1,使用全局管理员登录Office365 Azure AD注册Graph API应用,具体参考官网链接https://docs.microsoft.com/zh-cn/graph/auth-register-app-v2
2,在API权限添加委托应用---以下权限实际上没什么用处,需要将运行graph api的账号添加为被读取Onedrive站点的管理员
Sites.Read.All
Sites.ReadWrite.All
Sites.Search.All
User.Read.All
2.1 设置OneDrive站点管理员
$SiteUrl = "https://tenant-my.sharepoint.com/personal/username_domain_com/"
connect-sposervice -Url "https://tenant-admin.sharepoint.com/" -Credential Get-Credential
$sSecondaryODFBAdmin ="[email protected]"
Set-SPOUser -Site $SiteUrl -LoginName $sSecondaryODFBAdmin -IsSiteCollectionAdmin $true
3,在证书和客户端,创建客户端密码
4,生成Token函数
function Graph_Auth
{
$clientID = "客户端ID(36位)"
$tenantName = "tenant.onmicrosoft.com"
$ClientSecret = "客户端密码"
$Username = "拥有应用权限的账号"
$Password = "以上账号密码"
$ReqTokenBody = @{
Grant_Type = "Password"
client_Id = $clientID
Client_Secret = $clientSecret
Username = $Username
Password = $Password
Scope = "https://graph.microsoft.com/.default"
}
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$headerParams = @{
"Content-Type" = "application/json"
"Authorization"="$($TokenResponse.token_type) $($TokenResponse.access_token)"}
return $headerParams
}
5,如果invoke-restmethod运行时报无法连接到服务器错误,可能是https证书问题,运行以下函数忽略证书
function Ignore-SelfSignedCerts {
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
}
6,抓取OneDrive文件信息
#具体格式参照Search-UnifiedAuditLog抓取的Onedrive日志返回。
$UserId = "" #邮箱地址
$SiteUrl= "" #OneDrive链接
$SourceRelativeUrl = "" #文件相对地址
$SourceFileName= "" #文件名称
$SourceFileExtension= "" #文件属性
Ignore-SelfSignedCerts
$headerParams = Graph_Auth
$SourceRelativeUrl = $SourceRelativeUrl -replace "^Documents/",""
$SourceFileExtension = $SourceFileExtension + "$"
if($SourceRelativeUrl -notmatch $SourceFileExtension){
if($SourceRelativeUrl -eq "Documents"){
$filepath = $SourceFileName
}else{
$filepath = $SourceRelativeUrl + "/" + $SourceFileName
}
}else{
$filepath = $SourceRelativeUrl
}
$url = "https://graph.microsoft.com/v1.0/users/"+ $UserId + "/drive/root:/" + $filepath
$result =Invoke-RestMethod -UseBasicParsing -Headers $headerParams -Uri $url -Method Get -Verbose
原文地址:https://blog.51cto.com/6293080/2481080
时间: 2024-11-05 23:30:42