Hi Team.
I hope someone can help. I have a script that connects to Sharepoint and sets a user as a site collection owner. I am looking to use this as part of a Workflow to grant access and then, 60 minutes later, remove it. This script has two issues, and I will tackle one at a time so it's less confusing.
I can obtain the users whose One Drive permissions we wish to change via $Username = $DirObj.get("samaccountname") and I don't think there are any issues there.
As part of the script process when it runs I need to obtain who the person was that initiated the script. This is then used to add them as a site owner to the One Drive. I am using the below.
$request.WhoAmi([ref]$strSan,[ref]$strDN)
$ARSInitiator = get-QADUser $strDN | Select-Object email
However, I don't think this is actually returning the email address, as the permission change never happens. If I hardcode the email address in the script when it does work.
example rather than
$SiteCollAdmin= $ARSInitiator
$SiteCollAdmin= "first.last@domain.com"
Any suggestions on this first issue?
Thanks in advance
function OneDriveAccess($Request) { ################################################ #Disable PNP Powershell Update and Telemetry $env:PNPPOWERSHELL_UPDATECHECK=$false $env:PNPPOWERSHELL_DISABLETELEMETRY=$true ################################################ # Active Roles Administation Service $ARServer = "AR-SERVER-NAME-HERE" # #Import Powershell Modules & Active Roles Connection Import-Module ActiveRolesManagementShell Import-Module PnP.PowerShell Connect-QADService -Service $ARServer -Proxy # #Date & Time $DateYear = $((Get-Date).ToString('yyyy')) $DateMonth = $((Get-Date).ToString('MMM')) $DateDay = $((Get-Date).ToString('dd')) #Time $Time = Get-Date -Format "HH-mm" # #Script Import Export & Logging $ScriptPath = "C:\Temp" New-Item -ItemType Directory -Path "$ScriptPath\$DateYear\$DateMonth\$DateDay" -Force New-Item -ItemType Directory -Path "$ScriptPath\$DateYear\$DateMonth\$DateDay\Logs" -Force # #Script Log File $LogName = "$AzureLocation-OneDrive-Permissions-$time.txt" $logfile = "$ScriptPath\$DateYear\$DateMonth\$DateDay\Logs\$LogName" #Details of the ARS Account being changed $Username = $DirObj.get("samaccountname") $DataLocation = Get-QADUser $username -IncludedProperties msDS-preferredDataLocation | Select-Object -ExpandProperty msDS-preferredDataLocation $request.WhoAmi([ref]$strSan,[ref]$strDN) $ARSInitiator = get-QADUser $strDN | Select-Object email #Obtain Azure Prefered Data $AzureLocation = $DataLocation #Azure Location. Used for sharepoint connection switch ($AzureLocation) { 'GBR' { $SPURL = 'https://domain-name-here-admin.sharepoint.com' } default { $SPURL = "https://domain-name-here$AzureLocation-admin.sharepoint.com" } } #Share Point Connection Properties $CxParams = @{ URL = $SPURL ClientID = "ID HERE" Tenant = "domain-name.onmicrosoft.com" Thumbprint = "ThumbPrint-HERE" } #Connect to SharePoint Online Connect-PnPOnline @CxParams $OneDriveSiteUrl = (Get-PnPUserProfileProperty -Account $Username).PersonalUrl $SiteCollAdmin= $ARSInitiator #Change OneDrive Ownership Set-PnPTenantSite -Url $OneDriveSiteUrl -Owners $SiteCollAdmin Write-Output "Adding $ARSInitiator Permission to $Username One Drive : " $OneDriveSiteUrl }