darrenjrobinson/DifferentialAzureADSyncViaPowerShell.ps1

## DifferentialAzureADSyncViaPowerShell.ps1
# Adding the AD AuthN library to your PowerShell Session.
# the default path to where the ADAL GraphAPI PS Module puts the Libs
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'

# Your Azure tenant name
$tenantID = "mytenant.com.au"
$authString = "https://login.microsoftonline.com/$tenantID"

# username and password. The username must be MFA disabled user Admin at least, and must not be a live id.
$username = "doc@mytenant.com.au"
$password = "Sup3rS3cr3t1"

# The resource URI for your token.
$resource = "https://graph.windows.net/"

# Object Type (eg. Users, Groups, Contacts, DirectoryObjects)
$object = "directoryObjects"

# What Objects are we interested in. I'm expliciting calling User, Group and Contact even though they are meant to be implied (default)
# as I've read about mixed results with differential sync across different object types
$Searchfilter ="`$filter=isof('Microsoft.DirectoryServices.User') or isof('Microsoft.DirectoryServices.Group') or isof('Microsoft.DirectoryServices.Contact')"

# Output Directory and file for Differential Cookie
$downloadDirectory = "C:\Users\Darren\Dropbox\Kloud\Powershell\O365\DeltaSync"
$cookieFile = "\AADDeltaCookie.txt"
$filepath = $downloadDirectory +$cookieFile

# Reset results var
$query = $null

# Read in Delta Cookie if it exists, if not create the file for storing the cookie
if(!(Test-Path $filepath))
    {
        $cookie = New-Item -Path $filepath -ItemType File
    }
    else
    {
        $cookie = Get-Item -Path $filepath
    }

# This is the powershell common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"

# Create a client credential with the above common client id, username and password.
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
                    -ArgumentList $username,$password

# Create a authentication context with the above authentication string.
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
                    -ArgumentList $authString

# Acquire access token from server.
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)

# Use the access token to setup headers for your http request.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}

# URI to get first set of objects
if((Get-Item $cookie).length -gt 0kb){
        # Delta cookie value exists. Get it
        $url = Get-Content $cookie.FullName
        # omit &ocp-aad-dq-include-only-changed-properties=true from the URI if you want the full object
        $url += '&ocp-aad-dq-include-only-changed-properties=true&api-version=1.6' -f $authenticationResult.TenantId
    }
    else
    {
        # no Delta Cookie, so first run, so return everything
        $url = "https://graph.windows.net/{0}/$($object)?&$($Searchfilter)&api-version=1.6&deltaLink="
    }

# Get first set of results
$query = Invoke-RestMethod -Method Get -Headers @{
    Authorization   = $authenticationResult.CreateAuthorizationHeader()
    'Content-Type'  = "application/json"
    # unremark if you just want the DeltaLink from now
    # 'ocp-aad-dq-include-only-delta-token' = "true"
} -Uri ($url -f $authenticationResult.TenantId)
$query.value.Count

# An Array for the retuned objects to go into
$tenantObjects = @()
# Add in our first objects
$tenantObjects += $query.value
$moreObjects = $query

# Get all the remaining objects in batches if we didn't return them all already
if ($query.'aad.nextLink'){
    $moreObjects.'aad.nextLink' = $query.'aad.nextLink'
    do
        {
            $moreObjects = Invoke-RestMethod -Method Get -Headers @{
            Authorization   = $authenticationResult.CreateAuthorizationHeader()
            'Content-Type'  = "application/json"
            } -Uri ($moreObjects.'aad.nextLink'+'&api-version=1.6' -f $authenticationResult.TenantId)
            $moreObjects.value.count
            $tenantObjects += $moreObjects.value
            $tenantObjects.Count

        } while ($moreObjects.'aad.nextLink')
}

$moreObjects.value | out-gridview

# store the DeltaLink in a file for next time we run the script
$moreObjects.'aad.deltaLink' | Out-File $cookie
	# Adding the AD AuthN library to your PowerShell Session.
	# the default path to where the ADAL GraphAPI PS Module puts the Libs
	Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'

	# Your Azure tenant name
	$tenantID = "mytenant.com.au"
	$authString = "https://login.microsoftonline.com/$tenantID"

	# username and password. The username must be MFA disabled user Admin at least, and must not be a live id.
	$username = "doc@mytenant.com.au"
	$password = "Sup3rS3cr3t1"

	# The resource URI for your token.
	$resource = "https://graph.windows.net/"

	# Object Type (eg. Users, Groups, Contacts, DirectoryObjects)
	$object = "directoryObjects"

	# What Objects are we interested in. I'm expliciting calling User, Group and Contact even though they are meant to be implied (default)
	# as I've read about mixed results with differential sync across different object types
	$Searchfilter ="`$filter=isof('Microsoft.DirectoryServices.User') or isof('Microsoft.DirectoryServices.Group') or isof('Microsoft.DirectoryServices.Contact')"

	# Output Directory and file for Differential Cookie
	$downloadDirectory = "C:\Users\Darren\Dropbox\Kloud\Powershell\O365\DeltaSync"
	$cookieFile = "\AADDeltaCookie.txt"
	$filepath = $downloadDirectory +$cookieFile

	# Reset results var
	$query = $null

	# Read in Delta Cookie if it exists, if not create the file for storing the cookie
	if(!(Test-Path $filepath))
	{
	$cookie = New-Item -Path $filepath -ItemType File
	}
	else
	{
	$cookie = Get-Item -Path $filepath
	}

	# This is the powershell common client id.
	$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"

	# Create a client credential with the above common client id, username and password.
	$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
	-ArgumentList $username,$password

	# Create a authentication context with the above authentication string.
	$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
	-ArgumentList $authString

	# Acquire access token from server.
	$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)

	# Use the access token to setup headers for your http request.
	$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
	$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}

	# URI to get first set of objects
	if((Get-Item $cookie).length -gt 0kb){
	# Delta cookie value exists. Get it
	$url = Get-Content $cookie.FullName
	# omit &ocp-aad-dq-include-only-changed-properties=true from the URI if you want the full object
	$url += '&ocp-aad-dq-include-only-changed-properties=true&api-version=1.6' -f $authenticationResult.TenantId
	}
	else
	{
	# no Delta Cookie, so first run, so return everything
	$url = "https://graph.windows.net/{0}/$($object)?&$($Searchfilter)&api-version=1.6&deltaLink="
	}

	# Get first set of results
	$query = Invoke-RestMethod -Method Get -Headers @{
	Authorization = $authenticationResult.CreateAuthorizationHeader()
	'Content-Type' = "application/json"
	# unremark if you just want the DeltaLink from now
	# 'ocp-aad-dq-include-only-delta-token' = "true"
	} -Uri ($url -f $authenticationResult.TenantId)
	$query.value.Count

	# An Array for the retuned objects to go into
	$tenantObjects = @()
	# Add in our first objects
	$tenantObjects += $query.value
	$moreObjects = $query

	# Get all the remaining objects in batches if we didn't return them all already
	if ($query.'aad.nextLink'){
	$moreObjects.'aad.nextLink' = $query.'aad.nextLink'
	do
	{
	$moreObjects = Invoke-RestMethod -Method Get -Headers @{
	Authorization = $authenticationResult.CreateAuthorizationHeader()
	'Content-Type' = "application/json"
	} -Uri ($moreObjects.'aad.nextLink'+'&api-version=1.6' -f $authenticationResult.TenantId)
	$moreObjects.value.count
	$tenantObjects += $moreObjects.value
	$tenantObjects.Count

	} while ($moreObjects.'aad.nextLink')
	}

	$moreObjects.value \| out-gridview

	# store the DeltaLink in a file for next time we run the script
	$moreObjects.'aad.deltaLink' \| Out-File $cookie