cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Creating script to export reports on users and their OneDrive for external sharing

Jonathan Nunez
Brass Contributor

‎Nov 18 2019 12:51 PM

‎Nov 18 2019 12:51 PM

Creating script to export reports on users and their OneDrive for external sharing

Greetings,

 

I was wondering if anyone has an idea of how to make a script that allows me to see who are the members in an Azure AD Security Group and see if they have External Sharing Capabilities enabled or not.

 

So far I have this snippet that returns list of users in a designated security group:

 

 

Get-AzureADGroupMember -ObjectId "<Security Group ObjectId>"

 

Note: You have to run 

 

Connect-AzureAD

 

before running the "Get-AzureADGroupMember" command.

 

But it doesn't tell me the sharing options for those users.

 

However, if I use this snippet...it returns all of the OneDrive in the tenant with owner and sharing capabilities. The thing is, I don't want to see all of them, just the ones that I move to the security group in AD.

 

 

Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | select Owner, Url, SharingCapability

 

 

 NOTE: Run 

 

Connect-SPOService -url <a href="<a href="https://domain-admin.sharepoint.com" target="_blank">https://domain-admin.sharepoint.com</a>" target="_blank"><a href="https://domain-admin.sharepoint.com</a" target="_blank">https://domain-admin.sharepoint.com</a</a>>

 

 before the "Get-SPOSite" command.

 

What I want at the end of it all is to have a list of users that are inside the security group and tell if they have external sharing capabilities or not. 

3,349 Views
0 Likes
4 Replies
Reply
4 Replies
Vasil Michev

‎Nov 19 2019 01:02 AM

‎Nov 19 2019 01:02 AM

Re: Creating script to export reports on users and their OneDrive for external sharing

Simply get the list of members of the group and then run the Get-SpoSite cmdlet for each member by adjusting the filter. Here's how to do it for a given user:

 
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Owner -eq 'vasil@michev.info' -and Url -like '-my.sharepoint.com/personal/'" | select Owner, Url, SharingCapability
0 Likes
Reply
best response confirmed by Jonathan Nunez (Brass Contributor)
Kevin Morgan

‎Nov 19 2019 05:42 AM - edited ‎Nov 19 2019 05:43 AM

‎Nov 19 2019 05:42 AM - edited ‎Nov 19 2019 05:43 AM

Solution

Re: Creating script to export reports on users and their OneDrive for external sharing

@Jonathan Nunez 

 

Try the below script :

Connect-AzureAD
Connect-SPOService -url https://domain-admin.sharepoint.com

$Result = @()
$GroupName = "YourSecurityGroup"
$GroupObj = Get-AzureADGroup -SearchString $GroupName
$GroupMembers = Get-AzureADGroupMember -ObjectId $GroupObj.ObjectId | Select DisplayName, UserPrincipalName

$OneDriveSites = Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | Select Owner, Url, SharingCapability

ForEach ($User in $GroupMembers)
{
$Site = ($OneDriveSites | Where-Object { $_.Owner -eq $User.UserPrincipalName })

$Result += New-Object PSObject -property @{ 
UserName = $User.DisplayName
UserPrincipalName = $User.UserPrincipalName
SharingCapability = if ($Site -ne $null) { $Site.SharingCapability } else { $null }
URL = if ($Site  -ne $null) { $Site.Url } else { $null }
}
}

$Result | Select UserName, SharingCapability, URL
1 Like
Reply
Jonathan Nunez

‎Nov 19 2019 08:38 AM - edited ‎Nov 19 2019 08:45 AM

‎Nov 19 2019 08:38 AM - edited ‎Nov 19 2019 08:45 AM

Re: Creating script to export reports on users and their OneDrive for external sharing

@Kevin Morgan 

 

This worked great! 

 

It returns list of users within the security group and its sharing capabilities.

 

What I would like to know is if I can display the sharing activity as well. If anything, what kind of information can I extract from besides Sharing Capability, Owner and URL?

0 Likes
Reply
Kevin Morgan

‎Nov 20 2019 04:08 AM - edited ‎Nov 20 2019 04:10 AM

‎Nov 20 2019 04:08 AM - edited ‎Nov 20 2019 04:10 AM

Re: Creating script to export reports on users and their OneDrive for external sharing

@Jonathan Nunez 

 

Not sure what kind of report you are expecting. You can get OneDrive Activity report (Includes Internally and Externally Shared File Count) using Microsoft Graph API. This API requires the permission "Reports.Read.All".

 

In this script I have used PnP Powershell module to acquire required access token. Before proceed you have to install SharePointPnPPowerShellOnline module.

Connect-PnPOnline -Scopes "Reports.Read.All"
$Accesstoken =Get-PnPAccessToken

$ApiUrl = "https://graph.microsoft.com/v1.0/reports/getOneDriveActivityUserDetail(period='D180')"
$Result = Invoke-RestMethod -Headers @{Authorization = "Bearer $Accesstoken"} -Uri $ApiUrl -Method Get
#Remove special chars from header
$Result = $Result.Replace('Report Refresh Date','Report Refresh Date')
#Convert the stream result to an array
$ResultArray = ConvertFrom-Csv -InputObject $Result
$ResultArray |  Select 'User Principal Name','Shared Internally File Count','Shared Externally File Count','Last Activity Date'

#Export result to CSV
$ResultArray | Export-Csv "C:\OneDriveActivity.csv" -NoTypeInformation

 

You can also refer @Vasil Michev 's useful posts :

https://practical365.com/clients/onedrive/reporting-on-onedrive-for-business-shared-files/

https://gallery.technet.microsoft.com/OneDrive-for-Business-35e81b0b

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Jonathan Nunez (Brass Contributor)
Kevin Morgan

‎Nov 19 2019 05:42 AM - edited ‎Nov 19 2019 05:43 AM

‎Nov 19 2019 05:42 AM - edited ‎Nov 19 2019 05:43 AM

Solution

Re: Creating script to export reports on users and their OneDrive for external sharing

@Jonathan Nunez 

 

Try the below script :

Connect-AzureAD
Connect-SPOService -url https://domain-admin.sharepoint.com

$Result = @()
$GroupName = "YourSecurityGroup"
$GroupObj = Get-AzureADGroup -SearchString $GroupName
$GroupMembers = Get-AzureADGroupMember -ObjectId $GroupObj.ObjectId | Select DisplayName, UserPrincipalName

$OneDriveSites = Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | Select Owner, Url, SharingCapability

ForEach ($User in $GroupMembers)
{
$Site = ($OneDriveSites | Where-Object { $_.Owner -eq $User.UserPrincipalName })

$Result += New-Object PSObject -property @{ 
UserName = $User.DisplayName
UserPrincipalName = $User.UserPrincipalName
SharingCapability = if ($Site -ne $null) { $Site.SharingCapability } else { $null }
URL = if ($Site  -ne $null) { $Site.Url } else { $null }
}
}

$Result | Select UserName, SharingCapability, URL

View solution in original post

1 Like
Reply