Created
August 10, 2016 12:12
-
-
Save darrenjrobinson/a84ada98be8218592d4275bf5cb0a27e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Adding the AD AuthN library to your PowerShell Session. | |
# the default path to where the ADAL GraphAPI PS Module puts the Libs | |
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
# Your Azure tenant name | |
$tenantID = "mytenant.com.au" | |
$authString = "https://login.microsoftonline.com/$tenantID" | |
# username and password. The username must be MFA disabled user Admin at least, and must not be a live id. | |
$username = "doc@mytenant.com.au" | |
$password = "Sup3rS3cr3t1" | |
# The resource URI for your token. | |
$resource = "https://graph.windows.net/" | |
# Object Type (eg. Users, Groups, Contacts, DirectoryObjects) | |
$object = "directoryObjects" | |
# What Objects are we interested in. I'm expliciting calling User, Group and Contact even though they are meant to be implied (default) | |
# as I've read about mixed results with differential sync across different object types | |
$Searchfilter ="`$filter=isof('Microsoft.DirectoryServices.User') or isof('Microsoft.DirectoryServices.Group') or isof('Microsoft.DirectoryServices.Contact')" | |
# Output Directory and file for Differential Cookie | |
$downloadDirectory = "C:\Users\Darren\Dropbox\Kloud\Powershell\O365\DeltaSync" | |
$cookieFile = "\AADDeltaCookie.txt" | |
$filepath = $downloadDirectory +$cookieFile | |
# Reset results var | |
$query = $null | |
# Read in Delta Cookie if it exists, if not create the file for storing the cookie | |
if(!(Test-Path $filepath)) | |
{ | |
$cookie = New-Item -Path $filepath -ItemType File | |
} | |
else | |
{ | |
$cookie = Get-Item -Path $filepath | |
} | |
# This is the powershell common client id. | |
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2" | |
# Create a client credential with the above common client id, username and password. | |
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" ` | |
-ArgumentList $username,$password | |
# Create a authentication context with the above authentication string. | |
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" ` | |
-ArgumentList $authString | |
# Acquire access token from server. | |
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds) | |
# Use the access token to setup headers for your http request. | |
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken | |
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"} | |
# URI to get first set of objects | |
if((Get-Item $cookie).length -gt 0kb){ | |
# Delta cookie value exists. Get it | |
$url = Get-Content $cookie.FullName | |
# omit &ocp-aad-dq-include-only-changed-properties=true from the URI if you want the full object | |
$url += '&ocp-aad-dq-include-only-changed-properties=true&api-version=1.6' -f $authenticationResult.TenantId | |
} | |
else | |
{ | |
# no Delta Cookie, so first run, so return everything | |
$url = "https://graph.windows.net/{0}/$($object)?&$($Searchfilter)&api-version=1.6&deltaLink=" | |
} | |
# Get first set of results | |
$query = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
# unremark if you just want the DeltaLink from now | |
# 'ocp-aad-dq-include-only-delta-token' = "true" | |
} -Uri ($url -f $authenticationResult.TenantId) | |
$query.value.Count | |
# An Array for the retuned objects to go into | |
$tenantObjects = @() | |
# Add in our first objects | |
$tenantObjects += $query.value | |
$moreObjects = $query | |
# Get all the remaining objects in batches if we didn't return them all already | |
if ($query.'aad.nextLink'){ | |
$moreObjects.'aad.nextLink' = $query.'aad.nextLink' | |
do | |
{ | |
$moreObjects = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ($moreObjects.'aad.nextLink'+'&api-version=1.6' -f $authenticationResult.TenantId) | |
$moreObjects.value.count | |
$tenantObjects += $moreObjects.value | |
$tenantObjects.Count | |
} while ($moreObjects.'aad.nextLink') | |
} | |
$moreObjects.value | out-gridview | |
# store the DeltaLink in a file for next time we run the script | |
$moreObjects.'aad.deltaLink' | Out-File $cookie | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment