All posts by JosL

Converting onedrive url to UPN

Had a bit of a struggle converting onedrive for business url’s reliably to UPN’s.

Since a path might contain /personal/ multiple times, and we have those pesky national tenants with special url’s to deal with…

So thought I’d share:

function Get-UPNFromOnedriveUrl{
    Param(
        [string]$url
    )

    $userName = ''
    if ($url -match ':\/\/.*?\..*?\/personal\/(.*?)\/') {
        $userName = $matches[1]
    }else {
        Throw "Invalid OneDrive URL format: $url"
    }

    if(!$global:tenantODStyleDomains){
        $global:tenantODStyleDomains = New-GraphQuery -Uri "https://graph.microsoft.com/v1.0/domains" -Method GET -resource "https://graph.microsoft.com" | ForEach-Object { $_.id.replace(".","_") }
    }

    foreach($tenantODStyleDomain in $global:tenantODStyleDomains){
        if($userName -like "*_$tenantODStyleDomain"){
            $prefix = $userName.Replace("$tenantODStyleDomain","") 
            $suffix = $tenantODStyleDomain.Replace("_",".")
            break
        }
    }

    return "$prefix@$suffix".Replace("_","").ToLower()
}

M365Permissions v1.2.3

Performance improvements and Onenote Notebooks.

Today’s release has a ‘special guest’; Morten (blog)! He completely rewrote the entra user and group retrieval code, greatly improving both performance and total capacity!

Other changes of note:

  1. Add support for Onenote Notebook sharing permissions
  2. Treat anonymous sharing links as ‘deleted’ if the sharing level at the site forbids anonymous sharing

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

Setting NTFS permissions on a Folder through Intune

Although I found a good example/article on how to set modify permission through Intune, I wanted to use more of a desired state configuration type remediation where inheritance is removed and all defined ACL’s are exclusively applied to a given folder and all child folders/files. It also includes creating the folder if it isn’t there yet, which can be useful for certain legacy applications 🙂

Without further ado here’s the detection script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/detect.ps1

And here is the remediation script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/remediate.ps1

Run in SYSTEM context unless you unwisely made all your users local admins 😉

M365Permissions v1.2.2

Are you also curious about all those PowerApps and Flows in your environment? Orphaned ones maybe? Or when someone leaves the company?

1.2.2 adds scanning of PowerApps and Flows! Only when using SPN auth. (setup instructions)

In addition to that, I’ve also added provisional support for scans of tenants in USGOV, USDOD and China. Since I don’t have a test tenant there, I’ll have to rely on you to test how it performs there.

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery