Updated version of the ODFB shared files report PowerShell script

At the end of July, I published a “proof of concept” PowerShell script for generating a report of all shared files across all OneDrive for Business sites in the organization over at Practical 365. The script uses the Graph API to fetch a list of all files, then for each file checks the sharing status and list any corresponding permissions or sharing links.

As it usually happens with my PowerShell exercises, the script quickly grew past the “proof of concept” state, with additional functionalities added to address scenarios such as files being externally shared, enumerating files in subfolders and so on. Still, the solution was not intended to handle scenarios where you want to generate the report for hundreds or thousands of users, as it lacked proper error handling, and made no attempt to combat throttling or to even renew the access token, which by default expires after an hour.

So for my next version of the script, I’ve reworked it to detect token expiration and to try and renew it automatically where possible. I utilize the built-in ADAL mechanisms for that, so there is no need to store and reuse any refresh tokens, potentially creating a security issue. In addition, all the Graph calls are now wrapped in the Invoke-GraphApiRequest function, which not only checks for token expiration but introduces more robust error handling. This should make the script a bit more resilient, however you should not expect it to address all scenarios.

One other improvement I’ve made to the code is to filter out any Guest users. As pointed out in the original blog post, there is no way to list just the users that have OneDrive for Business sites via the Graph and instead certain workarounds can be used. The method I’ve chosen is to fetch a list of all users, then for each user check the presence of /drive/root resource. Because of the limited filtering capabilities of the Graph, this method will return a lot more objects than you’ll be interested in, and as pointed by one of our readers at Practical 365 those will include Guest users. Since Guest users don’t have OneDrive provisioned by default (you can toggle this via Set-SPOTenant -OneDriveForGuestsEnabled:$true and assigning a license), those can be excluded by adjusting the Graph query. This in turn should bring some improvements in terms of speed of the script execution.

Some other minor improvements were made, which don’t deserve any special mention. Without further ado, get the latest version of the script from the TechNet Gallery or GitHub.

5 thoughts on “Updated version of the ODFB shared files report PowerShell script

  1. Chas says:

    Hi Vasil,

    Is it possible to run this script against a single user, as opposed to all OneDrive users?

    A user can login to their own OneDrive and generate their own sharing report, but looks like as an admin we can’t run such a report?

    1. Vasil Michev says:

      Sure, just edit the corresponding part of the script to fetch a single user instead of all (lines 270-286)

  2. George says:

    I have a requirement where i want to generate a report of all active shared links(shared to both internal and external users) in all sites in SharePoint online tenant. Will your script be helpful to get this report?

    1. Vasil Michev says:

      The concept is the same, but you will have to obtain a list of sites and “feed” it to the main function. There isn’t a good way to do this via the Graph API, so use the SPO cmdlets or PnP module.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.