ProvisioningAPI.ps1
# Autogenerated Sep 23rd 2018 # Get-PartnerContracts function Get-MSPartnerContracts { <# .SYNOPSIS Lists partner's customer organisations. Does not require permissions to MS Partner Center or admin rights. .DESCRIPTION Lists partner's customer organisations using provisioning API. Does not require permissions to MS Partner Center or admin rights. .Parameter AccessToken The access token used to get the list of partner's customer organisations. .Example PS C:\>Get-AADIntAccessTokenForAADGraph -SaveToCache PS C:\>Get-AADIntMSPartnerContracts CustomerName CustomerTenantId CustomerDefaultDomain ContractType ------------ ---------------- --------------------- ------------ Company dad33f16-69d1-4e32-880e-9c2d21aa3e59 company.com SupportPartnerContract Contoso 936b7883-4746-4b89-8bc4-c8128795cd7f contoso.onmicrosoft.com ResellerPartnerContract Adatum 17427dcd-8d61-4c23-9c68-d1f34975b420 adatum.com SupportPartnerContract #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PartnerContractSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $DomainName, [Parameter(Mandatory=$False)] $ManagedTenantId, [Parameter(Mandatory=$False)] $SearchKey ) Process { $command="ListPartnerContracts" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PartnerContractSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:ContractType i:nil="true"/> <c:DomainName i:nil="true"/> <c:ManagedTenantId i:nil="true"/> <c:SearchKey>DisplayName</c:SearchKey> </b:PartnerContractSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) if($results.Results.PartnerContract.count -lt 1) { $contracts = @($results.Results.PartnerContract) } else { $contracts = $results.Results.PartnerContract } $retVal = @() foreach($contract in $contracts) { $attributes = [ordered]@{ "CustomerName" = $contract.Name "CustomerTenantId" = $contract.TenantId "CustomerDefaultDomain" = $contract.DefaultDomainName "ContractType" = $contract.ContractType #"ObjectId" = $contract.ObjectId #"PartnerContext" = $contract.PartnerContext } $retVal += New-Object psobject -Property $attributes } return $retVal } } # Set-PartnerInformation # Oct 18th 2018 function Set-PartnerInformation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PartnerInformation, [ValidateSet('CompanyTenant','MicrosoftSupportTenant','SyndicatePartnerTenant','SupportPartnerTenant','ResellerPartnerTenant','ValueAddedResellerPartnerTenant')] $CompanyType="SupportPartnerTenant", [Parameter(Mandatory=$False)] $Contracts, [Parameter] [Switch]$DapEnabled, [Parameter(Mandatory=$True)] $PartnerTenantId, [Parameter(Mandatory=$False)] $PartnerCommerceUrl, [Parameter(Mandatory=$False)] $PartnerCompanyName, [Parameter(Mandatory=$False)] $PartnerContracts, [Parameter(Mandatory=$True)] $PartnerHelpUrl, [Parameter(Mandatory=$False)] $PartnerRoleMap, [Parameter(Mandatory=$True)] $PartnerSupportEmail, [Parameter(Mandatory=$True)] $PartnerSupportTelephone, [Parameter(Mandatory=$False)] $PartnerSupportUrl ) Process { $command="SetPartnerInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PartnerInformation xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> $(Add-CElement -Parameter "CompanyType" -Value $CompanyType) <c:Contracts i:nil="true"/> $(Add-CElement -Parameter "DapEnabled" -Value $DapEnabled) $(Add-CElement -Parameter "ObjectId" -Value $PartnerTenantId) $(Add-CElement -Parameter "PartnerCompanyName" -Value $PartnerCompanyName) <c:PartnerCommerceUrl i:nil="true"/> <c:PartnerContracts i:nil="true"/> <c:PartnerHelpUrl i:nil="true"/> <c:PartnerRoleMap i:nil="true"/> <c:PartnerSupportEmails i:nil="true"/> <c:PartnerSupportTelephones i:nil="true"/> <c:PartnerSupportUrl i:nil="true"/> </b:PartnerInformation> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-UserByUpn function Remove-UserByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$RemoveFromRecycleBin=$False, [Parameter(Mandatory=$True)] [string]$UserPrincipalName ) Process { $command="RemoveUserByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RemoveFromRecycleBin>$(b2s($RemoveFromRecycleBin))</b:RemoveFromRecycleBin> <b:UserPrincipalName>$UserPrincipalName</b:UserPrincipalName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-AdministrativeUnit function Remove-AdministrativeUnit { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RemoveAdministrativeUnit" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Contact function Get-Contact { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="GetContact" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-AdministrativeUnit function Get-AdministrativeUnit { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="GetAdministrativeUnit" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipalCredentialsByAppPrincipalId function Get-ServicePrincipalCredentialsByAppPrincipalId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$AppPrincipalId, [Parameter(Mandatory=$False)] [Boolean]$ReturnKeyValues ) Process { $command="ListServicePrincipalCredentialsByAppPrincipalId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AppPrincipalId>$AppPrincipalId</b:AppPrincipalId> <b:ReturnKeyValues i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipal function Remove-ServicePrincipal { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$ObjectId ) Process { $command="RemoveServicePrincipal" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipalBySpn function Get-ServicePrincipalBySpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ServicePrincipalName ) Process { $command="GetServicePrincipalBySpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipalName>$ServicePrincipalName</b:ServicePrincipalName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-Domain function Remove-Domain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$DomainName ) Process { $command="RemoveDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DomainName>$DomainName</b:DomainName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-AdministrativeUnitResults function Navigate-AdministrativeUnitResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateAdministrativeUnitResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-RoleMembers function Remove-RoleMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $RoleObjectId, [Parameter(Mandatory=$False)] $RoleMembers ) Process { $command="RemoveRoleMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleObjectId i:nil="true"/> <b:RoleMembers i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Subscriptions function Get-Subscriptions { <# .SYNOPSIS Gets tenant's subscriptions .DESCRIPTION Gets tenant's subscriptions .Parameter AccessToken Access Token .Example Get-AADIntSubscriptions SkuPartNumber : EMSPREMIUM WarningUnits : 0 TotalLicenses : 250 IsTrial : true NextLifecycleDate : 2018-11-13T00:00:00Z OcpSubscriptionId : 76909010-12ed-4b05-b3d7-ee1b42c21b4e ConsumedUnits : 23 ObjectId : 58265dbe-24e0-4cdb-8b62-51197a4c1c13 SkuId : b05e124f-c7cc-45a0-a6aa-8cf78c946968 DateCreated : 2018-08-13T00:00:00Z Status : Enabled SuspendedUnits : 0 AccountName : company SkuPartNumber : ENTERPRISEPREMIUM WarningUnits : 25 TotalLicenses : 25 IsTrial : true NextLifecycleDate : 2018-10-27T15:47:40Z OcpSubscriptionId : 7c206b83-2487-49fa-b91e-3d676de02ccb ConsumedUnits : 22 ObjectId : df58544b-5062-4d6c-85de-937f203bbe0f SkuId : c7df2760-2c81-4ef7-b578-5b5392b571df DateCreated : 2018-08-27T00:00:00Z Status : Warning SuspendedUnits : 0 AccountName : company #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ReturnValue ) Process { $command="ListSubscriptions" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Get skus $skus = Get-AccountSkus -AccessToken $AccessToken # Loop through the results foreach($subs in $results.Subscription) { $attributes=@{} $attributes.DateCreated=$subs.DateCreated $attributes.IsTrial=$subs.IsTrial $attributes.NextLifecycleDate=$subs.NextLifecycleDate $attributes.ObjectId=$subs.ObjectId $attributes.OcpSubscriptionId=$subs.OcpSubscriptionId #$attributes.OwnerContextId=$subs.OwnerContextId #$attributes.OwnerObjectId=$subs.OwnerObjectId #$attributes.OwnerType=$subs.OwnerType $attributes.SkuId=$subs.SkuId $attributes.SkuPartNumber=$subs.SkuPartNumber $attributes.Status=$subs.Status $attributes.TotalLicenses=$subs.TotalLicenses # Get the SKU $sku = $skus | where SkuId -eq $attributes.SkuId $attributes.WarningUnits = $sku.WarningUnits $attributes.ConsumedUnits = $sku.ConsumedUnits $attributes.SuspendedUnits = $sku.SuspendedUnits $attributes.AccountName = $sku.AccountName # Loop through service status objects <# $attributes.ServiceStatus=@() foreach($status in $subs.ServiceStatus.ServiceStatus) { $service_status=@{} $service_status.ProvisioningStatus=$status.ProvisioningStatus $service_status.ServiceName=$status.ServicePlan.ServiceName $service_status.ServicePlanId=$status.ServicePlan.ServicePlanId $service_status.ServiceType=$status.ServicePlan.ServiceType $service_status.TargetClass=$status.ServicePlan.TargetClass $attributes.ServiceStatus += New-Object psobject -Property $service_status } #> # Return New-Object psobject -Property $attributes } } } # Autogenerated Sep 23rd 2018 # Set-PasswordPolicy function Set-PasswordPolicy { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Policy, [Parameter(Mandatory=$False)] [string]$DomainName, [Parameter(Mandatory=$False)] [int]$NotificationDays=14, [Parameter(Mandatory=$False)] [int]$ValidityPeriod=90 ) Process { $command="SetPasswordPolicy" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Policy xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:NotificationDays>$NotificationDays</c:NotificationDays> <c:ValidityPeriod>$ValidityPeriod</c:ValidityPeriod> </b:Policy> <b:DomainName i:nil="$(([string]::IsNullOrEmpty($DomainName)).toString().ToLower())">$DomainName</b:DomainName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Groups function Get-Groups { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $GroupSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $AccountSku, [ValidateSet('DistributionList','Security','MailEnabledSecurity')] [string]$GroupType, [Parameter(Mandatory=$False)] $HasErrorsOnly, [Parameter(Mandatory=$False)] $HasLicenseErrorsOnly, [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $IsAgentRole, [Parameter(Mandatory=$False)] $UserObjectId, [Parameter(Mandatory=$False)] $UserPrincipalName ) Process { $command="ListGroups" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:GroupSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:AccountSku i:nil="true"/> <c:GroupType i:nil="true"/> <c:HasErrorsOnly i:nil="true"/> <c:HasLicenseErrorsOnly i:nil="true"/> <c:IncludedProperties i:nil="true"/> <c:IsAgentRole i:nil="true"/> <c:UserObjectId i:nil="true"/> <c:UserPrincipalName i:nil="true"/> </b:GroupSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results.Results.Group } } # Autogenerated Sep 23rd 2018 # Get-Subscription function Get-Subscription { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$SubscriptionId ) Process { $command="GetSubscription" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:SubscriptionId>$SubscriptionId</b:SubscriptionId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-GroupMembers function Remove-GroupMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $GroupMembers, [Parameter(Mandatory=$False)] $GroupObjectId ) Process { $command="RemoveGroupMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:GroupMembers i:nil="true"/> <b:GroupObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-ContactResults function Navigate-ContactResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateContactResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Domain function Get-Domain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$DomainName ) Process { $command="GetDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DomainName>$DomainName</b:DomainName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-AdministrativeUnit function Add-AdministrativeUnit { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnit, [Parameter(Mandatory=$False)] $Description, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="AddAdministrativeUnit" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnit xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:Description i:nil="true"/> <c:DisplayName i:nil="true"/> <c:ObjectId i:nil="true"/> </b:AdministrativeUnit> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipal function Get-ServicePrincipal { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="GetServicePrincipal" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get-AccountSkus # Aug 12th 018 function Get-AccountSkus { <# .SYNOPSIS Gets tenant's SKUs .DESCRIPTION Gets tenant's stock keeping units (SKUs) .Parameter AccessToken Access Token .Example Get-AADIntAccountSkus TargetClass : User SkuPartNumber : EMSPREMIUM WarningUnits : 58265dbe-24e0-4cdb-8b62-51197a4c1c13 ServiceStatus : {@{ServiceName=EXCHANGE_S_FOUNDATION; TargetClass=Tenant; ServiceType=Exchange; ServicePlanId=113feb6c-3fe4-4440-bddc-54d774bf0318; ProvisioningStatus=Success}, @{ServiceName=ATA; TargetClass=User; ServiceType=AzureAdvancedThreatAnalytics; ServicePlanId=14ab5db5-e6c4-4b20-b4bc-13e36fd2227f; ProvisioningStatus=Success}, @{ServiceName=ADALLOM_S_STANDALONE; T argetClass=User; ServiceType=Adallom; ServicePlanId=2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2; ProvisioningStatus=Success}, @{ServiceName=RMS_S_PREMIUM2; TargetClass=User; ServiceType= RMSOnline; ServicePlanId=5689bec4-755d-4753-8b61-40975025187c; ProvisioningStatus=Success}...} AccountObjectId : 1b78d686-e37b-4c01-a1ec-c963fbae482a SuspendedUnits : 0 ConsumedUnits : 23 SkuId : b05e124f-c7cc-45a0-a6aa-8cf78c946968 ActiveUnits : 250 LockedOutUnits : 0 AccountSkuId : company:EMSPREMIUM AccountName : company TargetClass : User SkuPartNumber : ENTERPRISEPREMIUM WarningUnits : df58544b-5062-4d6c-85de-937f203bbe0f ServiceStatus : {@{ServiceName=PAM_ENTERPRISE; TargetClass=User; ServiceType=Exchange; ServicePlanId=b1188c4c-1b36-4018-b48b-ee07604f6feb; ProvisioningStatus=Success}, @{ServiceName=BPOS_S_TODO_3 ; TargetClass=User; ServiceType=To-Do; ServicePlanId=3fb82609-8c27-4f7b-bd51-30634711ee67; ProvisioningStatus=Success}, @{ServiceName=FORMS_PLAN_E5; TargetClass=User; ServiceType= OfficeForms; ServicePlanId=e212cbc7-0961-4c40-9825-01117710dcb1; ProvisioningStatus=Success}, @{ServiceName=STREAM_O365_E5; TargetClass=User; ServiceType=MicrosoftStream; ServiceP lanId=6c6042f5-6f01-4d67-b8c1-eb99d36eed3e; ProvisioningStatus=Success}...} AccountObjectId : 1b78d686-e37b-4c01-a1ec-c963fbae482a SuspendedUnits : 0 ConsumedUnits : 22 SkuId : c7df2760-2c81-4ef7-b578-5b5392b571df ActiveUnits : 0 LockedOutUnits : 0 AccountSkuId : company:ENTERPRISEPREMIUM AccountName : company #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AccountId ) Process { $command="ListAccountSkus" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AccountId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Loop through the results foreach($sku in $results.AccountSkuDetails) { $attributes=@{} $attributes.AccountName=$sku.AccountName $attributes.AccountObjectId=$sku.AccountObjectId $attributes.AccountSkuId=$sku.AccountSkuId $attributes.ActiveUnits=$sku.ActiveUnits $attributes.ConsumedUnits=$sku.ConsumedUnits $attributes.LockedOutUnits=$sku.LockedOutUnits $attributes.SkuId=$sku.SkuId $attributes.SkuPartNumber=$sku.SkuPartNumber $attributes.SuspendedUnits=$sku.SuspendedUnits $attributes.TargetClass=$sku.TargetClass $attributes.WarningUnits=$sku.WarningUnits # FIx: There might be more than one! $attributes.SubscriptionIds=$sku.SubscriptionIds.guid # Loop through service status objects $attributes.ServiceStatus=@() foreach($status in $sku.ServiceStatus.ServiceStatus) { $service_status=@{} $service_status.ProvisioningStatus=$status.ProvisioningStatus $service_status.ServiceName=$status.ServicePlan.ServiceName $service_status.ServicePlanId=$status.ServicePlan.ServicePlanId $service_status.ServiceType=$status.ServicePlan.ServiceType $service_status.TargetClass=$status.ServicePlan.TargetClass $attributes.ServiceStatus += New-Object psobject -Property $service_status } # Return New-Object psobject -Property $attributes } } } # Autogenerated Sep 23rd 2018 # Set-CompanyMultiNationalEnabled function Set-CompanyMultiNationalEnabled { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$Enable=$false, [Parameter(Mandatory=$False)] [string]$ServiceType ) Process { $command="SetCompanyMultiNationalEnabled" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" $(Add-BElement -Parameter "Enable" -Value $Enable) $(Add-BElement -Parameter "ServiceType" -Value $ServiceType) "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipalByAppPrincipalId function Remove-ServicePrincipalByAppPrincipalId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AppPrincipalId ) Process { $command="RemoveServicePrincipalByAppPrincipalId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AppPrincipalId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipalCredentials function Get-ServicePrincipalCredentials { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] [Boolean]$ReturnKeyValues ) Process { $command="ListServicePrincipalCredentials" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:ReturnKeyValues>true</b:ReturnKeyValues> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results.ServicePrincipalCredential } } # Get-AccidentalDeletionInformation # Oct 18th 2018 function Get-AccidentalDeletionInformation { <# .SYNOPSIS Get accidental deletion information .Description Get accidental deletion information of Azure AD .Parameter AccessToken Access Token. .Example GetAADIntAccidentalDeletionInformation AccidentalDeletionThreshold DeletionPreventionType --------------------------- ---------------------- 500 EnabledForCount #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { $command="GetAccidentalDeletionInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Verify-Domain function Verify-Domain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $FederationSettings, [Parameter(Mandatory=$False)] $ForceTakeover, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="VerifyDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:FederationSettings i:nil="true"/> <b:ForceTakeover i:nil="true"/> <b:DomainName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-RolesForUser function Get-RolesForUser { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="ListRolesForUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-DirSyncProvisioningErrors function Navigate-DirSyncProvisioningErrors { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateDirSyncProvisioningErrors" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-DomainVerificationDns function Get-DomainVerificationDns { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$Mode, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="GetDomainVerificationDns" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Mode i:nil="true"/> <b:DomainName>$DomainName</b:DomainName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-CompanyAllowedDataLocation function Set-CompanyAllowedDataLocation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ServiceType, [Parameter(Mandatory=$False)] [Boolean]$IsDefault, [Parameter(Mandatory=$False)] [string]$InitialDomain, [Parameter(Mandatory=$False)] [string]$Location, [Parameter(Mandatory=$False)] [Boolean]$Overwrite ) Process { $command="SetCompanyAllowedDataLocation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServiceType i:nil="true"/> <b:IsDefault i:nil="true"/> <b:InitialDomain i:nil="true"/> <b:Location i:nil="true"/> <b:Overwrite i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Has-ObjectsWithDirSyncProvisioningErrors function Has-ObjectsWithDirSyncProvisioningErrors { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$ReturnValue ) Process { $command="HasObjectsWithDirSyncProvisioningErrors" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-CompanyDirSyncFeature function Set-CompanyDirSyncFeature { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [Boolean]$Enable, [Parameter(Mandatory=$false)] [Boolean]$DeviceWriteback, [Parameter(Mandatory=$false)] $DirectoryExtensions, [Parameter(Mandatory=$false)] $DuplicateProxyAddressResiliency, [Parameter(Mandatory=$false)] $DuplicateUPNResiliency, [Parameter(Mandatory=$false)] $EnableSoftMatchOnUpn, [Parameter(Mandatory=$false)] $EnforceCloudPasswordPolicyForPasswordSyncedUsers, [Parameter(Mandatory=$false)] $PasswordSync, [Parameter(Mandatory=$false)] $SynchronizeUpnForManagedUsers, [Parameter(Mandatory=$false)] $UnifiedGroupWriteback, [Parameter(Mandatory=$false)] $UserWriteback ) Process { $command="SetCompanyDirSyncFeature" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Enable>$Enable</b:Enable> <b:Feature>$Feature</b:Feature> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get-PartnerInformation # Oct 18th 2018 function Get-PartnerInformation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ReturnValue ) Process { $command="GetPartnerInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get-DomainFederationSettings function Get-DomainFederationSettings { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="GetDomainFederationSettings" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DomainName>$DomainName</b:DomainName> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Return $results } } # Autogenerated Sep 23rd 2018 # Get-DirSyncProvisioningErrors function Get-DirSyncProvisioningErrors { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $DirSyncProvisioningErrorSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $ErrorCategory, [Parameter(Mandatory=$False)] $ObjectType, [Parameter(Mandatory=$False)] $PropertyName, [Parameter(Mandatory=$False)] $PropertyValue ) Process { $command="ListDirSyncProvisioningErrors" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DirSyncProvisioningErrorSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:ErrorCategory i:nil="true"/> <c:ObjectType i:nil="true"/> <c:PropertyName i:nil="true"/> <c:PropertyValue i:nil="true"/> </b:DirSyncProvisioningErrorSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipalBySpn function Remove-ServicePrincipalBySpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ServicePrincipalName ) Process { $command="RemoveServicePrincipalBySpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipalName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-ServicePrincipalResults function Navigate-ServicePrincipalResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateServicePrincipalResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-AdministrativeUnitMembers function Add-AdministrativeUnitMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnitMembers, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId ) Process { $command="AddAdministrativeUnitMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnitMembers i:nil="true"/> <b:AdministrativeUnitObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-RoleMembersByRoleName function Remove-RoleMembersByRoleName { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$RoleName, [Parameter(Mandatory=$False)] $RoleMembers ) Process { $command="RemoveRoleMembersByRoleName" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleName i:nil="true"/> <b:RoleMembers i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-UserResults function Navigate-UserResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateUserResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-RoleMemberResults function Navigate-RoleMemberResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateRoleMemberResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipalCredentialsBySpn function Get-ServicePrincipalCredentialsBySpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { $command="ListServicePrincipalCredentialsBySpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-CompanyAllowedDataLocation function Get-CompanyAllowedDataLocation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ReturnValue ) Process { $command="GetCompanyAllowedDataLocation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Reset-UserPasswordByUpn function Reset-UserPasswordByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$ForceChangePasswordOnly, [Parameter(Mandatory=$False)] [string]$UserPrincipalName, [Parameter(Mandatory=$False)] [Boolean]$ForceChangePassword, [Parameter(Mandatory=$False)] [string]$NewPassword ) Process { $command="ResetUserPasswordByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ForceChangePasswordOnly i:nil="true"/> <b:UserPrincipalName i:nil="true"/> <b:ForceChangePassword i:nil="true"/> <b:NewPassword i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Contacts function Get-Contacts { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ContactSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $HasErrorsOnly, [Parameter(Mandatory=$False)] $IncludedProperties ) Process { $command="ListContacts" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ContactSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:HasErrorsOnly i:nil="true"/> <c:IncludedProperties i:nil="true"/> </b:ContactSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-RoleScopedMemberResults function Navigate-RoleScopedMemberResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateRoleScopedMemberResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Has-ObjectsWithDirSyncProvisioningErrors2 function Has-ObjectsWithDirSyncProvisioningErrors2 { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ObjectType ) Process { $command="HasObjectsWithDirSyncProvisioningErrors2" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectType i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-RoleScopedMembers function Add-RoleScopedMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $RoleMembers, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId, [Parameter(Mandatory=$False)] $RoleObjectId ) Process { $command="AddRoleScopedMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleMembers i:nil="true"/> <b:AdministrativeUnitObjectId i:nil="true"/> <b:RoleObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-UserLicensesByUpn function Set-UserLicensesByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AddLicenses, [Parameter(Mandatory=$False)] $RemoveLicenses, [Parameter(Mandatory=$False)] $LicenseOptions, [Parameter(Mandatory=$False)] [string]$UserPrincipalName ) Process { $command="SetUserLicensesByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AddLicenses i:nil="true"/> <b:RemoveLicenses i:nil="true"/> <b:LicenseOptions i:nil="true"/> <b:UserPrincipalName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-RoleByName function Get-RoleByName { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$RoleName ) Process { $command="GetRoleByName" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Add-RoleMembers # Oct 19th 2018 function Add-RoleMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] $RoleObjectId, [Parameter(Mandatory=$True)] [String]$RoleMemberObjectId, [ValidateSet('Other','Group','User','ServicePrincipal')] [String]$RoleMemberType="User" ) Process { $command="AddRoleMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleMembers xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:RoleMember> <c:DisplayName i:nil="true"/> <c:EmailAddress i:nil="true"/> <c:IsLicensed i:nil="true"/> <c:LastDirSyncTime i:nil="true"/> $(Add-CElement -Parameter "ObjectId" -Value $RoleMemberObjectId) <c:OverallProvisioningStatus i:nil="true"/> $(Add-CElement -Parameter "RoleMemberType" -Value $RoleMemberType) <c:StrongAuthenticationRequirements i:nil="true"/> <c:ValidationStatus i:nil="true"/> </c:RoleMember> </b:RoleMembers> $(Add-BElement -Parameter "RoleObjectId" -Value $RoleObjectId) "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-User function Set-User { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AlternateEmailAddresses, [Parameter(Mandatory=$False)] $AlternateMobilePhones, [Parameter(Mandatory=$False)] $AlternativeSecurityIds, [Parameter(Mandatory=$False)] $BlockCredential, [Parameter(Mandatory=$False)] $City, [Parameter(Mandatory=$False)] $CloudExchangeRecipientDisplayType, [Parameter(Mandatory=$False)] $Country, [Parameter(Mandatory=$False)] $Department, [Parameter(Mandatory=$False)] $DirSyncProvisioningErrors, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $Errors, [Parameter(Mandatory=$False)] $Fax, [Parameter(Mandatory=$False)] $FirstName, [Parameter(Mandatory=$False)] $ImmutableId, [Parameter(Mandatory=$False)] $IndirectLicenseErrors, [Parameter(Mandatory=$False)] $IsBlackberryUser, [Parameter(Mandatory=$False)] $IsLicensed, [Parameter(Mandatory=$False)] $LicenseAssignmentDetails, [Parameter(Mandatory=$False)] $LicenseReconciliationNeeded, [Parameter(Mandatory=$False)] $Licenses, [Parameter(Mandatory=$False)] $LiveId, [Parameter(Mandatory=$False)] $MSExchRecipientTypeDetails, [Parameter(Mandatory=$False)] $MSRtcSipDeploymentLocator, [Parameter(Mandatory=$False)] $MSRtcSipPrimaryUserAddress, [Parameter(Mandatory=$False)] $MobilePhone, [Parameter(Mandatory=$False)] $OathTokenMetadata, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $Office, [Parameter(Mandatory=$False)] $OverallProvisioningStatus="None", [Parameter(Mandatory=$False)] $PasswordNeverExpires, [Parameter(Mandatory=$False)] $PasswordResetNotRequiredDuringActivate, [Parameter(Mandatory=$False)] $PhoneNumber, [Parameter(Mandatory=$False)] $PortalSettings, [Parameter(Mandatory=$False)] $PostalCode, [Parameter(Mandatory=$False)] $PreferredDataLocation, [Parameter(Mandatory=$False)] $PreferredLanguage, [Parameter(Mandatory=$False)] [String[]]$ProxyAddresses, [ValidateSet('Other','StagedRolloutOne','StagedRolloutTwo','Compass','Dogfood')] $ReleaseTrack, [Parameter(Mandatory=$False)] $ServiceInformation, [Parameter(Mandatory=$False)] $SignInName, [Parameter(Mandatory=$False)] $SoftDeletionTimestamp, [Parameter(Mandatory=$False)] $State, [Parameter(Mandatory=$False)] $StreetAddress, [Parameter(Mandatory=$False)] $StrongAuthenticationMethods, [Parameter(Mandatory=$False)] $StrongAuthenticationPhoneAppDetails, [Parameter(Mandatory=$False)] $StrongAuthenticationProofupTime, [Parameter(Mandatory=$False)] $StrongAuthenticationRequirements, [Parameter(Mandatory=$False)] $StrongAuthenticationUserDetails, [Parameter(Mandatory=$False)] $StrongPasswordRequired, [Parameter(Mandatory=$False)] $StsRefreshTokensValidFrom, [Parameter(Mandatory=$False)] $Title, [Parameter(Mandatory=$False)] $UsageLocation, [ValidateSet('homepage_office365','shellmail','shellcalendar','shellpeople')] $UserLandingPageIdentifierForO365Shell, [Parameter(Mandatory=$True)] $UserPrincipalName, [ValidateSet('Super','Bricks')] $UserThemeIdentifierForO365Shell, [ValidateSet('Member','Guest','Viral')] $UserType, [ValidateSet('NotAvailable','Healthy','Error')] $ValidationStatus="NotAvailable" ) Process { $command="SetUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:User xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:AlternateEmailAddresses i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> <c:AlternateMobilePhones i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> <c:AlternativeSecurityIds i:nil="true"/> $(Add-CElement -Parameter "BlockCredential" -Value "$BlockCredential") $(Add-CElement -Parameter "City" -Value "$City") <c:CloudExchangeRecipientDisplayType i:nil="true"/> $(Add-CElement -Parameter "Country" -Value "$Country") $(Add-CElement -Parameter "Department" -Value "$Department") <c:DirSyncProvisioningErrors i:nil="true"/> $(Add-CElement -Parameter "DisplayName" -Value "$DisplayName") <c:Errors i:nil="true"/> $(Add-CElement -Parameter "Fax" -Value "$Fax") $(Add-CElement -Parameter "FirstName" -Value "$FirstName") $(Add-CElement -Parameter "ImmutableId" -Value "$ImmutableId") <c:IndirectLicenseErrors i:nil="true"/> $(Add-CElement -Parameter "IsBlackberryUser" -Value "$IsBlackberryUser") <c:IsLicensed i:nil="true"/> <c:LastDirSyncTime i:nil="true"/> $(Add-CElement -Parameter "LastName" -Value "$LastName") <c:LastPasswordChangeTimestamp i:nil="true"/> <c:LicenseAssignmentDetails i:nil="true"/> <c:LicenseReconciliationNeeded i:nil="true"/> <c:Licenses i:nil="true"/> <c:LiveId i:nil="true"/> <c:MSExchRecipientTypeDetails i:nil="true"/> <c:MSRtcSipDeploymentLocator i:nil="true"/> <c:MSRtcSipPrimaryUserAddress i:nil="true"/> $(Add-CElement -Parameter "MobilePhone" -Value "$MobilePhone") <c:ObjectId i:nil="true"/> $(Add-CElement -Parameter "Office" -Value "$Office") $(Add-CElement -Parameter "OverallProvisioningStatus" -Value "$OverallProvisioningStatus") $(Add-CElement -Parameter "PasswordNeverExpires" -Value "$PasswordNeverExpires") $(Add-CElement -Parameter "PasswordResetNotRequiredDuringActivate" -Value "$PasswordResetNotRequiredDuringActivate") $(Add-CElement -Parameter "PhoneNumber" -Value "$PhoneNumber") <c:PortalSettings i:nil="true"/> $(Add-CElement -Parameter "PostalCode" -Value "$PostalCode") <c:PreferredDataLocation i:nil="true"/> $(Add-CElement -Parameter "PreferredLanguage" -Value "$PreferredLanguage") <c:ProxyAddresses i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> $(Add-CElement -Parameter "ReleaseTrack" -Value "$ReleaseTrack") <c:ServiceInformation i:nil="true"/> $(Add-CElement -Parameter "SignInName" -Value "$SignInName") <c:SoftDeletionTimestamp i:nil="true"/> $(Add-CElement -Parameter "State" -Value "$State") $(Add-CElement -Parameter "StreetAddress" -Value "$StreetAddress") <c:StrongAuthenticationMethods i:nil="true"/> <c:StrongAuthenticationPhoneAppDetails i:nil="true"/> <c:StrongAuthenticationProofupTime i:nil="true"/> <c:StrongAuthenticationRequirements i:nil="true"/> <c:StrongAuthenticationUserDetails i:nil="true"/> $(Add-CElement -Parameter "StrongPasswordRequired" -Value "$StrongPasswordRequired") <c:StsRefreshTokensValidFrom i:nil="true"/> $(Add-CElement -Parameter "Title" -Value "$Title") $(Add-CElement -Parameter "UsageLocation" -Value "$UsageLocation") $(Add-CElement -Parameter "UserLandingPageIdentifierForO365Shell" -Value "$UserLandingPageIdentifierForO365Shell") $(Add-CElement -Parameter "UserPrincipalName" -Value "$UserPrincipalName") $(Add-CElement -Parameter "UserThemeIdentifierForO365Shell" -Value "$UserThemeIdentifierForO365Shell") $(Add-CElement -Parameter "UserType" -Value "$UserType") <c:ValidationStatus i:nil="true"/> <c:WhenCreated i:nil="true"/> </b:User> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-AdministrativeUnitMemberResults function Navigate-AdministrativeUnitMemberResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateAdministrativeUnitMemberResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Set-CompanySettings # Oct 19th 2018 function Set-CompanySettings { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$AllowAdHocSubscriptions, [Parameter(Mandatory=$False)] [Boolean]$AllowEmailVerifiedUsers, [Parameter(Mandatory=$False)] [string]$DefaultUsageLocation, [Parameter(Mandatory=$False)] [Boolean]$RmsViralSignUpEnabled, [Parameter(Mandatory=$False)] [Boolean]$SelfServePasswordResetEnabled, [Parameter(Mandatory=$False)] [Boolean]$UsersPermissionToCreateGroupsEnabled, [Parameter(Mandatory=$False)] [Boolean]$UsersPermissionToCreateLOBAppsEnabled, [Parameter(Mandatory=$False)] [Boolean]$UsersPermissionToReadOtherUsersEnabled, [Parameter(Mandatory=$False)] [Boolean]$UsersPermissionToUserConsentToAppEnabled, [ValidateSet('Other','StagedRolloutOne','StagedRolloutTwo','Compass','Dogfood')] [String]$O365UserReleaseTrack ) Process { $command="SetCompanySettings" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Settings xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> $(Add-CElement -Parameter "AllowAdHocSubscriptions" -Value $AllowAdHocSubscriptions) $(Add-CElement -Parameter "AllowEmailVerifiedUsers" -Value $AllowEmailVerifiedUsers) $(Add-CElement -Parameter "DefaultUsageLocation" -Value $DefaultUsageLocation) $(Add-CElement -Parameter "RmsViralSignUpEnabled" -Value $RmsViralSignUpEnabled) $(Add-CElement -Parameter "SelfServePasswordResetEnabled" -Value $SelfServePasswordResetEnabled) $(Add-CElement -Parameter "UsersPermissionToCreateGroupsEnabled" -Value $UsersPermissionToCreateGroupsEnabled) $(Add-CElement -Parameter "UsersPermissionToCreateLOBAppsEnabled" -Value $UsersPermissionToCreateLOBAppsEnabled) $(Add-CElement -Parameter "UsersPermissionToReadOtherUsersEnabled" -Value $UsersPermissionToReadOtherUsersEnabled) $(Add-CElement -Parameter "UsersPermissionToUserConsentToAppEnabled" -Value $UsersPermissionToUserConsentToAppEnabled) $(Add-CElement -Parameter "O365UserReleaseTrack" -Value $O365UserReleaseTrack) </b:Settings> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Roles function Get-Roles { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ReturnValue ) Process { $command="ListRoles" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-ServicePrincipal function Add-ServicePrincipal { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AppPrincipalId, [Parameter(Mandatory=$False)] $Addresses, [Parameter(Mandatory=$False)] [Boolean]$TrustedForDelegation, [Parameter(Mandatory=$False)] [Boolean]$AccountEnabled, [Parameter(Mandatory=$False)] $ServicePrincipalNames, [Parameter(Mandatory=$False)] $Credentials, [Parameter(Mandatory=$False)] [string]$DisplayName ) Process { $command="AddServicePrincipal" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AppPrincipalId i:nil="true"/> <b:Addresses i:nil="true"/> <b:TrustedForDelegation i:nil="true"/> <b:AccountEnabled i:nil="true"/> <b:ServicePrincipalNames i:nil="true"/> <b:Credentials i:nil="true"/> <b:DisplayName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-ServicePrincipal function Set-ServicePrincipal { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ServicePrincipal, [Parameter(Mandatory=$False)] $AccountEnabled, [Parameter(Mandatory=$False)] $Addresses, [Parameter(Mandatory=$False)] $AppPrincipalId, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $ServicePrincipalNames, [Parameter(Mandatory=$False)] $TrustedForDelegation ) Process { $command="SetServicePrincipal" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipal xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:AccountEnabled i:nil="true"/> <c:Addresses i:nil="true"/> <c:AppPrincipalId i:nil="true"/> <c:DisplayName i:nil="true"/> <c:ObjectId i:nil="true"/> <c:ServicePrincipalNames i:nil="true"/> <c:TrustedForDelegation i:nil="true"/> </b:ServicePrincipal> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-CompanyDirSyncFeatures function Get-CompanyDirSyncFeatures { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$Feature ) Process { $command="GetCompanyDirSyncFeatures" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Feature i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results.DirSyncFeatureDetails } } # Get-Users function Get-Users { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $UserSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $AccountSku, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId, [Parameter(Mandatory=$False)] $BlackberryUsersOnly, [Parameter(Mandatory=$False)] $City, [Parameter(Mandatory=$False)] $Country, [Parameter(Mandatory=$False)] $Department, [Parameter(Mandatory=$False)] $DomainName, [Parameter(Mandatory=$False)] $EnabledFilter, [Parameter(Mandatory=$False)] $HasErrorsOnly, [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $IndirectLicenseFilter, [Parameter(Mandatory=$False)] $LicenseReconciliationNeededOnly, [Parameter(Mandatory=$False)] $ReturnDeletedUsers, [Parameter(Mandatory=$False)] $State, [Parameter(Mandatory=$False)] $Synchronized, [Parameter(Mandatory=$False)] $Title, [Parameter(Mandatory=$False)] [Boolean]$UnlicensedUsersOnly, [Parameter(Mandatory=$False)] $UsageLocation ) Process { $command="ListUsers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> $(Add-CElement -Parameter "SearchString" -Value $SearchString) <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:AccountSku i:nil="true"/> <c:AdministrativeUnitObjectId i:nil="true"/> <c:BlackberryUsersOnly i:nil="true"/> <c:City i:nil="true"/> <c:Country i:nil="true"/> <c:Department i:nil="true"/> <c:DomainName i:nil="true"/> <c:EnabledFilter i:nil="true"/> <c:HasErrorsOnly i:nil="true"/> <c:IncludedProperties i:nil="true"/> <c:IndirectLicenseFilter i:nil="true"/> <c:LicenseReconciliationNeededOnly i:nil="true"/> <c:ReturnDeletedUsers i:nil="true"/> <c:State i:nil="true"/> <c:Synchronized i:nil="true"/> <c:Title i:nil="true"/> <c:UnlicensedUsersOnly i:nil="true"/> <c:UsageLocation i:nil="true"/> </b:UserSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Return $results.results.user } } # Autogenerated Sep 23rd 2018 # Convert-FederatedUserToManaged function Convert-FederatedUserToManaged { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$UserPrincipalName, [Parameter(Mandatory=$False)] [string]$NewPassword ) Process { $command="ConvertFederatedUserToManaged" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName i:nil="true"/> <b:NewPassword i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Role function Get-Role { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="GetRole" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Set-DomainFederationSettings # Aug 12th 2018 function Set-DomainFederationSettings { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$DomainName, [Parameter(Mandatory=$False)] [string]$ActiveLogOnUri, [Parameter(Mandatory=$False)] [string]$DefaultInteractiveAuthenticationMethod, [Parameter(Mandatory=$False)] [string]$FederationBrandName, [Parameter(Mandatory=$True)] [string]$IssuerUri, [Parameter(Mandatory=$True)] [string]$LogOffUri, [Parameter(Mandatory=$False)] [string]$MetadataExchangeUri, [Parameter(Mandatory=$False)] [string]$NextSigningCertificate, [Parameter(Mandatory=$False)] [string]$OpenIdConnectDiscoveryEndpoint, [Parameter(Mandatory=$True)] [string]$PassiveLogOnUri, [Parameter(Mandatory=$False)] [string]$PasswordChangeUri, [Parameter(Mandatory=$False)] [string]$PasswordResetUri, [Parameter(Mandatory=$False)] [validateset("WsFed","SAMLP")] [string]$PreferredAuthenticationProtocol="WsFed", [Parameter(Mandatory=$False)] [string]$PromptLoginBehavior, [Parameter(Mandatory=$True)] [string]$SigningCertificate, [Parameter(Mandatory=$False)] [string]$SigningCertificateUpdateStatus #[Parameter(Mandatory=$False)] #[Boolean]$SupportsMfa=$true ) Process { $command="SetDomainFederationSettings" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" $(Add-BElement -Parameter "VerifiedDomain" -Value $VerifiedDomain) $(Add-BElement -Parameter "Authentication" -Value "Federated") $(Add-BElement -Parameter "DomainName" -Value $DomainName) <b:FederationSettings xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> $(Add-CElement -Parameter "ActiveLogonUri" -Value $ActiveLogOnUri) $(Add-CElement -Parameter "DefaultInteractiveAuthenticationMethod" -Value $DefaultInteractiveAuthenticationMethod) $(Add-CElement -Parameter "FederationBrandName" -Value $FederationBrandName) $(Add-CElement -Parameter "IssuerUri" -Value $IssuerUri) $(Add-CElement -Parameter "LogOffUri" -Value $LogOffUri) $(Add-CElement -Parameter "MetadataExchangeUri" -Value $MetadataExchangeUri) $(Add-CElement -Parameter "NextSigningCertificate" -Value $NextSigningCertificate) $(Add-CElement -Parameter "OpenIdConnectDiscoveryEndpoint" -Value $OpenIdConnectDiscoveryEndpoint) $(Add-CElement -Parameter "PassiveLogOnUri" -Value $PassiveLogOnUri) $(Add-CElement -Parameter "PasswordChangeUri" -Value $PasswordChangeUri) $(Add-CElement -Parameter "PasswordResetUri" -Value $PasswordResetUri) $(Add-CElement -Parameter "PreferredAuthenticationProtocol" -Value $PreferredAuthenticationProtocol) $(Add-CElement -Parameter "PromptLoginBehavior" -Value $PromptLoginBehavior) $(Add-CElement -Parameter "SigningCertificate" -Value $SigningCertificate) $(Add-CElement -Parameter "SigningCertificateUpdateStatus" -Value $SigningCertificateUpdateStatus) $(Add-CElement -Parameter "SupportsMfa" -Value $SupportsMfa) </b:FederationSettings> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-Group function Set-Group { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Group, [Parameter(Mandatory=$False)] $AssignedLicenses, [Parameter(Mandatory=$False)] $CommonName, [Parameter(Mandatory=$False)] $Description, [Parameter(Mandatory=$False)] $DirSyncProvisioningErrors, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $EmailAddress, [Parameter(Mandatory=$False)] $Errors, [Parameter(Mandatory=$False)] $GroupLicenseProcessingDetail, [ValidateSet('DistributionList','Security','MailEnabledSecurity')] $GroupType="DistributionList", [Parameter(Mandatory=$False)] $IsSystem, [Parameter(Mandatory=$False)] $LastDirSyncTime, [Parameter(Mandatory=$False)] $Licenses, [Parameter(Mandatory=$False)] $ManagedBy, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $ProxyAddresses, [ValidateSet('NotAvailable','Healthy','Error')] $ValidationStatus="NotAvailable" ) Process { $command="SetGroup" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Group xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:AssignedLicenses i:nil="true"/> <c:CommonName i:nil="true"/> <c:Description i:nil="true"/> <c:DirSyncProvisioningErrors i:nil="true"/> <c:DisplayName i:nil="true"/> <c:EmailAddress i:nil="true"/> <c:Errors i:nil="true"/> <c:GroupLicenseProcessingDetail i:nil="true"/> <c:GroupType i:nil="true"/> <c:IsSystem i:nil="true"/> <c:LastDirSyncTime i:nil="true"/> <c:Licenses i:nil="true"/> <c:ManagedBy i:nil="true"/> <c:ObjectId i:nil="true"/> <c:ProxyAddresses i:nil="true"/> <c:ValidationStatus i:nil="true"/> </b:Group> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Verify-Domain2 function Verify-Domain2 { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $FederationSettings, [Parameter(Mandatory=$False)] $ForceTakeover, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="VerifyDomain2" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:FederationSettings i:nil="true"/> <b:ForceTakeover i:nil="true"/> <b:DomainName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-Domain function Set-Domain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Domain, [Parameter(Mandatory=$False)] $Authentication, [Parameter(Mandatory=$False)] $Capabilities, [Parameter(Mandatory=$False)] $IsDefault, [Parameter(Mandatory=$False)] $IsInitial, [Parameter(Mandatory=$False)] $Name, [Parameter(Mandatory=$False)] $RootDomain, [Parameter(Mandatory=$False)] $Status, [Parameter(Mandatory=$False)] $VerificationMethod ) Process { $command="SetDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Domain xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:Authentication i:nil="true"/> <c:Capabilities i:nil="true"/> <c:IsDefault i:nil="true"/> <c:IsInitial i:nil="true"/> <c:Name i:nil="true"/> <c:RootDomain i:nil="true"/> <c:Status i:nil="true"/> <c:VerificationMethod i:nil="true"/> </b:Domain> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Retry-UserProvisioning function Retry-UserProvisioning { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RetryUserProvisioning" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipalCredentials function Remove-ServicePrincipalCredentials { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $KeyIds, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore ) Process { $command="RemoveServicePrincipalCredentials" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:KeyIds i:nil="true"/> <b:MsodsAsKeyStore i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Set-ADDirSyncEnabled # May 8th 2019 function Set-ADSyncEnabled { <# .SYNOPSIS Enables or disables directory synchronization .DESCRIPTION Enables or disables directory synchronization using provisioning API. Enabling / disabling the synchrnoization usually takes less than 10 seconds. Check the status using Get-AADIntCompanyInformation. .Parameter AccessToken Access Token .Parameter Enabled True or False .Example Set-AADIntADSyncEnabled -Enabled $true #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$EnableDirSync ) Process { $command="SetCompanyDirSyncEnabled" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" $(Add-BElement -Parameter "EnableDirSync" -Value $EnableDirSync) "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Change-UserPrincipalName function Change-UserPrincipalName { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] [string]$ImmutableId, [Parameter(Mandatory=$False)] [string]$NewUserPrincipalName, [Parameter(Mandatory=$False)] [string]$NewPassword ) Process { $command="ChangeUserPrincipalName" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:ImmutableId i:nil="true"/> <b:NewUserPrincipalName i:nil="true"/> <b:NewPassword i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get-RoleMembers # Oct 19th 2018 function Get-GlobalAdmins { <# .SYNOPSIS Returns Global Admins .Description Returns Global Admins .Parameter AccessToken Access Token .Example Get-AADIntGlobalAdmins DisplayName UserPrincipalName ----------- ----------------- Admin admin@company.onmicrosoft.com Admin Two admin.two@company.com #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Return role members using well-known Global Admins role object id. return Get-RoleMembers -AccessToken $AccessToken -RoleObjectId "62e90394-69f5-4237-9190-012177145e10" | Select-Object @{N='DisplayName'; E={$_.DisplayName}},@{N='UserPrincipalName'; E={$_.EmailAddress}},@{N='ObjectId'; E={$_.ObjectId}}, @{N='Type'; E={$_.RoleMemberType}} } } # Get-RoleMembers # Oct 19th 2018 function Get-RoleMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $MemberObjectTypes, [Parameter(Mandatory=$False)] $RoleObjectId ) Process { $command="ListRoleMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleMemberSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:IncludedProperties i:nil="true"/> <c:MemberObjectTypes i:nil="true"/> $(Add-CElement -Parameter "RoleObjectId" -Value $RoleObjectId) </b:RoleMemberSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Return $results.Results.RoleMember } } # Autogenerated Sep 23rd 2018 # Get-AdministrativeUnits function Get-AdministrativeUnits { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnitSearchDefinition, [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $UserObjectId, [Parameter(Mandatory=$False)] $UserPrincipalName ) Process { $command="ListAdministrativeUnits" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnitSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:IncludedProperties i:nil="true"/> <c:UserObjectId i:nil="true"/> <c:UserPrincipalName i:nil="true"/> </b:AdministrativeUnitSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Reset-UserPassword function Reset-UserPassword { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] [Boolean]$ForceChangePasswordOnly, [Parameter(Mandatory=$False)] [Boolean]$ForceChangePassword, [Parameter(Mandatory=$False)] [string]$NewPassword ) Process { $command="ResetUserPassword" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:ForceChangePasswordOnly i:nil="true"/> <b:ForceChangePassword i:nil="true"/> <b:NewPassword i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-PartnerContracts function Navigate-PartnerContracts { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigatePartnerContracts" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-User function Remove-UserByObjectId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] $ObjectId, [Parameter(Mandatory=$False)] [Boolean]$RemoveFromRecycleBin=$False ) Process { $command="RemoveUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:RemoveFromRecycleBin>$(b2s($RemoveFromRecycleBin))</b:RemoveFromRecycleBin> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-Contact function Remove-Contact { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RemoveContact" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-GroupMembers function Add-GroupMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $GroupMembers, [Parameter(Mandatory=$False)] $GroupObjectId ) Process { $command="AddGroupMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:GroupMembers i:nil="true"/> <b:GroupObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-ServicePrincipalByAppPrincipalId function Get-ServicePrincipalByAppPrincipalId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AppPrincipalId ) Process { $command="GetServicePrincipalByAppPrincipalId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AppPrincipalId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Domains function Get-Domains { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $SearchFilter ) Process { $command="ListDomains" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:SearchFilter i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-UserByUpn function Get-UserByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$UserPrincipalName, [Parameter(Mandatory=$False)] [Boolean]$ReturnDeletedUsers=$False ) Process { $command="GetUserByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName>$UserPrincipalName</b:UserPrincipalName> <b:ReturnDeletedUsers>$(b2s($ReturnDeletedUsers))</b:ReturnDeletedUsers> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-CompanySecurityComplianceContactInformation function Set-CompanySecurityComplianceContactInformation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $SecurityComplianceNotificationPhones, [Parameter(Mandatory=$False)] $SecurityComplianceNotificationEmails ) Process { $command="SetCompanySecurityComplianceContactInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:SecurityComplianceNotificationPhones i:nil="true"/> <b:SecurityComplianceNotificationEmails i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-UserByObjectID function Get-UserByObjectId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] $ObjectId, [Parameter(Mandatory=$False)] [Boolean]$ReturnDeletedUsers=$False ) Process { $command="GetUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:ReturnDeletedUsers>$(b2s($ReturnDeletedUsers))</b:ReturnDeletedUsers> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get individual user function Get-User { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(ParameterSetName='ByObjectId',Mandatory=$True)] $ObjectId, [Parameter(ParameterSetName='ByUPN',Mandatory=$True)] $UserPrincipalName, [Parameter(ParameterSetName='ByLiveID',Mandatory=$True)] $LiveID, [Parameter(Mandatory=$False)] [Boolean]$ReturnDeletedUsers=$False ) Process { if($ObjectId -ne $null) { return Get-UserByObjectId -AccessToken $AccessToken -ObjectId $ObjectId -ReturnDeletedUsers $ReturnDeletedUsers } elseif($UserPrincipalName -ne $null) { return Get-UserByUpn -AccessToken $AccessToken -UserPrincipalName $UserPrincipalName -ReturnDeletedUsers $ReturnDeletedUsers } elseif($LiveID -ne $null) { return Get-UserByLiveId -AccessToken $AccessToken -LiveId $LiveID } } } # Remove user function Remove-User { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(ParameterSetName='ByObjectId',Mandatory=$True)] $ObjectId, [Parameter(ParameterSetName='ByUPN',Mandatory=$True)] $UserPrincipalName, [Parameter(Mandatory=$False)] [Boolean]$RemoveFromRecycleBin=$False ) Process { if($ObjectId -ne $null) { return Remove-UserByObjectId -AccessToken $AccessToken -ObjectId $ObjectId -RemoveFromRecycleBin $RemoveFromRecycleBin } elseif($UserPrincipalName -ne $null) { return Remove-UserByUpn -AccessToken $AccessToken -UserPrincipalName $UserPrincipalName -RemoveFromRecycleBin $RemoveFromRecycleBin } } } # Get-ServicePrincipals function Get-ServicePrincipals2 { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ServicePrincipalSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] $SortField="DisplayName" ) Process { $command="ListServicePrincipals" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipalSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> </b:ServicePrincipalSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # Return $results.Results.ServicePrincipal } } # Add-ForeignGroupToRole # Oct 19th 2018 function Add-ForeignGroupToRole { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] $RoleObjectId, [Parameter(Mandatory=$True)] $ForeignCompanyObjectId, [Parameter(Mandatory=$True)] $ForeignGroupObjectId ) Process { $command="AddForeignGroupToRole" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" $(Add-BElement -Parameter "RoleObjectId" -Value $RoleObjectId) $(Add-BElement -Parameter "ForeignCompanyObjectId" -Value $ForeignCompanyObjectId) $(Add-BElement -Parameter "ForeignGroupObjectId" -Value $ForeignGroupObjectId) "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Restore-User function Restore-User { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] [string]$NewUserPrincipalName, [Parameter(Mandatory=$False)] [Boolean]$AutoReconcileProxyConflicts ) Process { $command="RestoreUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:NewUserPrincipalName i:nil="true"/> <b:AutoReconcileProxyConflicts i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-CompanyPasswordSyncEnabled function Set-CompanyPasswordSyncEnabled { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$EnablePasswordSync ) Process { $command="SetCompanyPasswordSyncEnabled" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:EnablePasswordSync i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Restore-UserByUpn function Restore-UserByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$UserPrincipalName, [Parameter(Mandatory=$False)] [string]$NewUserPrincipalName, [Parameter(Mandatory=$False)] [Boolean]$AutoReconcileProxyConflicts ) Process { $command="RestoreUserByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName i:nil="true"/> <b:NewUserPrincipalName i:nil="true"/> <b:AutoReconcileProxyConflicts i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Msol-Connect function Msol-Connect { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$UpdateAvailable ) Process { $command="MsolConnect" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UpdateAvailable i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-GroupMembers function Get-GroupMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $GroupMemberSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $GroupObjectId, [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $MemberObjectTypes ) Process { $command="ListGroupMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:GroupMemberSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:GroupObjectId i:nil="true"/> <c:IncludedProperties i:nil="true"/> <c:MemberObjectTypes i:nil="true"/> </b:GroupMemberSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipalCredentialsByAppPrincipalId function Remove-ServicePrincipalCredentialsByAppPrincipalId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore, [Parameter(Mandatory=$False)] $AppPrincipalId, [Parameter(Mandatory=$False)] $KeyIds ) Process { $command="RemoveServicePrincipalCredentialsByAppPrincipalId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:MsodsAsKeyStore i:nil="true"/> <b:AppPrincipalId i:nil="true"/> <b:KeyIds i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-DomainAuthentication function Set-DomainAuthentication { [cmdletbinding()] Param( <# [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Authentication, [Parameter(Mandatory=$False)] [string]$DomainName #> [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$DomainName, [Parameter(Mandatory=$False)] [string]$ActiveLogOnUri, [Parameter(Mandatory=$False)] [string]$DefaultInteractiveAuthenticationMethod, [Parameter(Mandatory=$False)] [string]$FederationBrandName, [Parameter(Mandatory=$False)] [string]$IssuerUri, [Parameter(Mandatory=$False)] [string]$LogOffUri, [Parameter(Mandatory=$False)] [string]$MetadataExchangeUri, [Parameter(Mandatory=$False)] [string]$NextSigningCertificate, [Parameter(Mandatory=$False)] [string]$OpenIdConnectDiscoveryEndpoint, [Parameter(Mandatory=$False)] [string]$PassiveLogOnUri, [Parameter(Mandatory=$False)] [string]$PasswordChangeUri, [Parameter(Mandatory=$False)] [string]$PasswordResetUri, [Parameter(Mandatory=$False)] [validateset("WsFed","SAMLP")] [string]$PreferredAuthenticationProtocol="WsFed", [Parameter(Mandatory=$False)] [string]$PromptLoginBehavior, [Parameter(Mandatory=$False)] [string]$SigningCertificate, [Parameter(Mandatory=$False)] [string]$SigningCertificateUpdateStatus, [Parameter(Mandatory=$True)] [validateset("Federated","Managed")] [string]$Authentication, [Parameter(Mandatory=$False)] [boolean]$SupportsMfa=$false ) Process { $command="SetDomainAuthentication" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" $(Add-BElement -Parameter "Authentication" -Value $Authentication) $(Add-BElement -Parameter "DomainName" -Value $DomainName) $( if($Authentication -eq "Federated") { '<b:FederationSettings xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration">' $(Add-CElement -Parameter "ActiveLogonUri" -Value $ActiveLogOnUri) $(Add-CElement -Parameter "DefaultInteractiveAuthenticationMethod" -Value $DefaultInteractiveAuthenticationMethod) $(Add-CElement -Parameter "FederationBrandName" -Value $FederationBrandName) $(Add-CElement -Parameter "IssuerUri" -Value $IssuerUri) $(Add-CElement -Parameter "LogOffUri" -Value $LogOffUri) $(Add-CElement -Parameter "MetadataExchangeUri" -Value $MetadataExchangeUri) $(Add-CElement -Parameter "NextSigningCertificate" -Value $NextSigningCertificate) $(Add-CElement -Parameter "OpenIdConnectDiscoveryEndpoint" -Value $OpenIdConnectDiscoveryEndpoint) $(Add-CElement -Parameter "PassiveLogOnUri" -Value $PassiveLogOnUri) $(Add-CElement -Parameter "PasswordChangeUri" -Value $PasswordChangeUri) $(Add-CElement -Parameter "PasswordResetUri" -Value $PasswordResetUri) $(Add-CElement -Parameter "PreferredAuthenticationProtocol" -Value $PreferredAuthenticationProtocol) $(Add-CElement -Parameter "PromptLoginBehavior" -Value $PromptLoginBehavior) $(Add-CElement -Parameter "SigningCertificate" -Value $SigningCertificate) $(Add-CElement -Parameter "SigningCertificateUpdateStatus" -Value $SigningCertificateUpdateStatus) $(Add-CElement -Parameter "SupportsMfa" -Value $SupportsMfa) '</b:FederationSettings>' } else { '<b:FederationSettings i:nil="true"/>' } ) "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-RoleScopedMembers function Remove-RoleScopedMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $RoleMembers, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId, [Parameter(Mandatory=$False)] $RoleObjectId ) Process { $command="RemoveRoleScopedMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleMembers i:nil="true"/> <b:AdministrativeUnitObjectId i:nil="true"/> <b:RoleObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Get-CompanyInformation function Get-CompanyInformation { <# .SYNOPSIS Get company information .DESCRIPTION Get company information as XML document using Provisioning API .Parameter AccessToken Access Token .EXAMPLE Get-AADIntCompanyInformation AllowAdHocSubscriptions : true AllowEmailVerifiedUsers : true AuthorizedServiceInstances : AuthorizedServiceInstances AuthorizedServices : City : CompanyDeletionStartTime : CompanyTags : CompanyTags CompanyType : CompanyTenant CompassEnabled : Country : CountryLetterCode : US DapEnabled : DefaultUsageLocation : DirSyncAnchorAttribute : mS-DS-ConsistencyGuid DirSyncApplicationType : 1651564e-7ce4-4d99-88be-0a65050d8dc3 DirSyncClientMachineName : SERVER DirSyncClientVersion : 1.4.38.0 DirSyncServiceAccount : Sync_SERVER1_xxxxxxxxxxx@company.onmicrosoft.com DirectorySynchronizationEnabled : true DirectorySynchronizationStatus : Enabled DisplayName : Company Ltd InitialDomain : company.onmicrosoft.com LastDirSyncTime : 2020-08-03T15:29:34Z LastPasswordSyncTime : 2020-08-03T15:09:07Z MarketingNotificationEmails : MultipleDataLocationsForServicesEnabled : ObjectId : 527e940d-2526-483b-82a9-d5b6bf6cc165 PasswordSynchronizationEnabled : true PortalSettings : PortalSettings PostalCode : PreferredLanguage : en ReleaseTrack : FirstRelease ReplicationScope : NA RmsViralSignUpEnabled : true SecurityComplianceNotificationEmails : SecurityComplianceNotificationPhones : SelfServePasswordResetEnabled : true ServiceInformation : ServiceInformation ServiceInstanceInformation : ServiceInstanceInformation State : Street : SubscriptionProvisioningLimited : false TechnicalNotificationEmails : TechnicalNotificationEmails TelephoneNumber : 1324567890 UIExtensibilityUris : UsersPermissionToCreateGroupsEnabled : true UsersPermissionToCreateLOBAppsEnabled : true UsersPermissionToReadOtherUsersEnabled : true UsersPermissionToUserConsentToAppEnabled : true WhenCreated : 2019-07-14T07:03:20Z #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [String]$TenantId ) Process { $command="GetCompanyInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ReturnValue i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements -TenantId $TenantId) # Get the results $results = Parse-SOAPResponse($Response) # Return $results } } # Autogenerated Sep 23rd 2018 # Add-ServicePrincipalCredentialsBySpn function Add-ServicePrincipalCredentialsBySpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ServicePrincipalName, [Parameter(Mandatory=$False)] $Credentials, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore ) Process { $command="AddServicePrincipalCredentialsBySpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipalName i:nil="true"/> <b:Credentials i:nil="true"/> <b:MsodsAsKeyStore i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Delete-ApplicationPassword function Delete-ApplicationPassword { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$PasswordId, [Parameter(Mandatory=$False)] [string]$UserPrincipalName ) Process { $command="DeleteApplicationPassword" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PasswordId i:nil="true"/> <b:UserPrincipalName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Retry-GroupProvisioning function Retry-GroupProvisioning { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RetryGroupProvisioning" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ServicePrincipalCredentialsBySpn function Remove-ServicePrincipalCredentialsBySpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$ServicePrincipalName, [Parameter(Mandatory=$False)] $KeyIds, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore ) Process { $command="RemoveServicePrincipalCredentialsBySpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ServicePrincipalName i:nil="true"/> <b:KeyIds i:nil="true"/> <b:MsodsAsKeyStore i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-RolesForUserByUpn function Get-RolesForUserByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$UserPrincipalName ) Process { $command="ListRolesForUserByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Update-DirSyncProvisioningError function Update-DirSyncProvisioningError { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="UpdateDirSyncProvisioningError" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-User function New-User { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $LicenseOptions, [Parameter(Mandatory=$False)] $AlternateEmailAddresses, [Parameter(Mandatory=$False)] $AlternateMobilePhones, [Parameter(Mandatory=$False)] $AlternativeSecurityIds, [Parameter(Mandatory=$False)] $BlockCredential, [Parameter(Mandatory=$False)] $City, [Parameter(Mandatory=$False)] $CloudExchangeRecipientDisplayType, [Parameter(Mandatory=$False)] $Country, [Parameter(Mandatory=$False)] $Department, [Parameter(Mandatory=$False)] $DirSyncProvisioningErrors, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $Errors, [Parameter(Mandatory=$False)] $Fax, [Parameter(Mandatory=$False)] $FirstName, [Parameter(Mandatory=$False)] $ImmutableId, [Parameter(Mandatory=$False)] $IndirectLicenseErrors, [Parameter(Mandatory=$False)] $IsBlackberryUser, [Parameter(Mandatory=$False)] $IsLicensed, [Parameter(Mandatory=$False)] $LastDirSyncTime, [Parameter(Mandatory=$False)] $LastName, [Parameter(Mandatory=$False)] $LastPasswordChangeTimestamp, [Parameter(Mandatory=$False)] $LicenseAssignmentDetails, [Parameter(Mandatory=$False)] $LicenseReconciliationNeeded, [Parameter(Mandatory=$False)] $Licenses, [Parameter(Mandatory=$False)] $LiveId, [Parameter(Mandatory=$False)] $MSExchRecipientTypeDetails, [Parameter(Mandatory=$False)] $MSRtcSipDeploymentLocator, [Parameter(Mandatory=$False)] $MSRtcSipPrimaryUserAddress, [Parameter(Mandatory=$False)] $MobilePhone, [Parameter(Mandatory=$False)] $OathTokenMetadata, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $Office, [Parameter(Mandatory=$False)] $OverallProvisioningStatus, [Parameter(Mandatory=$False)] $PasswordNeverExpires, [Parameter(Mandatory=$False)] $PasswordResetNotRequiredDuringActivate, [Parameter(Mandatory=$False)] $PhoneNumber, [Parameter(Mandatory=$False)] $PortalSettings, [Parameter(Mandatory=$False)] $PostalCode, [Parameter(Mandatory=$False)] $PreferredDataLocation, [Parameter(Mandatory=$False)] $PreferredLanguage, [Parameter(Mandatory=$False)] $ProxyAddresses, [Parameter(Mandatory=$False)] $ReleaseTrack, [Parameter(Mandatory=$False)] $ServiceInformation, [Parameter(Mandatory=$False)] $SignInName, [Parameter(Mandatory=$False)] $SoftDeletionTimestamp, [Parameter(Mandatory=$False)] $State, [Parameter(Mandatory=$False)] $StreetAddress, [Parameter(Mandatory=$False)] $StrongAuthenticationMethods, [Parameter(Mandatory=$False)] $StrongAuthenticationPhoneAppDetails, [Parameter(Mandatory=$False)] $StrongAuthenticationProofupTime, [Parameter(Mandatory=$False)] $StrongAuthenticationRequirements, [Parameter(Mandatory=$False)] $StrongAuthenticationUserDetails, [Parameter(Mandatory=$False)] $StrongPasswordRequired, [Parameter(Mandatory=$False)] $StsRefreshTokensValidFrom, [Parameter(Mandatory=$False)] $Title, [Parameter(Mandatory=$False)] $UsageLocation, [Parameter(Mandatory=$False)] $UserLandingPageIdentifierForO365Shell, [Parameter(Mandatory=$False)] $UserPrincipalName, [Parameter(Mandatory=$False)] $UserThemeIdentifierForO365Shell, [ValidateSet('Other','Member','Guest','Viral')] $UserType="Other", [ValidateSet('NotAvailable','Healthy','Error')] $ValidationStatus="NotAvailable", [Parameter(Mandatory=$False)] $WhenCreated, [Parameter(Mandatory=$False)] $LicenseAssignment, [Parameter(Mandatory=$False)] $DisabledServicePlans, [Parameter(Mandatory=$False)] $Error, [Parameter(Mandatory=$False)] $ReferencedObjectId, [Parameter(Mandatory=$False)] $Status, [Parameter(Mandatory=$False)] [Boolean]$ForceChangePassword, [Parameter(Mandatory=$False)] [string]$Password ) Process { $command="AddUser" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ForceChangePassword i:nil="true"/> <b:LicenseAssignment i:nil="true" xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"/> <b:LicenseOptions i:nil="true" xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"/> <b:Password i:nil="true"/> <b:User xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:AlternateEmailAddresses i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> <c:AlternateMobilePhones i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> <c:AlternativeSecurityIds i:nil="true"/> <c:BlockCredential i:nil="true"/> <c:City i:nil="true"/> <c:CloudExchangeRecipientDisplayType i:nil="true"/> <c:Country i:nil="true"/> <c:Department i:nil="true"/> <c:DirSyncProvisioningErrors i:nil="true"/> <c:DisplayName>$DisplayName</c:DisplayName> <c:Errors i:nil="true"/> <c:Fax i:nil="true"/> <c:FirstName i:nil="true"/> <c:ImmutableId i:nil="true"/> <c:IndirectLicenseErrors i:nil="true"/> <c:IsBlackberryUser i:nil="true"/> <c:IsLicensed i:nil="true"/> <c:LastDirSyncTime i:nil="true"/> <c:LastName i:nil="true"/> <c:LastPasswordChangeTimestamp i:nil="true"/> <c:LicenseAssignmentDetails i:nil="true"/> <c:LicenseReconciliationNeeded i:nil="true"/> <c:Licenses i:nil="true"/> <c:LiveId i:nil="true"/> <c:MSExchRecipientTypeDetails i:nil="true"/> <c:MSRtcSipDeploymentLocator i:nil="true"/> <c:MSRtcSipPrimaryUserAddress i:nil="true"/> <c:MobilePhone i:nil="true"/> <c:ObjectId i:nil="true"/> <c:Office i:nil="true"/> <c:OverallProvisioningStatus>None</c:OverallProvisioningStatus> <c:PasswordNeverExpires i:nil="true"/> <c:PasswordResetNotRequiredDuringActivate i:nil="true"/> <c:PhoneNumber i:nil="true"/> <c:PortalSettings i:nil="true"/> <c:PostalCode i:nil="true"/> <c:PreferredDataLocation i:nil="true"/> <c:PreferredLanguage i:nil="true"/> <c:ProxyAddresses i:nil="true" xmlns:d="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/> <c:ReleaseTrack i:nil="true"/> <c:ServiceInformation i:nil="true"/> <c:SignInName i:nil="true"/> <c:SoftDeletionTimestamp i:nil="true"/> <c:State i:nil="true"/> <c:StreetAddress i:nil="true"/> <c:StrongAuthenticationMethods i:nil="true"/> <c:StrongAuthenticationPhoneAppDetails i:nil="true"/> <c:StrongAuthenticationProofupTime i:nil="true"/> <c:StrongAuthenticationRequirements i:nil="true"/> <c:StrongAuthenticationUserDetails i:nil="true"/> <c:StrongPasswordRequired i:nil="true"/> <c:StsRefreshTokensValidFrom i:nil="true"/> <c:Title i:nil="true"/> <c:UsageLocation i:nil="true"/> <c:UserLandingPageIdentifierForO365Shell i:nil="true"/> <c:UserPrincipalName>$UserPrincipalName</c:UserPrincipalName> <c:UserThemeIdentifierForO365Shell i:nil="true"/> <c:UserType i:nil="true"/> <c:ValidationStatus i:nil="true"/> <c:WhenCreated i:nil="true"/> </b:User> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Change-UserPrincipalNameByUpn function Change-UserPrincipalNameByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$UserPrincipalName, [Parameter(Mandatory=$False)] [string]$ImmutableId, [Parameter(Mandatory=$False)] [string]$NewUserPrincipalName, [Parameter(Mandatory=$False)] [string]$NewPassword ) Process { $command="ChangeUserPrincipalNameByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName i:nil="true"/> <b:ImmutableId i:nil="true"/> <b:NewUserPrincipalName i:nil="true"/> <b:NewPassword i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-CompanyContactInformation function Set-CompanyContactInformation { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $TechnicalNotificationEmails, [Parameter(Mandatory=$False)] $MarketingNotificationEmails ) Process { $command="SetCompanyContactInformation" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:TechnicalNotificationEmails i:nil="true"/> <b:MarketingNotificationEmails i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-AdministrativeUnit function Set-AdministrativeUnit { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnit, [Parameter(Mandatory=$False)] $Description, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="SetAdministrativeUnit" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnit xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:Description i:nil="true"/> <c:DisplayName i:nil="true"/> <c:ObjectId i:nil="true"/> </b:AdministrativeUnit> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-RoleMembersByRoleName function Add-RoleMembersByRoleName { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$RoleName, [Parameter(Mandatory=$False)] $RoleMembers ) Process { $command="AddRoleMembersByRoleName" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleName i:nil="true"/> <b:RoleMembers i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-UserByLiveId function Get-UserByLiveId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$True)] [string]$LiveId ) Process { $command="GetUserByLiveId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:LiveId>$LiveId</b:LiveId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-AdministrativeUnitMembers function Get-AdministrativeUnitMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnitMemberSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId, [Parameter(Mandatory=$False)] $IncludedProperties ) Process { $command="ListAdministrativeUnitMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnitMemberSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:AdministrativeUnitObjectId i:nil="true"/> <c:IncludedProperties i:nil="true"/> </b:AdministrativeUnitMemberSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-AdministrativeUnitMembers function Remove-AdministrativeUnitMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AdministrativeUnitMembers, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId ) Process { $command="RemoveAdministrativeUnitMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AdministrativeUnitMembers i:nil="true"/> <b:AdministrativeUnitObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Retry-ContactProvisioning function Retry-ContactProvisioning { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RetryContactProvisioning" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-AccidentalDeletionThreshold function Set-AccidentalDeletionThreshold { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AccidentalDeletionThreshold ) Process { $command="SetAccidentalDeletionThreshold" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AccidentalDeletionThreshold i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-ForeignGroupFromRole function Remove-ForeignGroupFromRole { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $RoleObjectId, [Parameter(Mandatory=$False)] $ForeignCompanyObjectId, [Parameter(Mandatory=$False)] $ForeignGroupObjectId ) Process { $command="RemoveForeignGroupFromRole" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleObjectId i:nil="true"/> <b:ForeignCompanyObjectId i:nil="true"/> <b:ForeignGroupObjectId i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Set-UserLicenses function Set-UserLicenses { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $AddLicenses, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $RemoveLicenses, [Parameter(Mandatory=$False)] $LicenseOptions ) Process { $command="SetUserLicenses" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:AddLicenses i:nil="true"/> <b:ObjectId>$ObjectId</b:ObjectId> <b:RemoveLicenses i:nil="true"/> <b:LicenseOptions i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-RoleScopedMembers function Get-RoleScopedMembers { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $RoleMemberSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $MemberObjectTypes, [Parameter(Mandatory=$False)] $RoleObjectId ) Process { $command="ListRoleScopedMembers" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:RoleMemberSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:IncludedProperties i:nil="true"/> <c:MemberObjectTypes i:nil="true"/> <c:RoleObjectId i:nil="true"/> </b:RoleMemberSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Remove-Group function Remove-Group { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="RemoveGroup" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-WellKnownGroup function Add-WellKnownGroup { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$WellKnownGroupName ) Process { $command="AddWellKnownGroup" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:WellKnownGroupName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-UsersByStrongAuthentication function Get-UsersByStrongAuthentication { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $UserSearchDefinition, [Parameter(Mandatory=$False)] [int]$PageSize=500, [Parameter(Mandatory=$False)] [string]$SearchString, [ValidateSet('Ascending','Descending')] [string]$SortDirection="Ascending", [ValidateSet('DisplayName','UserPrincipalName','None')] [string]$SortField="None", [Parameter(Mandatory=$False)] $AccountSku, [Parameter(Mandatory=$False)] $AdministrativeUnitObjectId, [Parameter(Mandatory=$False)] $BlackberryUsersOnly, [Parameter(Mandatory=$False)] $City, [Parameter(Mandatory=$False)] $Country, [Parameter(Mandatory=$False)] $Department, [Parameter(Mandatory=$False)] $DomainName, [Parameter(Mandatory=$False)] $EnabledFilter, [Parameter(Mandatory=$False)] $HasErrorsOnly, [Parameter(Mandatory=$False)] $IncludedProperties, [Parameter(Mandatory=$False)] $IndirectLicenseFilter, [Parameter(Mandatory=$False)] $LicenseReconciliationNeededOnly, [Parameter(Mandatory=$False)] $ReturnDeletedUsers, [Parameter(Mandatory=$False)] $State, [Parameter(Mandatory=$False)] $Synchronized, [Parameter(Mandatory=$False)] $Title, [Parameter(Mandatory=$False)] $UnlicensedUsersOnly, [Parameter(Mandatory=$False)] $UsageLocation ) Process { $command="ListUsersByStrongAuthentication" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserSearchDefinition xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:PageSize>$PageSize</c:PageSize> <c:SearchString i:nil="true"/> <c:SortDirection>$SortDirection</c:SortDirection> <c:SortField>$SortField</c:SortField> <c:AccountSku i:nil="true"/> <c:AdministrativeUnitObjectId i:nil="true"/> <c:BlackberryUsersOnly i:nil="true"/> <c:City i:nil="true"/> <c:Country i:nil="true"/> <c:Department i:nil="true"/> <c:DomainName i:nil="true"/> <c:EnabledFilter i:nil="true"/> <c:HasErrorsOnly i:nil="true"/> <c:IncludedProperties i:nil="true"/> <c:IndirectLicenseFilter i:nil="true"/> <c:LicenseReconciliationNeededOnly i:nil="true"/> <c:ReturnDeletedUsers i:nil="true"/> <c:State i:nil="true"/> <c:Synchronized i:nil="true"/> <c:Title i:nil="true"/> <c:UnlicensedUsersOnly i:nil="true"/> <c:UsageLocation i:nil="true"/> </b:UserSearchDefinition> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-Group function Add-Group { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Group, [Parameter(Mandatory=$False)] $AssignedLicenses, [Parameter(Mandatory=$False)] $CommonName, [Parameter(Mandatory=$False)] $Description, [Parameter(Mandatory=$False)] $DirSyncProvisioningErrors, [Parameter(Mandatory=$False)] $DisplayName, [Parameter(Mandatory=$False)] $EmailAddress, [Parameter(Mandatory=$False)] $Errors, [Parameter(Mandatory=$False)] $GroupLicenseProcessingDetail, [ValidateSet('DistributionList','Security','MailEnabledSecurity')] $GroupType="DistributionList", [Parameter(Mandatory=$False)] $IsSystem, [Parameter(Mandatory=$False)] $LastDirSyncTime, [Parameter(Mandatory=$False)] $Licenses, [Parameter(Mandatory=$False)] $ManagedBy, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $ProxyAddresses, [ValidateSet('NotAvailable','Healthy','Error')] $ValidationStatus="NotAvailable" ) Process { $command="AddGroup" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Group xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> <c:AssignedLicenses i:nil="true"/> <c:CommonName i:nil="true"/> <c:Description i:nil="true"/> <c:DirSyncProvisioningErrors i:nil="true"/> <c:DisplayName i:nil="true"/> <c:EmailAddress i:nil="true"/> <c:Errors i:nil="true"/> <c:GroupLicenseProcessingDetail i:nil="true"/> <c:GroupType i:nil="true"/> <c:IsSystem i:nil="true"/> <c:LastDirSyncTime i:nil="true"/> <c:Licenses i:nil="true"/> <c:ManagedBy i:nil="true"/> <c:ObjectId i:nil="true"/> <c:ProxyAddresses i:nil="true"/> <c:ValidationStatus i:nil="true"/> </b:Group> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-ServicePrincipalCredentials function Add-ServicePrincipalCredentials { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId, [Parameter(Mandatory=$False)] $Credentials, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore ) Process { $command="AddServicePrincipalCredentials" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> <b:Credentials i:nil="true"/> <b:MsodsAsKeyStore i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-GroupResults function Navigate-GroupResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateGroupResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Navigate-GroupMemberResults function Navigate-GroupMemberResults { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $PageToNavigate, [Parameter(Mandatory=$False)] $ListContext ) Process { $command="NavigateGroupMemberResults" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:PageToNavigate i:nil="true"/> <b:ListContext i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Reset-StrongAuthenticationMethodByUpn function Reset-StrongAuthenticationMethodByUpn { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$UserPrincipalName ) Process { $command="ResetStrongAuthenticationMethodByUpn" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:UserPrincipalName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-ServicePrincipalCredentialsByAppPrincipalId function Add-ServicePrincipalCredentialsByAppPrincipalId { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $Credentials, [Parameter(Mandatory=$False)] $AppPrincipalId, [Parameter(Mandatory=$False)] [Boolean]$MsodsAsKeyStore ) Process { $command="AddServicePrincipalCredentialsByAppPrincipalId" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Credentials i:nil="true"/> <b:AppPrincipalId i:nil="true"/> <b:MsodsAsKeyStore i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-Group function Get-Group { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ObjectId ) Process { $command="GetGroup" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ObjectId>$ObjectId</b:ObjectId> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-PasswordPolicy function Get-PasswordPolicy { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="GetPasswordPolicy" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DomainName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Add-Domain function New-Domain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ForceTakeover, [Parameter(Mandatory=$False)] $Domain, [Parameter(Mandatory=$False)] [ValidateSet('Managed','Federated')] $Authentication, [Parameter(Mandatory=$False)] $Capabilities, [Parameter(Mandatory=$False)] $IsDefault, [Parameter(Mandatory=$False)] $IsInitial, [Parameter(Mandatory=$False)] $Name, [Parameter(Mandatory=$False)] $RootDomain, [Parameter(Mandatory=$False)] $Status, [Parameter(Mandatory=$False)] $VerificationMethod ) Process { $command="AddDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:Domain xmlns:c="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration"> $(Add-CElement -Parameter "Authentication" -Value $Authentication) <c:Authentication i:nil="true"/> <c:Capabilities i:nil="true"/> <c:IsDefault i:nil="true"/> <c:IsInitial i:nil="true"/> $(Add-CElement -Parameter "Name" -Value $Name) <c:RootDomain i:nil="true"/> <c:Status i:nil="true"/> <c:VerificationMethod i:nil="true"/> </b:Domain> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Get-HeaderInfo function Get-HeaderInfo { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] $ClientVersionHeader, [Parameter(Mandatory=$False)] [string]$IdentityHeaderName, [Parameter(Mandatory=$False)] $ContractVersionHeader, [Parameter(Mandatory=$False)] [string]$TrackingHeaderName, [Parameter(Mandatory=$False)] [string]$HeaderNameSpace, [Parameter(Mandatory=$False)] $TrackingHeader, [Parameter(Mandatory=$False)] [string]$ContractVersionHeaderName, [Parameter(Mandatory=$False)] $ContextHeader, [Parameter(Mandatory=$False)] $ReturnValue, [Parameter(Mandatory=$False)] [string]$ClientVersionHeaderName, [Parameter(Mandatory=$False)] [string]$ContextHeaderName ) Process { $command="GetHeaderInfo" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:ClientVersionHeader i:nil="true"> <b:IdentityHeaderName i:nil="true"/> <b:ContractVersionHeader i:nil="true"/> <b:TrackingHeaderName i:nil="true"/> <b:HeaderNameSpace i:nil="true"/> <b:TrackingHeader i:nil="true"/> <b:ContractVersionHeaderName i:nil="true"/> <b:ContextHeader i:nil="true"/> <b:ReturnValue i:nil="true"/> <b:ClientVersionHeaderName i:nil="true"/> <b:ContextHeaderName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Autogenerated Sep 23rd 2018 # Verify-EmailVerifiedDomain function Verify-EmailVerifiedDomain { [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken, [Parameter(Mandatory=$False)] [string]$DomainName ) Process { $command="VerifyEmailVerifiedDomain" # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Create the body for getting users $request_elements=@" <b:DomainName i:nil="true"/> "@ # Create the envelope and call the API $response=Call-ProvisioningAPI(Create-Envelope $AccessToken $command $request_elements) # Get the results $results = Parse-SOAPResponse($Response) # TODO: do something with results $results } } # Gets SharePoint Service Information function Get-SPOServiceInformation { <# .SYNOPSIS Get SharePoint Online service information. .DESCRIPTION Get SharePoint Online service information. .Parameter AccessToken Access Token .Example PS C:\>Get-AADIntSPOServiceInformation CreatedOn : 6/26/2018 11:16:12 AM ServiceInformation_LastChangeDate : 9/27/2018 3:48:29 PM EnableOneDriveforSuiteUsers : False InstanceId : 13f137d4-1920-4174-8b37-d87acec0228a LastModifiedOn : 9/27/2018 3:52:16 PM OfficeGraphUrl : https://company-my.sharepoint.com/_layouts/15/me.aspx RootAdminUrl : https://company-admin.sharepoint.com/ RootIWSPOUrl : https://company-my.sharepoint.com/ SPO_LegacyPublicWebSiteEditPage : Pages/Forms/AllItems.aspx SPO_LegacyPublicWebSitePublicUrl : SPO_LegacyPublicWebSiteUrl : SPO_MySiteHostUrl : https://company-my.sharepoint.com/ SPO_MySiteHost_AboutMeUrl : https://company-my.sharepoint.com/person.aspx SPO_MySiteHost_DocumentsUrl : https://company-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments SPO_MySiteHost_NewsFeedUrl : https://company-my.sharepoint.com/default.aspx SPO_MySiteHost_ProjectSiteUrl : https://company-my.sharepoint.com/_layouts/15/MyProjects.aspx SPO_MySiteHost_SitesUrl : https://company-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllSites SPO_PublicWebSitePublicUrl : SPO_PublicWebSiteUrl : NotSupported SPO_RegionalRootSiteUrl : https://company.sharepoint.com/ SPO_RootSiteUrl : https://company.sharepoint.com/ SPO_TenantAdminUrl : https://company-admin.sharepoint.com/ SPO_TenantAdmin_CreateSiteCollectionUrl : https://company-admin.sharepoint.com/_layouts/15/online/CreateSiteFull.aspx SPO_TenantAdmin_ProjectAdminUrl : https://company-admin.sharepoint.com/ SPO_TenantAdmin_ViewSiteCollectionsUrl : https://company-admin.sharepoint.com/ SPO_TenantUpgradeUrl : https://company-admin.sharepoint.com/ ShowSites_InitialVisibility : True ShowSkyDrivePro_InitialVisibility : True ShowYammerNewsFeed_InitialVisibility : True VideoPortalServerRelativeUrl : /portals/hub/_layouts/15/videohome.aspx #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Set variables $attributes=[ordered]@{} # Get service information and parse SPO data $ServiceInformation = Get-CompanyInformation -AccessToken $AccessToken if($ServiceInformation.ServiceInformation) { $service_info=Parse-ServiceInformation $ServiceInformation.ServiceInformation foreach($name in $service_info.Keys) { if($name.toLower().StartsWith("sharepoint")) { $value=$service_info[$name] foreach($attribute in $value) { $attributes[$attribute.Name]=$attribute.Value } } } } # Return return New-Object -TypeName PSObject -Property $attributes } } # Gets Office 365 service location function Get-ServiceLocations { <# .SYNOPSIS Get service location information. .DESCRIPTION Get service location information. .Parameter AccessToken Access Token .Example PS C:\>Get-AADIntServiceLocations | Sort-Object Name | ft Region Instance Name State Country ------ -------- ---- ----- ------- EU EUGB01 AadAllTenantsNotifications GB NA NA003 AADPremiumService US EU Prod03 Adallom GB NA NA001 AzureAdvancedThreatAnalytics US NA NA033 BDM US NA * BecWSClients US NA NA001 Deskless US EU EU003 DirectoryToCosmos GB EU EURP154-001-01 exchange IE EU emea04-02 ExchangeOnlineProtection NL NA NA001 Metro US EU EMEA-1E-S2 MicrosoftCommunicationsOnline NL NA NorthAmerica1 MicrosoftOffice US NA NA001 MicrosoftStream US NA NA001 MultiFactorService US NA NA001 OfficeForms US NA NA001 PowerAppsService US EU EU001 PowerBI IR NA NA001 ProcessSimple US EU PROD_EU_Org_Ring_140 ProjectWorkManagement NL EU EU RMSOnline NL EU PROD_MSUB01_02 SCO IE EU SPOS1265 SharePoint NL NA NA002 SMIT US NA NA001 Sway US NA NA001 TeamspaceAPI US NA NA001 To-Do US NA NA003 YammerEnterprise US #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Get service information $ServiceInformation = Get-CompanyInformation -AccessToken $AccessToken # Loop through services and return a PS object foreach($service in $ServiceInformation.ServiceInstanceInformation.ServiceInstanceInformation) { $attributes=@{} $attributes["Name"] = $service.ServiceInstance.Split("/")[0] $attributes["Instance"] = $service.ServiceInstance.Split("/")[1] $attributes["Country"] = $service.GeographicLocation.Country $attributes["Region"] = $service.GeographicLocation.Region $attributes["State"] = $service.GeographicLocation.State # Return New-Object -TypeName PSObject -Property $attributes } } } # Gets company tags function Get-CompanyTags { <# .SYNOPSIS Get company tags. .DESCRIPTION Get company tags, such as tenant version and update status. .Parameter AccessToken Access Token .Example PS C:\>Get-AADIntCompanyTags azure.microsoft.com/azure=active o365.microsoft.com/startdate=635711754831829038 o365.microsoft.com/version=15 o365.microsoft.com/signupexperience=GeminiSignUpUI o365.microsoft.com/14to15UpgradeScheduled=True o365.microsoft.com/14to15UpgradeCompletedDate=04-16-2013 #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Get service information $ServiceInformation = Get-CompanyInformation -AccessToken $AccessToken # Return $ServiceInformation.CompanyTags.string } } # Gets service plans function Get-ServicePlans { <# .SYNOPSIS Get service plans. .DESCRIPTION Get service plans assigned to tenant. .Parameter AccessToken Access Token .Example PS C:\>Get-AADServicePlans | ft SKU ServicePlanId ServiceName ServiceType AssignedTimestamp CapabilityStatus ProvisioningStatus --- ------------- ----------- ----------- ----------------- ---------------- ------------------ ENTERPRISEPREMIUM b1188c4c-1b36-4018-b48b-ee07604f6feb PAM_ENTERPRISE Exchange 2018-09-27T15:47:45Z Enabled Success 76846ad7-7776-4c40-a281-a386362dd1b9 ProcessSimple 2018-09-27T15:47:25Z Deleted c87f142c-d1e9-4363-8630-aaea9c4d9ae5 To-Do 2018-09-27T15:47:24Z Deleted c68f8d98-5534-41c8-bf36-22fa496fa792 PowerAppsService 2018-09-27T15:47:25Z Deleted 9e700747-8b1d-45e5-ab8d-ef187ceec156 MicrosoftStream 2018-09-27T15:47:25Z Deleted 2789c901-c14e-48ab-a76a-be334d9d793a OfficeForms 2018-09-27T15:47:25Z Deleted ENTERPRISEPREMIUM 9f431833-0334-42de-a7dc-70aa40db46db LOCKBOX_ENTERPRISE Exchange 2018-08-27T05:46:50Z Enabled Success ENTERPRISEPREMIUM 3fb82609-8c27-4f7b-bd51-30634711ee67 BPOS_S_TODO_3 To-Do 2018-08-27T05:46:50Z Enabled Success ENTERPRISEPREMIUM 7547a3fe-08ee-4ccb-b430-5077c5041653 YAMMER_ENTERPRISE YammerEnterprise 2018-08-27T05:46:51Z Enabled Success #> [cmdletbinding()] Param( [Parameter(Mandatory=$False)] [String]$AccessToken ) Process { # Get from cache if not provided $AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "1b730954-1685-4b74-9bfd-dac224a7b894" -Resource "https://graph.windows.net" # Get service information $TenantInformation = Get-TenantDetails -AccessToken $AccessToken # Get SKUs $skus = Get-AccountSkus -AccessToken $AccessToken foreach($plan in $TenantInformation.assignedPlans) { $attributes = @{} $attributes.AssignedTimestamp = $plan.assignedTimestamp $attributes.CapabilityStatus = $plan.capabilityStatus $attributes.ServicePlanId = $plan.servicePlanId # Get info from sku $skuInfo = Get-SkuAndServiceName -SKUs $skus -ServicePlanId $plan.servicePlanId $attributes.SKU = $skuInfo.SkuName $attributes.ServiceType = $skuInfo.ServiceType $attributes.ServiceName = $skuInfo.ServiceName $attributes.ProvisioningStatus = $skuInfo.ProvisioningStatus # If or not attached to any sku or if deleted, no info in SKU if([string]::IsNullOrEmpty($attributes.ServiceType)) { $attributes.ServiceType = $plan.service } New-Object psobject -Property $attributes } } } |