Forum Discussion
Microsoft Graph PowerShell SDK Module OneDrive Folder Permissions Assignment
As an M365 Global Admin, I have been tasked with creating a new folder in other users OneDrive root folder (Documents) we can call that folder 'myFolder', then I need to assign a Microsoft Azure Security group ('myGroup') to that folder with read/write permissions. I have a list of users (taking input from txt file of UPNs), and am able to loop through the users and create the folder, so step one is possible, but where I am failing is the assignment of the permissions, am using PowerShell 7 and the MS Graph PowerShell Mod, actually for the folder creation I used the API and invoke-method, but I am running into problems since OneDrive is on top of SharePoint, I am not sure how to accomplish this task. Any help would be greatly appreciated!
Original Post:
https://techcommunity.microsoft.com/t5/microsoft-365/microsoft-graph-powershell-sdk-module-onedrive-folder/m-p/3940795
5 Replies
Hi ShaneGibson,
To assign permissions to a OneDrive folder using the Microsoft Graph PowerShell SDK Module, you can try use the following steps:
- Install the Microsoft Graph PowerShell SDK Module.
- Connect to Microsoft Graph using the Connect-MgGraph cmdlet.
- Get the ID of the OneDrive folder that you want to assign permissions to. You can do this using the Get-MgDriveItem cmdlet.
- Create a new permission object. You can do this using the New-MgDriveItemPermission cmdlet.
- Set the permission object's properties. The following properties are required:
- RoleId: The role that you want to assign to the user or group. For read/write permissions, you would use the Contributor role.
- PrincipalId: The ID of the user or group that you want to assign permissions to. You can get the ID of a user or group using the Get-MgUser cmdlet or the Get-MgGroup cmdlet, respectively.
- Add the permission object to the OneDrive folder. You can do this using the Add-MgDriveItemPermission cmdlet.
- Disconnect from Microsoft Graph using the Disconnect-MgGraph cmdlet.
Here is a PowerShell script that you can use to assign read/write permissions to a OneDrive folder for a Microsoft Azure Security group:
# Import the Microsoft Graph PowerShell SDK Module Import-Module Microsoft.Graph.PowerShell.SDK # Connect to Microsoft Graph Connect-MgGraph -AccessToken $accessToken # Get the ID of the OneDrive folder that you want to assign permissions to $folderId = Get-MgDriveItem -Path "root/Documents" # Create a new permission object $permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId "email address removed for privacy reasons" # Add the permission object to the OneDrive folder Add-MgDriveItemPermission -DriveItemId $folderId -Permission $permission # Disconnect from Microsoft Graph Disconnect-MgGraphTo loop through a list of users and create the folder and assign permissions for each user, you can use the following PowerShell script:
# Import the Microsoft Graph PowerShell SDK Module Import-Module Microsoft.Graph.PowerShell.SDK # Connect to Microsoft Graph Connect-MgGraph -AccessToken $accessToken # Get the IDs of the OneDrive folders that you want to create $folderIds = @() foreach ($user in Get-Content "users.txt") { $folderId = New-MgDriveItem -Path "root/Documents/myFolder" -Name $user $folderIds += $folderId } # Create a new permission object $permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId "email address removed for privacy reasons" # Add the permission object to each OneDrive folder foreach ($folderId in $folderIds) { Add-MgDriveItemPermission -DriveItemId $folderId -Permission $permission } # Disconnect from Microsoft Graph Disconnect-MgGraphPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- Thank you LeonPavesic for the reply, much appreciated. When I tried the above code:
$permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId $userUPN
I end up getting the following error:
New-MgDriveItemPermission: A parameter cannot be found that matches parameter name 'RoleId'.
$permission = New-MgUserDriveItemPermission -Roles "Contribute" -UserId $userUPN
cmdlet New-MgUserDriveItemPermission at command pipeline position 1
Supply values for the following parameters:
DriveId: $adminDriveId
DriveItemId: 1
New-MgUserDriveItemPermission_CreateExpanded: The request URI is not valid. Since the segment 'drives' refers to a collection, this must be the last segment in the request URI or it must be followed by an function or action that can be bound to it otherwise all intermediate segments must refer to a single resource.
Status: 400 (BadRequest)
I looked at the documentation here:
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.files/new-mguserdriveitempermission?view=graph-powershell-1.0
And changed the parameters to Roles "Contribute" and UserId "email address removed for privacy reasons" and did not go well for me still. Any other suggestions or thoughts on this?Hi ShaneGibson,
thanks for your update.The error message New-MgDriveItemPermission: A parameter cannot be found that matches parameter name 'RoleId' indicates that you are using an older version of the Microsoft Graph PowerShell SDK Module.
Please upgrade to the latest version of the module and try again.To upgrade the Microsoft Graph PowerShell SDK Module, you can use the following PowerShell command:
Update-Module Microsoft.Graph.PowerShell.SDKPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
