我在使用新的 Microsoft API Graph 时遇到了一些问题。我在通用 Outlook 配置文件中有一个默认的联系人文件夹。我已经把它推送给我的所有用户了。每个人都有一个通用文件夹,里面有 530 个联系人。
现在的问题是更新它而不删除并重新启动,否则脚本执行时间长达14小时!
我已经看过API Graph Delta,但我不知道如何使用它,我对 powershell 是“新手”,所以 URI 请求和所有典型的事情都有点困难,有人能给我一个关于如何更新的例子吗一个包含我的默认文件夹的文件夹?剩下的我来做。
我编写了这个 powershell 代码,采用了互联网上第一个脚本的一部分,归功于Sean McAvinue
<#
Details: Graph / PowerShell Script t populate user contacts based on CSV input,
Please fully read and test any scripts before running in your production environment!
.SYNOPSIS
Populates mail contacts into user mailboxes from a CSV
.DESCRIPTION
Creates a new mail contact for each entry in the input CSV in the target mailbox.
.PARAMETER Mailbox
User Principal Name of target mailbox
.PARAMETER CSVPath
Full path to the input CSV
.PARAMETER ClientID
Application (Client) ID of the App Registration
.PARAMETER ClientSecret
Client Secret from the App Registration
.PARAMETER TenantID
Directory (Tenant) ID of the Azure AD Tenant
.EXAMPLE
.\graph-PopulateContactsFromCSV.ps1 -Mailbox $mailbox -ClientSecret $clientSecret -ClientID $clientID -TenantID $tenantID -CSVPath $csv
.Notes
For similar scripts check out the links below
Blog: https://seanmcavinue.net
GitHub: https://github.com/smcavinue
Twitter: @Sean_McAvinue
Linkedin: https://www.linkedin.com/in/sean-mcavinue-4a058874/
#>
#>
#################################################
####################FONCTIONS####################
#################################################
function GetGraphToken {
# Azure AD OAuth Application Token for Graph API
# Get OAuth token for a AAD Application (returned as $token)
<#
.SYNOPSIS
This function gets and returns a Graph Token using the provided details
.PARAMETER clientSecret
-is the app registration client secret
.PARAMETER clientID
-is the app clientID
.PARAMETER tenantID
-is the directory ID of the tenancy
#>
Param(
[parameter(Mandatory = $true)]
[String]
$ClientSecret,
[parameter(Mandatory = $true)]
[String]
$ClientID,
[parameter(Mandatory = $true)]
[String]
$TenantID
)
# Construct URI
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
# Construct Body
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
# Get OAuth 2.0 Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
# Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
return $token
}
function ImportContact {
<#
.SYNOPSIS
Imports contact into specified user mailbox
.DESCRIPTION
This function accepts an AAD token, user account and contact object and imports the contact into the users mailbox
.PARAMETER Mailbox
User Principal Name of target mailbox
.PARAMETER Contact
Contact object for processing
.PARAMETER Token
Access Token
#>
Param(
[parameter(Mandatory = $true)]
[String]
$Token,
[parameter(Mandatory = $true)]
[String]
$Mailbox,
[parameter(Mandatory = $true)]
[String]
$folder,
[parameter(Mandatory = $true)]
[PSCustomObject]
$contact
)
write-host "contactcompanyname $($contact.companyname)"
write-host $contact
#Creation de l'objet "contact"
$ContactObject = @"
{
"assistantName": "$($contact.assistantName)",
"businessHomePage": "$($contact.businessHomePage)",
"businessPhones": [
"$($contact.businessPhones)"
],
"displayName": "$($contact.displayName)",
"emailAddresses": [
{
"address": "$($contact.emailaddress)",
"name": "$($contact.displayname)"
}
],
"givenName": "$($contact.givenname)",
"middleName": "$($contact.middleName)",
"nickName": "$($contact.nickName)",
"surname": "$($contact.surname)",
"title": "$($contact.title)"
}
"@
write-host "contact object: $contactobject"
#Creation du token d'autentification pour chaque boite mail contenue dans cible.txt
foreach($mail in $CSVPath){
$apiUri = "https://graph.microsoft.com/v1.0/users/$person/contactFolders/$folderid/contacts"
write-host $apiuri
$NewContact = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)" } -ContentType 'application/json' -Body $contactobject -Uri $apiUri -Method Post)
return $NewContact
}
catch {
throw "Error creating contact $($contact.emailaddress) for $person $($_.Exception.Message)"
continue
}
}
##Import CSV
try {
$Contacts = import-csv $CSVPath -ErrorAction stop
}
catch {
throw "Erreur d'import CSV: $($_.Exception.Message)"
break
}
##Graph Token
Try {
$Token = GetGraphToken -ClientSecret $ClientSecret -ClientID $ClientID -TenantID $TenantID
}
catch {
throw "Erreur d'obtention de token"
break
}
##ProcessImport
foreach ($contact in $contacts) {
$NewContact = ImportContact -Mailbox $person -token $token -contact $contact -folder "Sync-Opac"
}
然后我的脚本,需要很多“如果”来定位错误并向同事演示。它对于第一次“大型”部署很有用。
<#
"----Installation --ET-- importation du module Pwsh Microsoft Graph pour executer le script---" -ForegroundColor red
"----------Processus LONG, patientez 10/15min------"
Install-module -Name Microsoft.Graph -verbose
Import-Module -Name Microsoft.Graph -verbose
#>
##Connexion###
$uri = "https://login.microsoftonline.com/4f232a97-8219-4450-9bec-410e6d0472d0/oauth2/v2.0/token"
#
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
#
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing -verbose
#
write-host "-------------Obtention & Conversion du token en cours...-------------" -ForegroundColor green
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
#
if ($? -eq $true){
write-host "-------------Token genere >> securisation en cours-------------" -ForegroundColor green
}
else{
write-host "-------------Erreur sur la recuperation du token-------------" -ForegroundColor red
break
}
$tokensecure = ConvertTo-SecureString -string $token -AsPlainText -Force -verbose
#
if ($? -eq $true){
write-host "-------------Token sécurisé obtenu, connexion...-------------" -ForegroundColor green
try{
Connect-MgGraph -NoWelcome -AccessToken $tokensecure
"---------------------------------------"
"------------#CONNEXION OK!#------------"
"---------------------------------------"
}catch{
write-host "-------------Connexion impossible avec le token specifie-------------" -ForegroundColor red
break
}
}
foreach ($person in $mailbox ){
Clear-Host
$folder = Get-MgUserContactFolder -UserID $person | ? {$_.DisplayName -eq"Sync-Opac"} -errorAction ignore
if($folder -eq $null){
##Connexion###
$uri = "https://login.microsoftonline.com/4f232a97-8219-4450-9bec-410e6d0472d0/oauth2/v2.0/token"
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing -verbose
#
write-host "-------------Obtention & Conversion du token en cours...-------------" -ForegroundColor green
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
#
if ($? -eq $true){
write-host "-------------Token genere >> securisation en cours-------------" -ForegroundColor green
}
else{
write-host "-------------Erreur sur la recuperation du token-------------" -ForegroundColor red
break
}
$tokensecure = ConvertTo-SecureString -string $token -AsPlainText -Force -verbose
#
if ($? -eq $true){
write-host "-------------Token sécurisé obtenu, connexion...-------------" -ForegroundColor green
try{
Connect-MgGraph -NoWelcome -AccessToken $tokensecure
"---------------------------------------"
"------------#CONNEXION OK!#------------"
"---------------------------------------"
Clear-Host
}catch{
write-host "-------------Connexion impossible avec le token specifie-------------" -ForegroundColor red
break
}
}
#Fin de connexion
########################################Creation contact##################
New-MgUserContactFolder -UserId $person -DisplayName Sync-Opac
start-sleep 5
$folder = Get-MgUserContactFolder -UserID $person | ? {$_.DisplayName -eq"Sync-Opac"}
$folderid = $folder.Id
./pwsh_graph_contacts.ps1
write-host "----------Contact importé && Dossier Contacts créé pour $person------------" -ForegroundColor Green
Clear-Host
continue
#si compte deja peuplé alors connexion et suppression
}else{
##Connexion###
$uri = "https://login.microsoftonline.com/4f232a97-8219-4450-9bec-410e6d0472d0/oauth2/v2.0/token"
#
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
#
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing -verbose
#
write-host "-------------Obtention & Conversion du token en cours...-------------" -ForegroundColor green
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
#
if ($? -eq $true){
write-host "-------------Token genere >> securisation en cours-------------" -ForegroundColor green
}
else{
write-host "-------------Erreur sur la recuperation du token-------------" -ForegroundColor red
break
}
$tokensecure = ConvertTo-SecureString -string $token -AsPlainText -Force -verbose
#
if ($? -eq $true){
write-host "-------------Token sécurisé obtenu, connexion...-------------" -ForegroundColor green
try{
Connect-MgGraph -NoWelcome -AccessToken $tokensecure
"---------------------------------------"
"------------#CONNEXION OK!#------------"
"---------------------------------------"
Clear-Host
}catch{
write-host "-------------Connexion impossible avec le token specifie-------------" -ForegroundColor red
break
}
}
#Fin de connexion
########################################Creation contact##################
.\suppression_graph_contacts.ps1
Clear-Host
start-sleep 10
New-MgUserContactFolder -UserId $person -DisplayName Sync-Opac
$folder = Get-MgUserContactFolder -UserID $person | ? {$_.DisplayName -eq"Sync-Opac"}
$folderid = $folder.Id
./pwsh_graph_contacts.ps1
write-host "----------Contacts importés pour $person-------------------" -ForegroundColor Green
continue
}
}
我清楚地了解我的部分,但我实际使用的只有第一个部分的 50%。
您可以使用 HTTP 请求,这是调用 Microsoft Graph API 的直接方式,让您可以更灵活地控制请求和响应。您可以使用 GET 方法获取联系人文件夹的增量更改,并使用 PATCH 方法更新联系人文件夹的属性,例如:
New-MgUserContactFolder从脚本中删除命令。否则,将您的 CSV 导入到每个人的个人联系人中应该可以正常运行。它不会覆盖整个文件夹或删除 CSV 中没有的联系人。在单个用户上进行测试。
如果您想减少所需时间,可以过滤已从 CSV 添加的联系人,或使用Get-MgUserContact查询现有联系人并仅根据需要进行更新。
一般来说,您应该只对那些可能不会经常更新的重要联系人(如 IT 服务台、人力资源和其他内部服务)执行此操作,因为更新速度很慢。如果列表变得太大,请考虑使用中央共享联系人文件夹。