Script to Manage External Sharing Settings for OneDrive Personal Sites in Bulk

Here’s another script I developed for my customer and wanted to share here. This one is to manage the External Sharing settings for Onedrive for Business sites (my sites) for a Sharepoint online Tenant. I have published the script to Technet Gallery, it briefs on the instructions on how to use it and you can download it from there

Note: The Onedrive Personal site is created when the user first access it. To apply the External sharing settings, pre-provision the onedrive for users who has no onedrive site provisioned yet by using Request-SPOPersonalSite cmdlet

This my first ever work on sharepoint, the script and the walk-through below are based on my research and learning. Please feel free to correct me on any of it that's not accurate.

Walk-through of the Design:

I decided to re-use the UI I had created for the O365 License Assignment script, so I have less coding to do. Here's how the UI looks

[caption id="attachment_196" align="aligncenter" width="600"] OOFB External sharing Editor UI[/caption]

Some of the functionalities required for the tool were

  • Need to query for personal site and its properties with a user email address or UPN.
  • Option to query for all Onedrive Sites on a tenant and its properties
  • The tenant-level settings override any settings at the site collection level. Collect Tenant Level External Sharing settings and limit the User level with same or more restrictive than the Tenant level

The APIs that are available to query sharepoint online are as listed here

  • Microsoft Graph (preferred)
  • SharePoint CSOM
  • SharePoint REST API

SharePoint CSOM seem fit as I am using powershell code and I need to query for Tenant/User level External sharing settings and to modify the settings on User level.

I can use the Sharepoint Client cmdlets for most of the needs, but to query for Personal Site properties for an user, I will need to use the CSOM methods. Our Sharepoint expert  @brendankarl has provided the code I could use, on his blog .

But when legacy authentication ( LegacyAuthProtocolsEnabled ) is turned off, the CSOM methods just will not work and will throw errors

Exception calling "GetUserProfileByName" with "1" argument(s): "Server was unable to process request. ---> Attempted to perform an unauthorized operation."

  -and -

X-MSDAVEXT_Error: 917656; Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.

I started to explore Sharepoint PNP Cmdlets, they seem to work well with Modern authentication. Another advantage of using PNP cmdlets is, Connect-PnPOnline -UseWebLogin option can be used and with this I don’t have to prompt user for authentication twice. I had completed the script using the PNP and sharepoint client cmdlets.  But soon encountered this issue where not all Onedrive Sites are returned.

So, I had to fall back to the CSOM methods, but this time I need to create SPO ClientContext to support modern authentication and use it with Peoplemanager .

I used the Classes CookieReader and GetWebLoginClientContext from Sharepoint PNP modules to build the SPO client context without prompting for credentials to the user the second time. With this, I completed  the script and it did work well and faster than I expected.

I hope you find the script useful, please drop me a note for any suggestions or comments you may have.

Comments