User Profile
MikeCrowley
Iron Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Re: Using a managed service identity to call into SharePoint Online. Possible?
I realize this thread died in 2018, but in case anyone else finds it in their travels, as I did, you can indeed use managed identities with SharePoint Online. Here is an example, with the managed identity created by an Azure Logic App: https://learningbydoing.cloud/blog/connecting-to-sharepoint-online-using-managed-identity-with-granular-access-permissions/Re: Change Working Folder in Migration Manager agent to a mapped drive cannot be done?
A mapped network drive may not be reliable, but in theory you could follow these steps to create a Symbolic Link folder. https://www.spjeff.com/2021/09/06/sharepoint-migration-tool-spmt-move-temp-drive/ https://superuser.com/questions/210824/creating-a-symbolic-link-to-mapped-network-drive-in-windowsRe: Allow filtering on site properties
soniabounaYou Can filter out personal sites with the ne clause. For example, in PowerShell: $uri = @' beta/sites/getAllSites?$filter=isPersonalSite ne true&top=999&$count=true '@ $headers =@{ ConsistencyLevel = "eventual" } $Sites = Invoke-MgGraphRequest -Uri $uri -Headers $headers $Sites.valueRe: Microsoft Graph - Filtering on identities
There seems to be a lot of discussion on this attribute being broken. I posted as well: https://github.com/microsoftgraph/microsoft-graph-docs-contrib/issues/9104 https://learn.microsoft.com/en-us/answers/questions/826199/user-query-filter-ignores-identities-issuer-ms-gra?orderby=newest#answersRe: Entitlement management "target" info not reflecting information in Azure AD after change
I don't think its limited to entitlement management either. What I was saying above was that when you define various objects, such as access reviews, you have to supply the displayname and the guid of the user yourself. I don't know that its really a cache that ever refreshes...Re: Unable to add guest user in Shared Channel
To add on here, you cannot add guests to shared channels. You can add external users, but if they resolve to guest objects in your tenant, it will not work. see this table: Also, if you are trying to add an external user to a shared channel, as mentioned above, this takes a while, in my case a couple of hours. I kept getting a generic error in the portal, but F12 revealed a more descriptive message (below). I just kept clicking the "Add" button and it eventually worked. "error": { "code": "Forbidden", "message": "User is not allowed to be added due to xTap.", "innerError": { "message": "User is not allowed to be added due to xTap.", "code": "CurrentInviteeForbidden", "innerError": {}, "date": "2022-08-25T19:14:32", "request-id": "d19c247b-0a57-4d98-81a0-cad718b68e11", "client-request-id": "d19c247b-0a57-4d98-81a0-cad718b68e11" }Re: Example how to create Azure AD access reviews using Microsoft Graph app permissions with PowerShell
Roger WilliamsI just came across this post and wanted to share an approach if anyone else has the same question: Connect-MgGraph -TenantId mytenant.onmicrosoft.com -Scopes AccessReview.ReadWrite.All Select-MgProfile -Name beta Import-Module Microsoft.Graph.Identity.Governance $AccessReviewTemplate = Get-MgBusinessFlowTemplate | Where DisplayName -eq 'Access reviews of memberships of a group' $AccessReviewTemplate.Id $AutoReviewSettings = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAutoReviewSettings]@{ NotReviewedResult = "None" } $RecurrenceSettings = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAccessReviewRecurrenceSettings]@{ DurationInDays = 1 RecurrenceCount = 0 RecurrenceEndType = "never" RecurrenceType = "weekly" } $ReviewSettings = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAccessReviewSettings]@{ AccessRecommendationsEnabled = $true ActivityDurationInDays = 0 AutoApplyReviewResultsEnabled = $false AutoReviewEnabled = $false AutoReviewSettings = $AutoReviewSettings JustificationRequiredOnApproval = $true MailNotificationsEnabled = $true RecurrenceSettings = $RecurrenceSettings RemindersEnabled = $true } $ReviewedEntity = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphIdentity]@{ DisplayName = "Group2" Id = "00000001-c59e-48c1-86e9-14ee6daef724" # AAD ObjectId } $NewAccessReview = @{ DisplayName = "Group2" BusinessFlowTemplateId = $AccessReviewTemplate.Id Description = "review2 description!" Settings = $ReviewSettings StartDateTime = (get-date) ReviewedEntity = $ReviewedEntity ReviewerType = "entityOwners" } # https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/new-mgaccessreview?view=graph-powershell-beta New-MgAccessReview @NewAccessReviewRe: Manage M365 MFA setting using Powershell
Trusted IPs all come over to conditional access as the "mfa trusted ips" named location. you can interact with named locations. e.g. New-MgIdentityConditionalAccessNamedLocation https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/new-mgidentityconditionalaccessnamedlocation?view=graph-powershell-betaRe: Powershell downloads the login webpage html instead of a file
Depending on how that web site handles authentication, you may need to figure that out first, but a tip is to press f12 in your browser, do whatever you want to do, then right-click the relevant HTTP commands to "copy as powershell" e.g. https://www.powershellbros.com/powershell-tip-of-the-week-create-invoke-webrequest-from-chrome/Re: Converting GPOs to Powershell Commands for Storage Sense
Here are the registry locations for the storage sense policy settings. You can use PowerShell to set these like you would other registry settings. Allow Storage Sense Allow Storage Sense Temporary Files cleanup Configure Storage Sense cadence Configure Storage Sense Cloud Content dehydration threshold Configure Storage Sense Recycle Bin cleanup threshold Configure Storage Storage Downloads cleanup threshold Be aware, you can also configure these with Intune. I'd do that instead of PowerShell if you're able to.Re: Check if user already exists
It's difficult to read your code, since the picture loads very small on my browser. Next time I suggest posting the code itself instead of screenshots. I'm not a fan of scripts written for other people to type in. Read-host is kinda neat the first day you discover it, but I think you'll end up discovering that this approach is far too fragile. That aside, checking to see if an account exists or not is a pretty common requirement. There are lots of ways to do it, but in general, you try to get the account in question, and if you couldn't, you know it doesn't exist! You'll need to make sure "couldn't" isn't simply because of environmental issues, like the network being down, etc. Two samples: #Example 1 $AdUser = Get-ADUser -Filter {SamAccountName -eq $SamAccountName} if ($AdUser -eq $null) {<UserDoesntExistCode>} else {<UserExistsCode>} #Example 2 $AdUser = Get-ADUser -Filter {SamAccountName -eq $SamAccountName} if ($AdUser -is 'Microsoft.ActiveDirectory.Management.ADUser') {<UserExistsCode>} else {<UserDoesntExistCode>} Be aware that I'm assuming the match is simply on the samAccountName attribute. If you want to search more broadly (but maybe get multiple responses), you could try other attributes, or the ambiguous name resolution feature.Sample script to map additional fields to Universal Print attributes.
Unfortunately, the Universal Print Connector doesn't upload fields from the on-premises object, such as location and comments. Likely this is because "location" is now represented as a dozen attributes in Azure. At some point, someone should look all this detail up and populate the attributes properly, but it won't be me and it won't be today. 🙂 For now, I chose to map the fields as follows, but you can obviously adjust this as necessary: on-prem "Location" = cloud "Site" on-prem "Comment" = cloud "Room Description" To work around this, I wrote up this simple script, which might be helpful to others. NOTE: There are several ways to do this, but I like the join-object cmdlet, so be sure to install that first. Install-Module UniversalPrintManagement Install-Module join-object #Run from the print server: $OnPremPrinters = Get-Printer Connect-UPService $CloudPrinters = Get-UPPrinter $Merge = Join-Object -Left $OnPremPrinters -LeftJoinProperty Name -Right $CloudPrinters -RightJoinProperty name -Prefix Cloud_ foreach ($printer in $Merge) { Set-UPPrinterProperty -PrinterId $printer.Cloud_PrinterId -Site $printer.Location -RoomDescription $printer.Comment }Re: W10-1903 UNC path failing 0x80070043
We're seeing the same thing - this issue seems to have returned sometime this year. Setting Fluid FS to the below seems to have stabilized the issue, at the cost of downgrading to SMB2. Frame 448: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface \Device\NPF_{[redacted]}, id 0 Ethernet II, Src: [redacted] ([redacted], Dst: VMware_[redacted] ([redacted]) Internet Protocol Version 4, Src: [redacted], Dst: [redacted] Transmission Control Protocol, Src Port: 445, Dst Port: 55205, Seq: 1, Ack: 273, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) SMB2 Header ProtocolId: 0xfe534d42 Header Length: 64 Credit Charge: 0 NT Status: STATUS_INVALID_PARAMETER (0xc000000d) Command: Negotiate Protocol (0) Credits granted: 17 Flags: 0x00000001, Response Chain Offset: 0x00000000 Message ID: 0 Process Id: 0x0000feff Tree Id: 0x00000000 Session Id: 0x0000000000000000 Signature: 00000000000000000000000000000000 [Response to: 446] [Time from request: 0.000216000 seconds] Negotiate Protocol Response (0x00) [Preauth Hash: [redacted]…] StructureSize: 0x0009 Error Context Count: 0 Reserved: 0x00 Byte Count: 0 Error Data: 34 I'm betting Dell's "fix" was just to once again hard-code the new values and not use the dynamic behavior Ned mentioned above. Hopefully they will issue a new patch.
