiteUrl & Site Admin Name delemited by ;

How to get warnings and alerts for your SharePoint Online Site storage limits ?

Posted on Updated on

SharePoint Online in Office 365 is allocated a quantity of storage that’s based on your number of users.
If you want to get a warning email when your site exceeds its limit, please run the below script using PowerShell, you need to make sure that the dlls are correctly referenced.


#Connect to tenant admin center using GA credentials
$username = ""
$password = ConvertTo-SecureString "" -AsPlainText -Force
$cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
Connect-SPOService -Url -Credential $cred
#Local variable to create and store output file
$filename = Get-Date -Format o | foreach {$_ -replace ":", ""}
$result = ""+$filename+".txt"
#SMTP and Inbox details
$smtp = ""
$from = ""
$to = ""
$subject = "Alert : PFA Site Collection Quota Usage details"
$body = "PFA quota usage details"
#Enumerating all site collections and calculating storage usage
$sites = Get-SPOSite -detailed
foreach ($site in $sites)
{
$percent = $site.StorageUsageCurrent / $site.StorageQuota * 100
$percentage = [math]::Round($percent,2)
Write-Output "$percentage % $($site.StorageUsageCurrent)kb of $($site.StorageQuota)kb $($site.url)" | Out-File $result -Append
}
#Sending email with output file as attachment
sleep 5
Send-MailMessage -SmtpServer $smtp -to $to -from $from -subject $subject -Attachments $result -body $body -Priority high

Upload file to SharePoint Online using PowerShell

Posted on

This script help you to upload your file or document to SharePoint library using PowerShell

  1. Download SharePoint Online client library from here , and install it. (If you already have it, please ignore this step)
  2. Create a folder named Temp on your C: drive, and put the Excel/CSV file in it
  3. Modify the parameters below and run the below script.


#Specify tenant admin and site URL
$User = "site.admin@tenantname.onmicrosoft.com"
$Password = "YourPassword"
$SiteURL = "https://tenantname.sharepoint.com/sites/site"
$Folder = "C:\Temp"
$DocLibName = "DocumentLibraryName"
#Add references to SharePoint client assemblies and authenticate to Office 365 site - required for CSOM
Add-Type -Path "C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
#Bind to site collection
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,(ConvertTo-SecureString $Password -AsPlainText -Force));
$Context.Credentials = $Creds
#Retrieve list
$List = $Context.Web.Lists.GetByTitle($DocLibName)
$Context.Load($List)
$Context.ExecuteQuery()
#Upload file
Foreach ($File in (dir $Folder -File))
{
$FileStream = New-Object IO.FileStream($File.FullName,[System.IO.FileMode]::Open)
$FileCreationInfo = New-Object Microsoft.SharePoint.Client.FileCreationInformation
$FileCreationInfo.Overwrite = $true
$FileCreationInfo.ContentStream = $FileStream
$FileCreationInfo.URL = $File
$Upload = $List.RootFolder.Files.Add($FileCreationInfo)
$Context.Load($Upload)
$Context.ExecuteQuery()
}
#Upload completed

PowerShell for Show documents in Delve and in the Discover view in OneDrive for Business

Posted on Updated on

Delve is relatively still young baby for Microsoft.

Recently we have a requirement to enable the option of Show documents in Delve and in the Discover view in OneDrive for Business.

This can be done easily via a GUI like below

Go to App lancher and pick Delve –> Select Feature settings –> then enable Show documents in Delve and in the Discover view in OneDrive for Business

 

to do this via script, please copy and paste this in your PowerShell ISE and run it.

Pre-requistes

  1. Windows Internet Explorer
  2. You have to login at least 1 time through portal.office.com because the script will use your existing credentials


#Deactivate Delve Simulator
$ie = New-Object -COMObject InternetExplorer.Application
$jsonlink = "https://eur.delve.office.com/"
try{
#You can replace your the variable below with a static name, but her it logs with your current windows credentials
$searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
$mail = $searcher.FindOne().Properties.mail
$userName =$mail.replace("@","_").replace(".","_")
#Navigate to your download file/location
Write-host "Processing Request for: " $user.UPN
$ie.visible = $true
$ie.Navigate($jsonlink)
while($ie.Busy){Sleep 4}
while($ie.Document.location.href -like '*login.microsoftonline.com/*'){
(
$ie.document.IHTMLDocument3_getElementsByTagName("table") | Where-Object{$_.Id -eq $userName} | select -First 1).click()
Sleep 4
}
Write-Host "Ensure you are in the Delve Screem ..." -ForegroundColor Yellow
#[void](Read-Host 'Press Enter to continue after login ' -ErrorAction SilentlyContinue)
#Navigate to Properties
$ie.document.IHTMLDocument3_getElementById("O365_MainLink_Settings").click()
Sleep 4
#Open Settings
($ie.document.IHTMLDocument3_getElementsByTagName("a") | Where-Object{$_.className -eq "o365cs-settings-deeplink wf-size-x12 ms-fcl-ns o365button"} | select -First 1).click()
Sleep 4
##Switch Value
$checkBox =$ie.document.IHTMLDocument3_getElementById("enableDocumentsCheckbox")
$oldValue = $checkBox.value
if($oldValue -eq "on" -or $oldValue -eq "off")
{
$checked = $checkBox.click()
}
Sleep 2
#$newValue = $ie.document.IHTMLDocument3_getElementById("enableDocumentsCheckbox").value
##Submit
Sleep 1
($ie.document.IHTMLDocument3_getElementsByTagName("button") | Where-Object{$_.className -eq "SharingActivityPanel-module_button_delve"} | select -First 1).click()
##Refresh
Sleep 4
$ie.document.location = $ie.document.location
write-host "Done Successfully Delve Flag Switched"
}
catch [System.Exception]{
write-host "Failed, Try Again" $_.Exception
}
finally {
while($ie.Busy){Sleep 1}
$ie.Quit()
[System.Runtime.Interopservices.Marshal]::ReleaseComObject($ie)
}

How to Invoke Web Services from Microsoft System Center Orchestrator 2012?

Posted on

In this blog we are going to describe How to Call Web Service from System Center Orchestartor 2012, using the Invoke Webservices Activity

image

  1. We will elect a certain Webservice for test: http://www.ezzylearning.com/services/CountryInformationService.asmx
  2. Navigate to the URL to be sure it is working fine.
    Note : If you find this WebServices retired; please add your own or add a new one
    Example : http://www.webservicex.net/CurrencyConvertor.asmx?WSDL
    All next steps should be the same
  3. Now we need to get the WSDL file from this webservice, so, either to click on the Service Description link or Navigate directly to
    http://www.ezzylearning.com/services/CountryInformationService.asmx?WSDL
    image
  4. Save this page to your hard drive
    image
  5. It is time now to call it from Orchestrator, In your runbook, Drag-Drop the Invoke Web Service Activity from the Utilities.
    image
  6. Set the properties of the Activity as follow:
    WSDL: Write the Path of the wsdl file that you have just save.
    Method: Select the required Web method, in this example we will use GetContients.
    Format Hint: it is Optional, sometimes it gives a result when you click it, depending on the web method it self, in our case, no Fomrat Hint is avaliable.image
  7. On the Advanced Tab, Check on the Address URL, and write the webservice full URL, http://www.ezzylearning.com/services/CountryInformationService.asmximage
  8. In the Security Tab, if the webservice have a HTTP Authentication, write it, other wise, leave it as it is, in our case, we will leave it as it is.
    image
  9. Add the activity of Append Line as shown, as we are going to display some output there
    image
  10. configure the Append line as shown.
    image
  11. Run your Runbook

You can parse the XML Response by Powershell script, or any other language to get your needed data.

Regards,