Skip to content

Instantly share code, notes, and snippets.

@joerodgers

joerodgers/Get-OneDriveForBusinessSiteOwnerObjectId.ps1

Last active August 12, 2021 18:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joerodgers/a0655669d9184b31ee0b027a73997435 to your computer and use it in GitHub Desktop.
Save joerodgers/a0655669d9184b31ee0b027a73997435 to your computer and use it in GitHub Desktop.
Download ZIP
This script will create a report containing OD4B sites and the value of the AadObjectId stored in SharePoint and Azure Active Directory. This data can be used to help detect PUID mismatches of OD4B site owners.
Raw
Get-OneDriveForBusinessSiteOwnerObjectId.ps1
#Requires -Module PnP.PowerShell
function Get-OneDriveForBusinessSiteOwnerObjectId
{
[CmdletBinding()]
param
(
# OneDrive Site Url
[Parameter(Mandatory=$false)]
[string]
$Identity,
# AAD App Principal Client/Application Id
[Parameter(Mandatory=$true)]
[string]
$ClientId,
# SharePoint Tenant Name (contoso)
[Parameter(Mandatory=$true)]
[string]
$Tenant,
# AAD App Principal Client/Application certificate thumbprint
[Parameter(Mandatory=$true)]
[string]
$Thumbprint
)
begin
{
$Tenant = $Tenant -replace ".onmicrosoft.com", ""
if( $PSBoundParameters.ContainsKey("Identity") )
{
$urls = @($Identity)
}
else
{
Write-Verbose "$(Get-Date) - Querying tenant for all OD4B URLs"
$connection = Connect-PnPOnline -Url "https://$Tenant-admin.sharepoint.com" -ClientId $ClientId -Thumbprint $Thumbprint -Tenant "$Tenant.onmicrosoft.com" -ReturnConnection -Verbose:$false
$sites = Get-PnPTenantSite -IncludeOneDriveSites -Connection $connection | Where-Object -Property Template -match "SPSPERS"
Disconnect-PnPOnline -Connection $connection
}
}
process
{
$counter = 1
foreach( $site in $sites )
{
Write-Verbose "$(Get-Date) - $counter/$($sites.Count) - Processing $($site.Url)"
if( $site.LockState -ne "Unlock" )
{
# can't pull the AadObjectId of the owner on a locked site
[PSCustomObject] @{
SiteUrl = $site.Url
LockState = $site.LockState
UserName = $site.Owner
SharePointObjectId = ""
AzureAdObjectId = ""
ObjectIdMismatch = ""
}
continue
}
try
{
# connect to the OD4B site
$connection = Connect-PnPOnline -Url $site.Url -ClientId $ClientId -Thumbprint $Thumbprint -Tenant "$Tenant.onmicrosoft.com" -ReturnConnection -Verbose:$false
# get the owner and the AadObjectId value from SPO
$site = Get-PnPSite -Includes Owner, Owner.AadObjectId, LockState
# remove the claims prefix from the login name
$ownerUserPrincipalName = $site.Owner.LoginName -replace "i\:0\#\.f\|membership\|", ""
$azureAdObjectId = ""
$objectIdMismatch = $false
if( -not [string]::IsNullOrWhiteSpace($ownerUserPrincipalName) -and $null -ne $site )
{
try
{
# get the owner AadObjectId value from Azure AD
$azureAdUser = Get-PnPAzureADUser -Identity $ownerUserPrincipalName -Connection $connection
$azureAdObjectId = $azureAdUser.Id
$objectIdMismatch = $azureAdUser.Id -ne $site.Owner.AadObjectId.NameId
}
catch
{
$azureAdObjectId = "User not found"
$objectIdMismatch = "Unknown"
}
}
# result
[PSCustomObject] @{
SiteUrl = $site.Url
LockState = $site.LockState
UserName = $ownerUserPrincipalName
SharePointObjectId = $site.Owner.AadObjectId.NameId
AzureAdObjectId = $azureAdObjectId
ObjectIdMismatch = $objectIdMismatch
}
}
catch
{
Write-Error "Error processing $($site.Url). Error: $_"
}
finally
{
if( $connection )
{
Disconnect-PnPOnline -Connection $connection
}
}
$counter++
}
}
end
{
}
}
# requries Azure AD App Principal Permissions
# Application > SharePoint > Sites.FullControl.All
# Application > Graph > User.Read.All
Get-OneDriveForBusinessSiteOwnerObjectId -ClientId $env:O365_CLIENTID -Tenant $env:O365_TENANT -Thumbprint $env:O365_THUMBPRINT | Export-Csv -Path "OneDriveForBusinessPUIDs.csv" -NoTypeInformation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment