Browse Tag

OneDrive for Business

Sharing a File in SharePoint Online or OneDrive with PowerShell

By Drew Madelung
/
Jan 29, 2018
/
Development, General, PowerShell

I have been diving into doing larger scale operations in SharePoint Online using the Client Side Object Model (CSOM) utilizing PowerShell and ran into a scenario that I couldn’t easily find documented anywhere. What I wanted to do was technically “share” a file with a specific user and have that user receive an email just like if it was done through the GUI. What I didn’t want to see is just the breaking of permissions. What I found was the Web.ShareObject method and this great blog post from Vesa Juvonen in 2015.

Once I found this I started working on putting this into a useful PowerShell format. To get started with CSOM & PowerShell with SharePoint Online here is a good blog post from Chris O’Brien. You can get the latest version of SharePoint Online CSOM here. If you download the nuget file you can change the file extension to .zip and extract the .dlls.

Here is link to the GitHub rep and I will break it down below along with the script. Here are some key things to note:

The Web.ShareObject method has been updated since the Vesa blog post with a parameter called useSimplifiedRoles that can be used for utilizing modern sharing
SharePoint PnP has extended the sharing APIs and built a sample that can be used
This script is built to share a file based on filename within a site to a single user
This works on SharePoint Online and OneDrive for Business
It will share as the user who runs the script
This script could be updated to share a site or to multiple people
You can share with Edit or View permission based on the roleValue
It doesn’t replicate the modern sharing UI in capabilities exactly (more of what occurs details below)

To utilize the script make sure you fill out the appropriate variables and more information about what this will do is below the script.

# Use this script to share a file via CSOM and PowerShell
# ShareObject https://msdn.microsoft.com/en-us/library/office/mt684216.aspx
# External sharing blog https://blogs.msdn.microsoft.com/vesku/2015/10/02/external-sharing-api-for-sharepoint-and-onedrive-for-business/

### ENTER YOU VARIABLES HERE ###

#path to the SP CSOM files 
$csomPath = "C:\...." 

#Email of person running the script
$adminEmail = "user@domain.com"

#Site collection to be connected to
$siteUrl = "https://site.sharepoint.com/sites/site"

#Library title where the file exists
$libraryTitle = "Documents" 

#Filename including file type
$fileName = "Test Document 1.docx"

#Email of who the document is being shared to
$emailSharedTo = "user2@domain.com"

#UNVALIDATED_EMAIL_ADDRESS if they are in AD or GUEST_USER if they are not
$principalType = "UNVALIDATED_EMAIL_ADDRESS"  

#role:1073741826 = View, role:1073741827 = Edit
$roleValue = "role:1073741827"

#A flag to determine if permissions should be pushed to items with unique permissions.
$propageAcl = $true

#Flag to determine if an e-mail notification should to sent, if e-mail is configured.
$sendEmail = $true  

#If an e-mail is being sent, this determines if an anonymous link should be added to the message.
$includedAnonymousLinkInEmail = $false  

#The ID of the group to be added to. Use zero if not adding to a permissions group. Not actually used by the code even when user is added to existing group. 
$groupId = 0

#Doesn't matter as it isn't sent in current email format
$emailSubject = ""

#Text for the body of the e-mail.
$emailBody = "Check out my email body"  

#Use modern sharing links instead of directly granting access
$useSimplifiedRoles = $true
################

# Get CSOM files
Add-type -Path "$csomPath\Microsoft.SharePoint.Client.dll"
Add-type -Path "$csomPath\Microsoft.SharePoint.Client.Runtime.dll"

# Connnect to site
$ss = Read-Host -Prompt "Enter admin password" -AsSecureString
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
$creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($adminEmail, $ss)
$ctx.Credentials = $creds
if(!$ctx.ServerObjectIsNull.Value) { 
    Write-Host "Connected to site:" $siteUrl -ForegroundColor Green 
} 
# Get web
$web = $ctx.Web

# Connect to library
$list = $web.Lists.GetByTitle($libraryTitle)
$ctx.Load($web)
$ctx.Load($list)
$ctx.Load($list.RootFolder)
$ctx.ExecuteQuery()

# Get doc
$query = New-Object Microsoft.SharePoint.Client.CamlQuery
$caml ="<View Scope='RecursiveAll'><Query><Where><Eq><FieldRef Name='FileLeafRef'/><Value Type='File'>" + $fileName + "</Value></Eq></Where></Query></View>"
$query.ViewXml = $caml
$item = $list.GetItems($query)
$ctx.Load($item)
$ctx.ExecuteQuery()
if (!$item) {
    Write-Host "Could not find the file:" $fileName -ForegroundColor Yellow 
} else {
    Write-Host "Sharing the the file:" $item.FieldValues.FileLeafRef -ForegroundColor Green 
}

# Get doc url
$itemUrl = $item.FieldValues.FileRef
$split = $web.Url -split '/'
$itemUrl = "https://" + $split[2] + $itemUrl

# Build user object to be shared to
$jsonPerson = "[{`"Key`":`"$emailSharedTo`",
`"Description`":`"$emailSharedTo`",
`"DisplayText`":`"$emailSharedTo`",
`"EntityType`":`"`",
`"ProviderDisplayName`":`"`",
`"ProviderName`":`"`",
`"IsResolved`":true,
`"EntityData`":{`"Email`":`"$emailSharedTo`",
    `"AccountName`":`"$emailSharedTo`",
    `"Title`":`"$emailSharedTo`",
    `"PrincipalType`":`"$principalType`"},
`"MultipleMatches`":[]}]"

# Initiate share
$result = [Microsoft.SharePoint.Client.Web]::ShareObject($web.Context,$itemUrl,$jsonPerson,$roleValue,$groupid,$propageAcl,$sendEmail,$includedAnonymousLinkInEmail,$emailSubject,$emailBody,$useSimplifiedRoles)
$web.Context.Load($result)
$web.Context.ExecuteQuery()

Write-Host "Status of the share:" $result.StatusCode -ForegroundColor Green

Starting from a non shared file this is what you will see based on different configurations:

Sharing with useSimplifiedRoles set to $true and sendEmail set to $true

The file does not have inheritance broken

After initiating the ShareObject, inheritance is broken but you don’t see any changes

The person being shared to receives an email that the person who ran the script wants to share a file with you and you will see the email subject is preset but the email body is included

Once the person being shared to clicks on the link you can see a new ‘Managed Links’ section in the item permissions

If you follow that link you will see the item is now shared with that individual

Sharing with useSimplifiedRoles set to $true and sendEmail set to $false

The file does not have inheritance broken
After initiating the ShareObject, inheritance is broken but you don’t see any changes if the user tries to access the file through the document library
There is a new link viewable in the modern manage access section showing a new sharing link and that someone can access via that link

If the user accesses the file via that link you can see a new ‘Managed Links’ section in the item permissions and you can see that user in the Shared with section

Sharing with useSimplifiedRoles set to $false and sendEmail set to $false

The file does not have inheritance broken
After initiating the ShareObject, inheritance is broken but you don’t see any changes even after a user accesses the file, that means this does nothing but break inheritance

Sharing with useSimplifiedRoles set to $false and sendEmail set to $true

The file does not have inheritance broken
After initiating the ShareObject, inheritance is broken but you don’t see any changes
Once a user accesses the file via the link in the email they are granted permissions directly to the file (contribute instead of edit)

Ending…

After putting this together I realized I don’t really have a great use case to actually use this. Either way it was a good learning experience for me as I am just getting started into this kind of CSOM & PowerShell work and maybe it will come in handy for someone else in the future.

Ignite 2016 Info and Thoughts on Announcements for SharePoint – OneDrive – Office 365

By Drew Madelung
/
Sep 28, 2016
/
Events, Office 365, SharePoint

2016-09-28-14_49_22-ignite-sharepoint-onedrive-office-365-info

I put together a Microsoft Sway through my Concurrency tenant that wraps up all of the announcements and my thoughts from the collaboration space at Ignite 2016. This includes info on everything I was able to attend and intake while here in Atlanta. I used Microsoft Sway so I could continuously update the Sway throughout the conference and after the conference for future review. My changes are made in real-time and it’s super easy to update.

Link to Sway

Mandatory Anonymous Link Expiration in Office 365

By Drew Madelung
/
Feb 01, 2016
/
Office 365, PowerShell, Release, Security

Microsoft recently released a new feature in Office 365 which allows a mandatory expiration length to be set at the tenant level. This will affect sharing documents through SharePoint Online and OneDrive for Business. This feature began rolling out mid-January to tenants and will start with First Release tenants.

This feature will allow better security for your organization. This feature will affect ALL anonymous links created in your tenant. End users will be required to created links that match or are shorter than the day value provided. This feature it administered using SharePoint Online Management Shell. On all current and new tenants there is no default value for anonymous link expiration. The new parameter is RequireAnonymousLinksExpireInDays. This is a parameter of the Set-SPOTenant cmdlet

As an example, this will set expiry for 30 days:
- Set-SPOTenant –RequireAnonymousLinksExpireInDays 30

The default experience will allow end users to set expiration values on a document when they use the “Get a link” option. By default, a document can be set to any day value and also never. It also includes a handy drop down with 1, 30, or 60 day options. Allowing a link never to expire can be a large security hole for you company. This is what the default experience looks like:

Steps to configure mandatory anonymous link expiration

Important Info:

The latest version of SharePoint Online Management Shell (16.9.4915.1200) is needed to use this parameter.
The value for –RequireAnonymousLinksExpireInDays must not be greater than 730 days (2 years)
To reset the parameter back to default, use the value of 0
If a link is already created, the mandatory expiration will not be applied to it

Connect to your SharePoint Online tenant using SharePoint Online Management Shell
Run the Set-SPOTenant command with the –RequireAnonymousLinksExpireInDay and the day value
Now when someone gets either a View or Edit link it will be defaulted with an expiration date
If a user tries to change the link expiration date they will receive an error stated “Your organization’s policy doesn’t allow links to stay active for more than XX days.”

My Microsoft Collaboration Predictions for 2016

By Drew Madelung
/
Dec 22, 2015
/
Office 365, SharePoint

2016

Well 2015 is nearly completed and it was what I would call a GREAT year for Microsoft and their collaboration platforms. Jeff Teper is back in charge and things really picked up speed. Before we talk 2016, let’s talk about 2015.

Here are few of the highlights for 2015…

Groups became the king of collaboration in O365

Office 365 Groups were announced in 2014 but became for real in 2015. As we have seen with the majority of “experiences” coming out in Office 365, Microsoft is heavily following the Minimal Viable Product (MVP) deployment model. This means that Microsoft is releasing things without things being fully ready but then actively taking feedback to actually adapt their solutions to business needs. I think this is a great approach and we as technologists working with Microsoft need to understand this. We can be critical of their releases but need to provide the proper feedback through the proper channels such as uservoice and Yammer. There is still a lot of work to do for Office 365 Groups to be fully enterprise ready but Microsoft has made it incredibly clear that this is the future. The recent announcement of the compliance capabilities within Groups is a great start. And remember it is NOT Groups vs Team Sites. Groups have their place along with Team Sites.

SharePoint Server 2016 on-premises was presented and betas released

If you would have asked me in 2014 what I thought the future of on-premises versions of SharePoint was I would have told you that it wasn’t good. Microsoft had been spending all of its marketing budget on Office 365 and Azure and not telling anyone about a roadmap for on-premises only SharePoint solutions. Then the announcement of SharePoint Server 2016 was released and over the past 12 months I have been able to watch the product grow internally and with the betas. This is not a groundbreaking release for Microsoft as far as any technical or end user upgrades but does provide a better long term infrastructure solution. In my opinion the biggest benefit will be the consolidated codebase between SharePoint Server 2016 and SharePoint Online. As Microsoft is developing everything cloud first this means that solutions will be more easily ported from Office 365 back to on-premises. Now of course there are things that will always be Office 365 only but this new version allows for more possibilities.

New OneDrive for Business sync tool(s)

If you have ever used the old OneDrive for Business sync tool you know it sucked. Thankfully Microsoft released a new sync client in preview for most of Q4 and finally made it GA in December. Now this release does a lot of things better than the old sync tool, like actually sync, but still has lots of work to do. I would still not consider this an enterprise ready solution. The fact that we still have to use 2 sync tools for OneDrive vs SharePoint vs Groups is enough to confuse everyone.

Office 365 compliance updates

There were so many releases as far as security, compliance and trust in Office 365 that I could write multiple posts about each. We got our first access to a new Trust Portal, Data Loss Prevention (DLP), advanced eDiscovery, Advanced Threat Protection, Retention, O365 Auditing and more. This was an area that was very hard to keep up with as it changed so much. Even by the end of year, as in this month, they are releasing new things. The Compliance Center is now being rebranded as the Protection Center.

Honorable mention

Better administration in OneDrive for Business
New OneDrive for Business UI
PowerApps
Planner
Lots and lots of mobile apps (Video, Groups, O365 Admin, Office Lens, Delve)
Delve profiles

Ok let’s talk predictions for 2016!

The majority of these will by my wishes. I will state nothing I am predicting here I actually know will happen. I have the privy to be a part of certain preview programs but none of my predictions below relate to those. These are areas I either hope will improve or expect to change.

PowerApps will be a niche solution

My primary issue with PowerApps on its initial release is that it is only directed at mobile and tablet devices. In the right business need PowerApps could be incredible. This really is the first step into having power-users have the ability to create mobile apps. Can you imagine a few years ago if you could use a very intuitive GUI to build an IOS app that could easily be deployed? The world of mobile app developers would have been flipped on its head. I envision that in the right hands with the proper business need PowerApps will be able to save your business money and increase productivity. Now I call it niche because even though we are moving to a mobile first world, the heavy majority of my clients are desktop and laptop based. IF, and that’s a big IF, PowerApps comes out with a desktop component, I can see this being an incredibly great product.

Team Sites in O365 will get some love

It has been far too long since the backbone of SharePoint Online has been updated. I think we saw the beginning of what it will be like with the new authoring solution in Office 365. It is only being used in the personal blog now but that authoring experience will transition into SharePoint Online in a modernized team site experience. I think the driving factor for this is the lack of responsive design using the default master page and branding in SharePoint Online. if Microsoft provided and page building solution that allowed for even basic responsive design it would be a huge plus. I don’t expect them to redo the master page model but apply the processes on top of it. I predict the new team sites will not be easily branded and used as a lightly customized solution.

OneDrive for Business will be easily manageable for the enterprise

I have no idea how this will happen but it better. Every time I talk with clients about rolling out OneDrive for Business the process of administering it becomes the number one topic. Right now there are not enough management capabilities to meet their needs There are ways to manage certain areas with PowerShell but we need a GUI for this. We also need better management of security capabilities that can be utilized. For example, there is currently no good way to manage IRM throughout your enterprise. These types of requests will hopefully begin to be added to the new protection center.

Yammer conversations get added into areas of Office 365

I went into Ignite 2015 expecting to hear Yammer was dead. I keep waiting to read a Microsoft blog post that Yammer is going away. This was a great example that my prediction being completely wrong as Yammer is still going whether its confusing when to use it or not. The newsfeed area of Office 365 is the best part about it and would greatly benefit being included in Team Sites but mainly Office 365 Groups. Right now the conversation section of Groups is simply email. The way Yammer tracks conversations could be included with the email capabilities to provide an even better experience. Things are going to get even more interesting once Groups allow external access as I believe that is one of the primary use cases for Yammer today. Either way something has to happen with Yammer at the least to ease confusion for what to use and when.

I may be wrong about all of these but cheers to 2016!

Fireworks