Updated version of the ODFB shared files report PowerShell script

At the end of July, I published a “proof of concept” PowerShell script for generating a report of all shared files across all OneDrive for Business sites in the organization over at Practical 365. The script uses the Graph API to fetch a list of all files, then for each file checks the sharing status and list any corresponding permissions or sharing links.

As it usually happens with my PowerShell exercises, the script quickly grew past the “proof of concept” state, with additional functionalities added to address scenarios such as files being externally shared, enumerating files in subfolders and so on. Still, the solution was not intended to handle scenarios where you want to generate the report for hundreds or thousands of users, as it lacked proper error handling, and made no attempt to combat throttling or to even renew the access token, which by default expires after an hour.

So for my next version of the script, I’ve reworked it to detect token expiration and to try and renew it automatically where possible. I utilize the built-in ADAL mechanisms for that, so there is no need to store and reuse any refresh tokens, potentially creating a security issue. In addition, all the Graph calls are now wrapped in the Invoke-GraphApiRequest function, which not only checks for token expiration but introduces more robust error handling. This should make the script a bit more resilient, however you should not expect it to address all scenarios.

One other improvement I’ve made to the code is to filter out any Guest users. As pointed out in the original blog post, there is no way to list just the users that have OneDrive for Business sites via the Graph and instead certain workarounds can be used. The method I’ve chosen is to fetch a list of all users, then for each user check the presence of /drive/root resource. Because of the limited filtering capabilities of the Graph, this method will return a lot more objects than you’ll be interested in, and as pointed by one of our readers at Practical 365 those will include Guest users. Since Guest users don’t have OneDrive provisioned by default (you can toggle this via Set-SPOTenant -OneDriveForGuestsEnabled:$true and assigning a license), those can be excluded by adjusting the Graph query. This in turn should bring some improvements in terms of speed of the script execution.

Some other minor improvements were made, which don’t deserve any special mention. Without further ado, get the latest version of the script from the TechNet Gallery or GitHub.

This entry was posted in Graph API, Office 365, PowerShell. Bookmark the permalink.

One Response to Updated version of the ODFB shared files report PowerShell script

  1. Pingback: Microsoft 365 Naujienos – Rugsėjo 17, 2019 [LT] – /w/root

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.