| |  Todd O. Klindt | 4/15/2022 4:35 PM | PowerShell; Office 365; PnP; Graph | 0 | | As an M365 Admin it’s not tough to see that the future is hidden somewhere in the Microsoft Graph. And this particular M365 Admin would like to get there using his favorite tool, PowerShell. Microsoft released the Graph SDK, but it didn’t really scratch the itch for me. I found it confusing and really tough to use. But, as much as I ignored it, the Graph didn’t go away. With increased frequency there would be some little tidbit of information I’d want and the answer would be, “It’s in the Graph.” Grrrrr. I was poking the M365 PnP Samples and stumbled across this little gem, Authenticate with and call the Microsoft Graph. That looked promising, I can work with that. I fired up PowerShell, loaded the PnP.PowerShell, fired up the Graph Explorer and started working. It went well enough that I wrote a little wrapper function around it and published it to GitHub. It’s called Get-TKPnPGraphURI and it looks like this: 
Get-TKPnPGraphURI -uri https://graph.microsoft.com/v1.0/me/ Get-TKPnPGraphURI -uri https://graph.microsoft.com/v1.0/users | select displayName,userPrincipalName,id It uses PnP.PowerShell, so you’ll need that module installed, and you’ll need to connect with Connect-PnPOnline. From there you can pass it any Graph endpoint, v1.0 or beta. You can find out what the endpoints are at the Graph Explorer. Right now this only supports Gets. You’ll also have to manually put in any parameters or filters. I’ve added help and examples. I hope to expand them both in the future. The output is a stand PSCustomObject, so you can send its output down the pipeline however you’d like. Select-Object, Where-Object, Sort-Object, the world is your oyster. Let me know if this is useful and what you’re doing with it. tk ShortURL: https://www.toddklindt.com/PoshMSGraph | | | Todd O. Klindt | 11/5/2021 1:54 PM | Sharepoint; Office 365 | 0 | | | | | Todd O. Klindt | 10/8/2021 9:59 AM | Office 365; PowerShell; Sharepoint | 0 | | As I’ve alluded to before, I spend a lot of time in PowerShell, and most of it in the loving embrace of the PnP.PowerShell module. From time to time I find myself wanting to include logic in my scripts based on who the script is being run as, who connected to Microsoft 365. The majority of my connections where with the good old username and password combination. When that’s the case, I could use this to find how who I had connected as:
Connect-PnPOnline -Url https://m365x995492.sharepoint.com/
admin@M365x995492.onmicrosoft.com
((Get-PnPConnection).PSCredential).username
It looks like this:
That worked great, right up to the point where I didn’t just log in with username credentials. For instance, the Sympraxis tenant requires MFA so I have to connect with the –Interactive parameter:
Old Faithful let me down. Back to the drawing board. Poking around the Internet I saw some smart folks were using this method:
$ctx = Get-PnPContext
$ctx.Load($ctx.Web.CurrentUser)
$ctx.ExecuteQuery()
$ctx.Web.CurrentUser
$UPN = $ctx.Web.CurrentUser.Email
I haven’t tried it yet with Certificate authentication, so I’m not sure how it reports that. The good news is that method also works with a username and password login:
I’ve created a Function, Get-TKPnPCurrentUser, to make that short and easy to use. I've added it to the TKM365Commands module I published in GitHub.
tk
ShortURL: https://www.toddklindt.com/POSHGetCurrentPnPUser
edit 4/15/22 - Added link to GitHub | | | Todd O. Klindt | 9/16/2021 11:38 AM | SPDocKit; Tech Stuff; Speaking | 0 | | Like mixing chocolate and peanut butter I’m mixing two of my favorite things, SysKit and Sympraxis, in one magnificent webinar. Toni, Marc, Derek, and I will be talking about how technology can improve business and how we work with customers. And then, we’ll spend a lot of time with the mics open metaphorically and taking questions from the audience. So if you want to stump Marc or Derek, now is your chance.  The magic happens Wednesday, Sep 22 at 10:00 am CDT. Please sign up free and join us. We’d love to have you. tk | | | Todd O. Klindt | 9/14/2021 4:41 PM | Office 365; PowerShell; Sharepoint | 0 | | I recently got a fun email from a client. Their tenant had run over its storage allocation. After some quick investigation they realized that they had a few dozen files with a lot of versions, the average number of versions was over 1200 per file. Some files had over 3000 versions. The kicker is that these files were big, dozens or hundreds of MBs each. Thousands of files, 100s of MBs a piece? Pretty soon you’re talking about some real storage space! His question to me was how he could easily delete these unneeded versions quickly and easily? PowerShell, of course! Before we get to the golden PowerShell nuggets at the end, how did they end up here in the first place? Versions have been around forever in SharePoint but in the last couple of years there was a change. As part of their strategy to protect us from ransomware, Microsoft turned on versioning for all Document Libraries in SPO, and set the maximum number of versions to 500. That way if malware encrypted your site you could just roll your documents back to an unencrypted version. Pretty clever approach. The bad news is that if you don’t know this is in place, like my customer didn’t, you can chew up a lot of space by frequently uploading large files. Back to our story… My mancrush on the PnP PowerShell is well documented, so of course that’s the first place I looked for a solution. Sure enough, there it was, shining like a beacon of hope on a foggy night, Remove-PnPFileVersion. Do you hear angels singing? I know I do. I sent that off to my customer, dusted off my hands, and leaned back, put my hands behind my head and basked in self satisfaction. It was glorious. Until the customer replied… He didn’t want to delete all of the versions of a file. He wanted to something like delete all except the last 5 versions. Remove-PnPFileVersion has 2 parameter sets. One that deletes a single version (by its ID number) and one that deletes all versions. No middle ground. While my previous victory was short lived, I knew PowerShell would come through for me here too. Long story short, I scribbled down a quick PowerShell script that will delete the file versions beyond the number you wish to keep. This customer had a CSV file of the files they wanted to prune, so I added support for that. I have posted the files on GitHub (DeleteOldVersions.ps1 and VersionDelete.csv ) and I’ll go over the mechanics here. Here is what the CSV file looks like, if you want to use that:
 The Remove-PnPFileVersion cmdlet natively handles URLs in the forms of lines 2-5. I added support for the URL having the tenant name as well because a report the customer had included that and I wanted to make it easy for them to read. I’m good like that. Here’s the code: First I connect to the site: You’ll need to adjust those to your own situation. Then I load up the CSV file. If you don’t want to do this with a CSV file you don’t have to. You can manually put the file name in. $FileList = Import-Csv .\VersionDelete.csv Then I pick how many file versions I want to keep: $VersionsToKeep = 5 Next I walk through the $FileList. foreach($File in $FileList) { If the FileName property has the $SiteUrl in it I take it out. $Filename = $File.FileName.Replace($SiteUrl,"") Then I grab all the FileVersions of the file: $FileVersions = Get-PnPFileVersion -Url $Filename Get-PnPFileVersion does not show the Current Version, so it will always show one fewer version than what you see in the UI. If the number of versions is greater than the version we said we wanted to keep in $VersionsToKeep then I create a list of versions in $DeleteVersionList to delete: if ($FileVersions.Count -gt $VersionsToKeep) {
$DeleteVersionList = ($FileVersions[0..$($FileVersions.Count - $VersionsToKeep)]) With that list in hand I walk through it and run Remove-PnPFileVersion against it. In the code in GitHub I have commented out the line (Line 33 as of 9/14/21) that actually deletes the version. You’ll have to uncomment that to do anything. foreach($VersionToDelete in $DeleteVersionList) {
Remove-PnPFileVersion -Url $Filename -Identity $VersionToDelete.Id –Force To make piping easy I output the versions deleted as a CustomObject: $Output = [PSCustomObject]@{
PSTypeName = 'TKDeletedFileVersion'
Filename = $Filename
DeletedVersion = $($VersionToDelete.VersionLabel)
} $Output When you look at the code you’ll notice a line at the top,
$VerbosePreference = "Continue" If you uncomment that line it will light up the Write-Verbose statements in the code. Set it back to SilentyContinue to make them go away. This is what it looks like with Verbosity off: 
If you need to audit which versions are being deleted you can pipe that to Export-CSV and save it to a file. If you want to create some versions to test this with you can use the following PowerShell: $DocLib = “Shared Documents”
Get-PnPListItem -List $Doclib | select Id,@{l="FileLeafRef";e={$_.FieldValues.FileLeafRef}}
That’ll get you the files in the Document Library. You can use this command to touch them and create 6 new versions: 0..5 | foreach {Set-PnPListItem -List $Doclib -Identity 4 -Values @{"FileLeafRef"="Building materials licences to budget for Storytelling.docx"}} It is also possible to filter versions by date. That way instead of deleting all but the last 5 versions, you would be able to delete all of the versions older than 30 days. That’s a blog post for a different day though. tk ShortURL: https://www.toddklindt.com/PoshDeleteSPOFileVersions | | | Todd O. Klindt | 9/8/2021 5:40 PM | | 0 | | I don’t know if I could pick my favorite blog crash. There have been so many over the years. It would be like picking my favorite kid, or favorite tablet. I just can’t.
This most recent crash was caused by the drive the VM my blog is running on failing. “But what about backups??” I hear you all shouting in unison. I had VM backups in place, but I had moved the VM to a different server and the backup job didn’t follow along. I also had database backups. These were going directly to my NAS device. Unfortunately when I replaced my NAS in December I forgot to point the SQL backup job to the new location. My only backup was a lonely database backup from December. So, with my SharePoint 2010 and SQL 2012 CDs in hand, I reinstalled everything, and here we are.
I was able to republish the blog posts I’ve written since the backup, so there was no loss there. I did lose the comments you’ve left and I’ve responded to. Sorry about that. I’m in the process of putting it all back together, but there are a few things I haven’t finished yet. I’m putting the list here, so we can all keep track of it. If you see something wrong and it’s not on this list, send me a tweet or leave me a comment (I’ll try not to lose it) and I’ll add it to the list.
To Do List:
Get Search working
Update SharePoint 2010 Builds list (9/10/21)
Update SharePoint 2013 Builds list (9/13/21)
Go through IIS Logs and look for failed requests for ShortURLs I’ve missed
Verify all the http to https redirects work properly
Create SQL backup job (9/13/21)
Create VM backup job
Fix broken images in blog posts
Thanks for sticking around,
tk
ShortURL: https://www.toddklindt.com/FirstBlogCrash2021
| | | Todd O. Klindt | 6/25/2021 5:01 PM | Office 365; PowerShell | 0 | | Throughout my IT career I have had to create tens (or hundreds, or thousands) of objects to test something. It could be a bunch of Windows Users, a bunch of folders, files, etc. It seems like every time that happens I end up starting from scratch on the process. To stop that silly cycle I decided to make the process official by blogging it. Let’s stop this madness! This time it started with my friend Michal Pisarek posting this tweet: 
Orchestry needs to test their lifecycle features and he wanted to stress test it real good! As is often the case, I see a tweet like that and my first thought is “Challenge Accepted!” The mechanics of how to create Teams with PowerShell is pretty simple but where this really gets tricky, at least for me, is the names. Especially if you’re looking at creating 20,000 like Michal is. In the past the way I’ve handled that is the old tried and true “Adjective Noun Number” formula. To get near 20,000 I wanted a long list of nouns and adjectives to pull from. I scoured the Internet and pulled together two files, nouns.txt and adjectives.txt. You can find them in this GitHub repo. Then I tack a random two digit number at the end to reduce the chance of collision. I put those files in the same directory as this PowerShell script and let ‘er rip! Connect-PnPOnline -Url https://CONTOSO-admin.sharepoint.com -Interactive # import the files with nouns and adjectives
$Nouns = Get-Content .\nouns.txt
$Adjectives = Get-Content .\adjectives.txt # Number of Teams to create
$NumberOfTeams = 3
$Index = 1 while ($Index -le $NumberOfTeams) {
# Generate Random stuff
$TeamNoun = $Nouns | Get-Random
$TeamAdjective = $Adjectives | Get-Random
$TeamNumber = Get-Random -Maximum 100
$TeamDisplayName = "$TeamAdjective $TeamNoun $TeamNumber"
Write-Host "$Index - $TeamDisplayName"
New-PnPTeamsTeam -DisplayName $TeamDisplayName -MailNickName $($TeamDisplayName.Replace(" ","")) -Description $TeamDisplayName -Visibility Public -AllowGiphy $true
$Index++
} You can find the file CreateLotsofTeams.ps1 in that same GitHub repo. You can alter the nouns and adjectives files as you see fit. Set the the $NumberofTeams variable to how many Teams you want and you’re set. This script uses the venerable PnP.PowerShell module. You’ll need that installed and its Azure Application registered before you can run this. Be sure to change the Connect-PnPOnline line to reflect your tenant’s name, unless you actually work for Contoso. Because of some weird timing, the current version of the PnP.PowerShell, 1.6.0, won’t work with this script as there is a bug in New-PnPTeamsTeam that prevents it from actually creating a Team. Ironic, I know. I put notes in the CreateLotsofTeams.ps1 file on how to handle that. But if you’re running it and it looks successful but no Teams are being created, look there first. Also, for whatever reason, when you look at the Groups Sites in SharePoint they don’t show up as being Teams enabled, but they really are. 
You can see in this crudely mocked up screenshot that the Teams are in the Teams client even though SharePoint Admin Center swears they don’t exist. And while this script’s purpose in life is to create lots and lots of Teams, it could be easily modified to create lots and lots of anything. If you just need Groups, swap out New-PnPTeamsTeam with New-PnPMicrosoft365Group. If you just need SharePoint sites, use New-PnPTenantSite. Folders? Add-PnPFolder. I think you see where I’m going with this.  If you’re like Michal and you’re going to create 20,000 Teams, or anything, I hope you have a comfortable chair. It’s going to take a while. Michal is seeing about 1 Team a minute. It’s going to take him a couple of weeks at that pace. Almost certainly PowerShell is the bottleneck in this situation. If you’re looking at a similar situation, my advice is to open up another PowerShell window and run another instance of CreateLotsofTeams.ps1 there. And maybe run a few instances on another machine entirely. In the past that has helped me speed this things up considerably. Enjoy. tk ShortURL: https://www.toddklindt.com/PoshLotsandLotsofTeams | | | Todd O. Klindt | 6/25/2021 4:59 PM | Office 365; PowerShell; Sharepoint | 0 | | I’ve done a few articles about the new PnP.PowerShell module. One of the biggest changes from its ancestor, SharePointPnPPowerShellOnline, is that it requires the registration of an Azure Application before you can connect with it. In this blog post I’m going to explain how to get that Azure App registered if you’re not a Tenant Admin in your tenant. You don’t need to be a Tenant Admin to use the PnP.PowerShell cmdlets. You don’t even need to be a SharePoint Admin or a site collection admin. There are plenty of cmdlets you can run, like Add-PnPFile if you’re only a Member of the site. However, before you can run the most import PnP cmdlet of all, Connect-PnPOnline, the PnP Azure Application has to be registered in your tenant by a tenant admin. If it’s not, you’ll get a sad message that looks like this: 
Here’s the text: Connect-PnPOnline: AADSTS65001: The user or administrator has not consented to use the application with ID '31359c7f-bd7e-475c-86db-fdb8c937548e' named 'PnP Management Shell'. Send an interactive authorization request for this user and resource. In most cases the person introducing the PnP.PowerShell module is a tenant admin, so it’s not an issue. They run Register-PnPManagementShellAccess and Bob’s your uncle. But it’s not uncommon for an organization to be large enough that the SharePoint or Microsoft 365 Admin team is not a tenant admin. In that case the Tenant Admin, who likely doesn’t know what a PnP.PowerShell is, has to register the Azure App before the SharePoint Admin can enjoy the bliss that is PnP.PowerShell. Fortunately, there’s an easy enough solution, the Consent URL. The Consent URL is the URL to a web page your Tenant Admin can go to to consent the PnP.PowerShell Azure App without needing to install anything, or really know anything about the PnP.PowerShell. There are a few ways to get the Consent URL. It doesn’t matter how you do it, they all get you to the same place. The easiest way to remember is to run Register-PnPManagementShellAccess –ShowConsentUrl after installing the PnP.PowerShell. You’ll be asked to log in, but you don’t need to be an sort of admin. It’s only logging in so it knows when tenant you’re in. Then it will give you the Consent URL. It looks like this: 
https://login.microsoftonline.com/651c433d-d221-4bb3-ac77-392f4bf06a6b/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e The part in the red box is your tenant’s ID.You had to log so the cmdlet could get that number. The Client_id refers to the PnP.PowerShell, so it’s the same everywhere. You can also specify your tenant’s name instead of its ID. This works as well:
https://login.microsoftonline.com/tenantname.onmicrosoft.com/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e Whether you get the URL from running Register-PnPManagementShellAccess –ShowConsentUrl or by copying it out of this blog post and putting your tenant’s information, send that URL to your Tenant Admin. When they browse to the page it will look like this: 
All they need to do is click Accept and you’re ready to go. That’s a pretty long, scary list of permissions, and it might spook some admins. Accepting this does not give everyone in your tenant all of those permissions. The PnP.PowerShell Azure App uses Delegation, which means any user using it to access objects in Microsoft 365 has to have permission to access it. The PnP.PowerShell does not allow anyone access to anything they don’t otherwise have access to. If they don’t believe you, have them try. Have someone that cannot open up a SharePoint site in the browser try to connect to it with Connect-PnPOnline. They won’t be able to. If they want to check out what the Azure App has permission to, or heaven forbid, remove it, you can browse to the Azure AD Portal and find it in the Enterprise Applications. 
The Permissions blade will show you all delegated permissions the app has. Feel free to poke around, but resist the urge to change any, even if you’re positive you’ll never use them. I promise it’ll only hurt you in the future. After your tenant admin has done all of that you should be able to get back to all that PowerShell and PnP goodness. tk ShortURL: https://www.toddklindt.com/PoshRegisterPnP | | | Todd O. Klindt | 2/9/2021 4:00 PM | Office 365; Sharepoint; PowerShell | 0 | | | | | Todd O. Klindt | 1/19/2021 4:01 PM | | 0 | | As of January 19th, 2021 the new and improved PnP.PowerShell module is no longer prerelease and is ready for the masses. You can also find it in a GitHub repo. It replaces the venerable SharePointPnPPowerShellOnline module we all know and love. The new module has a lot changes, but here are a few of the highlights: - PnP.PowerShell only works with online products like SharePoint Online and Microsoft 365. It does not work with SharePoint Server platforms like SharePoint 2013, 2016, or 2019.
- It is built on .NET core 3.1 so it runs on non Windows platforms like Linux, Mac, and Azure Functions. SharePointPnPPowerShellOnline is built on .NET 4.6.1 and only runs on Windows.
- PnP.PowerShell is focused on all of Microsoft 365, not just SharePoint. SharePointPnPPowerShellOnline started out focused on SharePoint and other things have snuck in over the years, but were never supported as well as we would have liked.
- Authentication relies on App Registrations. To facilitate the cross application support the module relies on Graph API permissions as opposed to straight up usernames and passwords. SharePointPnPPowerShellOnline uses App Registrations as well, but it’s not built on that premise like PnP.PowerShell is.
If you can, you should uninstall the SharePointPnPPowerShellOnline module and install PnP.PowerShell everywhere. You should also stop using Windows PowerShell 5.1 and move over to PowerShell 7.x. There are a couple of legit reasons why you can’t though. I have a whole blog post, “Using both PnP PowerShell Modules with PowerShell 5 and PowerShell 7” that covers how to have both modules and both shells available to you. For those of you with short attention spaces I’ll give you the tl;dr: Open PowerShell 7.x in Administrator mode and uninstall all the modules: Uninstall-Module SharePointPnPPowerShellOnline -Force –AllVersions
Uninstall-Module PnP.PowerShell -Force –AllVersions That should clear all the appropriate modules out of PowerShell 7.x. You’re good there. Now open Windows PowerShell 5.1 in Administrator mode. Here you’ll uninstall all the modules and reinstall them: Uninstall-Module SharePointPnPPowerShellOnline -Force –AllVersions
Uninstall-Module PnP.PowerShell -Force –AllVersions For good measure I close down the Windows PowerShell 5.1 host and open a new one before I install the new version. That might not be necessary, but it feels like cheap insurance. Either way, in a Windows PowerShell 5.1 Administrator shell install both modules: Install-Module -Name SharePointPnPPowerShellOnline -Scope Allusers
Install-Module -Name PnP.PowerShell -Scope Allusers –AllowClobber I added a little chocolate to the install commands to make them go down easier. First, I added -Scope Allusers to make sure Windows PowerShell 5.1 installs the module in a place that PowerShell 7.x can find it. I think any modules installed in an Admin window are installed there by default, but I’m not sure. Again, cheap insurance. Second, to the second (and any subsequent) module I added –AllowClobber. This tells PowerShell that it’s okay to install a module that has cmdlets that collide with cmdlets already on the system. This is okay because of the difference between installing a module and importing a module. You can read more about that in my previous post. If you need one of the on-prem SharePoint Server modules use a line like this: Install-Module -Name SharePointPnPPowerShell2019 -Scope Allusers –AllowClobber You can have as many of these modules installed as long as you install the later ones with –AllowClobber. Once you’ve got the modules installed you need to tell PowerShell which one to load. That’s done with the Import-Module cmdlet. When you open a new PowerShell window, or at the top of any PowerShell scripts, you can specify which PnP Module you want PowerShell to use. For instance: Import-Module PnP.PowerShell or Import-Module SharePointPnPPowerShellOnline or Import-Module SharePointPnPPowerShell2019 Then you know you’ll get the version of Connect-PnPOnline (or whatever) your code is running. In theory you could swap them in and out by using Remove-Module, but in reality there are some fiddley PowerShell things in the background (the AppDomain) that keeps this from being successful. My previous blog post does show you how to have multiple versions of the PnP module imported in the same window or script at the same time. But really, stick to PnP.PowerShell and PowerShell 7 if humanly possible.  I hope you find that all helpful. I don’t know about you, but I’m really excited about this new module. tk ShortURL: https://www.toddklindt.com/PoshNewPnPModule
| | | Todd O. Klindt | 1/13/2021 4:02 PM | | 0 | | Since the PnP team announced that the venerable SharePointPnPPowerShellOnline module was going to be replaced by the shiny, new PnP.PowerShell module there has been some confusion on which module to use and which PowerShell to use. I have good news, the answer is “D. All of the above.” In this blog post I’ll show you how you can have both modules installed and use them interchangeably as well as use either of them on whatever version of PowerShell tickles your fancy. A Few Words about Modules Before we can get into how to do this I want to spend some pixels on why we have to do it the way we do. I intended to publish this blog post a couple of weeks (okay, months) ago but as I was doing my research I kept learning more. Most of learning was around the “Module” cmdlets and what each of them does. In order to get the two modules to cooperate we need to use the right Module cmdlets at the right time. Here are the Cliff’s Notes: The System Several Module cmdlets deal with what PowerShell Modules are installed on your system with PowerShellGet. There are a lot of ways to install Modules into PowerShell and PowerShellGet is one of the most popular and it’s built into PowerShell. Here are the pertinent cmdlets and what they do: - Install-Module – Downloads a module from a repository (the PowerShell Gallery by default) and installs it on the system.
- Get-InstalledModule – Lists the modules that were installed on the computer with PowerShellGet
- Uninstall-Module – Uninstalls a packages from that computer that was installed with PowerShellGet
The key here is that the scope of those commands, and the other PowerShellGet cmdlets, is the whole computer The Host “Host” is a fancy word for PowerShell window or console. There are a few common Module cmdlets that deal only with the host they’re run in. Here are some of my favorites: - Import-Module – Imports a module that was already installed on the computer into the host
- Get-Module – Lists the modules currently imported into the host. The –ListAvailable parameter shows modules installed on the computer that can be imported into the host
- Remove-Module – Unloads (unimports? exports?) a module from the host
These cmdlets are all part of Microsoft.PowerShell.Core as opposed to PowerShellGet. The Import Business Now we know how to get a module installed onto our computer, and how to manually coax it into our host. But most of us have never done all this Import-Module business but everything seems to work. How’s that? PowerShell has the ability to automatically load modules when they’re needed. The entire, exciting, story of how PowerShell imports modules is chronicled here, but I’ll give you the highlights. If you try to use (or reference it with something like Get-Command) a cmdlet that isn’t in a module already loaded PowerShell will walk through the PSModulePath locations looking into each module for the cmdlet you’re trying to run. If it finds it, it implicitly imports that module and Bob’s your uncle. You can use $env:PSModulePath to see where PowerShell will look. It’s important to note that Windows PowerShell 5 and PowerShell 7 have similar, but different PSModulePaths. Here’s what it looks like in both. I added -split “’;” to put each path on its own line, and I piped it through Sort-Object to make them easy to keep track of. 
To make either Module, SharePointPnPPowerShellOnline or PnP.PowerShell, available to both Windows PowerShell 5 and PowerShell 7 it has to be installed in one of the paths that both versions of PowerShell will look in. For backwards compatibility PowerShell 7 looks in the PowerShell 5 paths, so I do the Install-Module bit in PowerShell 5 and PowerShell 7 gets it for free. You could install it in both, that works. But this way keeps you from having to update it both places every time a new version comes out. The PnP.PowerShell module is aimed for PowerShell 7, but also works fine in PowerShell 5. Erwin told me they may remove that support in future, but for now it’s safe. You can see from the screenshots that I have my Known Folders redirected to OneDrive. When installing these modules PowerShell was installing them to my personal folders and it was causing problems. A couple of the Module cmdlets don’t handle that well. To get around some of that chicanery I had to install the modules in a different path. The easiest way I found to do that was the specify the scope Allusers, like this: Install-Module PnP.PowerShell -Scope AllUsers In PowerShell 5 that installed into C:\Program Files\WindowsPowerShell\Modules\PnP.PowerShell, which PowerShell 7 can see so it can be imported into a host of either version and it’s not in OneDrive. Using Both Modules in Both PowerShells We know both PowerShells can run both modules if we install it right. To get everything playing nicely I uninstalled both modules from both versions of PowerShell using Uninstall-Module -Force –AllVersions. In one case Uninstall couldn’t clean it all up so I had to go into the file system and delete the folder manually. I also had to close the host various times as it had imported the module I was trying to uninstall and I couldn’t get it unloaded in that host. After all the uninstalling was done I closed all of the PowerShell windows I had open and I opened a PowerShell 5 window in Admin mode. I installed the old module with this: Install-Module -Name SharePointPnPPowerShellOnline -Scope Allusers That made it so it could be imported into both PowerShell 5 and PowerShell 7. Next I installed the PnP.PowerShell module. This one took a bit of extra coaxing. It’s currently in prerelease so Install-Module requires the –AllowPrerelease parameter. The version of PowerShellGet in PowerShell 5 does have that. I had to upgrade PowerShellGet first with this line: Update-Module -Name PowerShellGet I close the window and opened a new one for good measure. This put me at version 2.2.5 of PowerShellGet. One problem solved. The second problem is that PnP.PowerShell and SharePointPnPPowerShellOnline share most of their cmdlet names, so a regular Install-Module is going to fail. To fix that we need to use the –AllowClobber parameter. The whole thing looks like this: Install-Module -Name PnP.PowerShell -AllowPrerelease –AllowClobber At first this sounds scary, but remember, Install is just dropping the bits onto your computer. You can still control which module gets loaded in a script or host. To do that using Import-Module. The key is to use Import-Module before you do anything that will trigger PowerShell implicitly loading the module for you. If you want to force your script to use a specific module include one of these lines at the top: Import-Module PnP.PowerShell or Import-Module SharePointPnPPowerShellOnline You would do the same thing in a PowerShell window when you open it to run some cmdlets. I’ve been doing this for a few weeks and it works well.
Using Both Modules in the Same Host Now I’m just going to show off a bit.  We know we can load either module into a host, but what if we need both modules into the same host or script at the same time? It came be done! It sounds like magic, but it works. The key is using the –Prefix parameter of Import-Module. If you want both modules loaded and available in the same window you need to import one with a prefix. It looks like this: Import-Module SharePointPnPPowerShellOnline -Prefix Old 
You can see from the screenshot that both sets of cmdlets are available, with the SharePointPnPPowerShellOnline versions having the additional prefix of “Old.” I wouldn’t recommend doing this as a normal course of action, but it’s good to know it’s there. PowerShell 7 is a little fussy when doing this. I had issues importing the old version if I had already imported the PnP.PowerShell module explicitly or implicitly, which is why I didn’t in this screenshot. Get-Command implicitly loaded it for me, so that wasn’t an issue. PowerShell 5 handles it more gracefully. The End There it is, the culmination of weeks (maybe months) of me fiddling around to understand the inner workings of PowerShell module installing and importing. Thanks to Jeff Hicks for holding my hand and answering all my dumb questions. Hopefully my pain will make your transitions from PowerShell 5 to PowerShell 7 and from SharePointPnPPowerShellOnline to PnP.PowerShell easier. tk ShortURL: https://www.toddklindt.com/PoshBothModules | | | Todd O. Klindt | 12/28/2020 4:02 PM | | 0 | | As the new year approaches I find myself making changes. Like everyone on the planet I plan to eat less and exercise more. I also plan on making another change, I’ll be moving away from my friend the venerable old SharePointPnPPowerShellOnline module to the new, sexier PnP.PowerShell. I thought I’d blog the experience so you all can follow along. Why the Move? The SharePointPnPPowerShellOnline module has been good to me over the last few years. It has helped me do amazing things both in PowerShell and in SharePoint. Why would I ever give that all up? Because the times, they are a-changing. The SharePointPnPPowerShellOnline module is being retired and all of that effort is being channeled to the PnP.PowerShell module. The SharePointPnPPowerShellOnline module will continue to be around for the on-prem versions of SharePoint Server (though not updated), but for SharePoint Online/Office 365/Microsoft 365 you’ll need to use the PnP.PowerShell module. Why did the PnP team decide this? You can get the whole story at the official PnP PowerShell page, but there are two main reasons. The first is wider platform support. SharePointPnPPowerShellOnline had .NET dependencies that meant it would only run on Windows PowerShell. Emphasis on Windows. When that module was first created 6 years ago that made perfect sense, but since then PowerShell has gone open source and now runs on a variety of platforms like Mac, Linux, a variety toasters, etc. Since SharePointPnPPowerShellOnline required Windows it couldn’t follow PowerShell onto those other platforms. The PnP.PowerShell module was written without those Windows dependencies so it can run anywhere PowerShell can run. You may not use a Mac, but this also means that you can use PnP.PowerShell more easily in cloud environments like Azure Functions. The second reason was to give wider application support. The SharePointPnPPowerShellOnline mostly supported SharePoint, as the name would suggest. These days you can’t manage SharePoint Online without also needing to touch Microsoft Groups, Teams, etc. The PnP added more and more cmdlets to handle that, but there were some big authentication changes that needed to be made to fully support all of the other applications. They started adding some of that to SharePointPnPPowerShellOnline, but it was cobbled together a bit. While they were refactoring the module for .NET Standard they went ahead and made some sweeping authentication changes that mean we’ll be able to use it more easily for SharePoint and all of the other applications we know and love. First Step PowerShell 7 The first step to moving to the PnP.PowerShell module is to install PowerShell 7, also called PowerShell Core. I’m on Windows, so that’s the process I’m going to walk through. Windows comes with PowerShell, Windows PowerShell 5.1. To use PowerShell 7 we’ll have to install it. Windows PowerShell 5.1 and PowerShell Core 7 can happily coexist on your machine, so you don’t have to worry about breaking any of your other existing PowerShell scripts or tools. 
You can see from this screenshot I have both versions of PowerShell installed and running on this machine. You can use the system variable $PSVersionTable to see which version of PowerShell your host is currently using. It’s also pretty easy to pick the version of PowerShell you want when firing it up. 
While PowerShell 7.x can coexist with Windows PowerShell 5.x, it will replace PowerShell 6.x if you have that installed. I installed PowerShell 7 by downloading the installation MSI from the GitHub page. For me that was the Windows x64 platform and I grabbed the stable build. That file was PowerShell-7.1.0-win-x64.msi, but obviously that filename will change as PowerShell 7 advances. Then I popped open a Windows PowerShell 5 (oh, the irony) prompt in Admin mode and ran the MSI. 
The friendly wizard walked me through the process. There are few installation choices to make, but I’ve found the defaults are usually fine. After the installation is finished you’ll have both Windows PowerShell 5.x and PowerShell Core 7.x. Time to install some modules. The Module Installing the PnP.PowerShell module is pretty easy, but if you have the older SharePointPnPPowerShellOnline module installed you’ll need to uninstall it first. The cmdlet names in both modules are the same, So PnP.PowerShell won’t install all of its cmdlets while there are collisions with the old version. To uninstall the SharePointPnPPowerShellOnline module open up a Windows PowerShell 5 host in Admin mode and enter this: Uninstall-Module SharePointPnPPowerShellOnline –AllVersions and wave a fond farewell to our old friend. After that’s finished, and you’re done sobbing, open up a shiny new PowerShell Core 7 host in Admin mode. While you’re in there opening up in Admin mode, go ahead and add PowerShell 7 to your Start Menu and your Taskbar. You’ll thank me later. 
Then issue this command: Install-Module PnP.PowerShell –AllowPrerelease 
You’re all done. Since PnP.PowerShell is not an official release yet you’ll need the scary sounding –AllowPrerelease parameter. After January of 2021 you won’t need that anymore. Finally, Authentication I mentioned earlier that one of the reasons for changing modules was a change in authentication. I don’t want to get too deep into it in this blog post but I do want to mention that you should run Register-PnPManagementShellAccess to set up a an Azure Application Registration. This is the magic that allows the new PnP PowerShell access to all of the applications in Office 365. You may have seen this referred to as Graph API. I’ll dig into it later, but for now all you need to know is that a tenant admin needs to run the PnP.PowerShell version of Register-PnPManagementShellAccess once in your tenant. After that is in place you should be able to use Connect-PnPOnline and get connected. tk ShortURL: https://www.toddklindt.com/NewPnPPowerShell | | | Todd O. Klindt | 11/25/2020 10:41 AM | Office 365 | 0 | | Earlier this month, Alex Weinert, the Director of Identity Security at a little company called Microsoft, published a blog post begging us to stop using SMS as the second factor for MFA. I’m an MFA kind of guy, I live the MFA life style, and I’m on board with that. As the majority of the accounts I use can use the Microsoft Authenticator app, that’s what I use the most. Other companies, like Google, also have authenticator apps. I’m sure they’re fine and well loved by their friends and families.  Over the last few months I’ve moved most, if not all, of the apps and sites I can to MFA using the Microsoft Authenticator app and I’ve picked up a few tricks along the way. I thought I’d blog a few of them in case they help anyone else. Keep in mind this blog post was written in November of 2020 and the version of the app I’m using is 6.2010.7266 on Android. Use Microsoft Your Phone My first tip for using Microsoft Authenticator is not about using Microsoft Authenticator at all. It’s about using a Windows 10 feature called “Your Phone.” This feature, along with an app running on your phone, allow you to interact with your Android phone on your Windows 10 machine, or machines. I initially started using it to send text messages but it can do so much more. For instance, you can run phone apps on your PC, via screen sharing. One of those apps can be your friend and mine, Microsoft Authenticator. Since web sites (like Microsoft 365) and other services like VPN use codes generated from Microsoft Authenticator it is handy to have quick access to it on your PC. Here’s what it looks like: 
That saves you fumbling with the UI on your phone, but you’d still need to look at your phone to get the code. For this to really be helpful you also need to change a setting in the app to allow its screen to be captured. Go into Settings and enable Screen Capture: 
If you don’t, you’ll see this on your PC when you open Microsoft Authenticator: 
When I need to log into my GitHub account I fire up Your Phone on my computer, switch to the Microsoft Authenticator app and type the secret 6 characters in. Now I’m logged into GitHub and ready to cause some trouble. Show the Codes By default, when you open Microsoft Authenticator you’re greeted with a list of all of the accounts you’ve registered and you select the one you want to log in to. Authenticator takes you to a screen with the one-time passcode for that account. But all that clicking is sooo much work. I take advantage of the “Show Codes” option, like below. 
That shows me all the codes for the accounts that support it. You can see how it looks in the first screenshot. Combining these two techniques my MFA process went from: - Hunting around for my phone
- Unlocking it (unsuccessfully the first couple of times)
- Finding the Microsoft Authenticator app
- Finding the account I want to log in to
- Clicking it (so much work)
- Typing all six digits into the MFA prompt on my computer
- Collapsing from exhaustion
To this: - Clicking the Microsoft Authenticator app on my Windows 10 Taskbar
- Copying the one-time passcode for the account
- Pasting into the MFA prompt
- There’s no step 4!
Wait, copy and paste the passcode? How’s that again? Copy and Paste the Passcode Once you have that set up you can actually copy the passcode from your phone in Windows and paste it into whatever web page or app is asking for it. To take advantage of this magic you need to enable copy and paste in the Your Phone app on Windows 10. 
You might have to close the Authenticator app both on your phone and your PC for that to take effect. When you have it working, it’s a thing of beauty. Just copy the passcode with your mouse like you would any other application. There’s no visual indication that it’s copying, but trust me, it is. Go ahead, paste it into Notepad and see for yourself. Cool, huh? Backup Your Settings I recently heard a sad tale of woe from a friend of mine that uses Microsoft Authenticator for all of his MFA needs. Something went wonky on his phone and he lost a bunch of the account settings. He had to go through a lot of work to get it all set back up. That’s when he and I both noticed the handy Backup functionality. Like all the other fun we’ve looked at it’s in the Settings page of the app. You can read all about it on this Docs Page. But the basic idea is, turn it on. Future you will appreciate your consideration and foresight. There are a few other fun Authenticator tricks, but these are my favorites. Are you using Authenticator and have tips to share? Put them in the comments below. tk ShortURL: https://www.toddklindt.com/MSAuthTips | | | Todd O. Klindt | 9/14/2020 9:30 AM | Sharepoint; Office 365 | 0 | | My friends at SysKit have been kind enough to do all the work for me to put on a free webinar on SharePoint migration. Those folks are the best! They do all the work, and you and I get to chat about one of our favorite topics! The big day is Wednesday September 16th. It’s 10:00 am CDT The registration is free, and you can find out more details and sign up here. I’ll give some good advice, and tell some stories, and generally have fun. Join me, I’d love to see you there. tk ShortURL: https://www.toddklindt.com/SyskitWebinar | | | Todd O. Klindt | 8/18/2020 11:30 AM | Office 365; PowerShell; Sharepoint | 0 | | Some blog posts just beg to be written, and this is one of them. I swear I’ve had this conversation half a dozen times in last month after having never had it at all before. It just keeps coming up, I’m guessing because the adoption of Office 365 has really taken off in the last 5 months. What’s the topic? It boils down to, “How do I create a Team/Distribution List/SharePoint site that is always available everyone in the company?” The first couple of times the topic came up I tried to talk the customer out of it. I’m usually not a fan of big blast communication like that, and in the case of products that are built on top of Microsoft 365 Groups, there are published limitations to this. It just seemed like a bad idea. But every time a customer asks me about it I understand it a little better, so I threw this blog post together to point people at if they want to do it. This post is meant to be technical, not prescriptive. I won’t cover why you should employ any of these techniques, but how you can do them if you have already decided they are a good idea. I’ll leave the why up to people that are smarter than me.
The Options
There are several “All User” communication methods that have come up in my discussions with customers. I’ll cover how to enable them. They all leverage the functionality of updating dynamically as people join your company. Your company could already handle adding people to Distribution Lists (DLs) as part of your onboarding process. All of my examples will show how to keep the All User list populated automatically. All of these examples also assume the groups are cloud only, not synced from on-prem Windows Active Directory.
Distribution Lists (DLs)
The first option I’ll cover is the old tried and true email Distribution List. These things have been around since shortly after prehistoric fish came on land from the primordial soup and they’ve been going strong ever since. DLs are email only and they’re a good way to send out company wide things like “There are donuts in the breakroom. Get here quick before Gary eats them all” or “The CEO is feeling generous and she’s giving everyone (except Gary) Friday off!”
To do this, create a new DL and make it a dynamic DL. This one is a little tricky. When you create a dynamic anything you have to provide a rule so that Azure AD (AAD) knows whether someone should be in the thing or not. In the case of a dynamic DL the way to get everyone is to create no rule. If there’s no rule, emails sent to that DL end up in every mailbox in your tenant. If you currently have any static DLs they cannot be changed to dynamic DLs, but they can be upgraded to Office 365 Groups. Dynamic DLs cannot be upgraded to Office 365 Groups. I’ve also had customers set one of these up and send News Digests from SharePoint Online to it. The owner of the dynamic DL does not need to be IT or have any elevated roles in the tenant.
How do I Create one?
There are a couple of different ways to create a dynamic DL. You can do it in the Exchange admin center in Office 365. Then navigate to the Groups tab. Next to New Microsoft 365 Group click the dropdown and select Dynamic distribution list.
The configuration will look something like this. Do not add a rule.
Once your dynamic DL is created there are some fun settings you can play with. For instance, you can moderate messages and have approved senders.
If you’re super cool, you can create dynamic DLs with PowerShell. First connect to Exchange Online PowerShell, then run New-DynamicDistributionGroup:
New-DynamicDistributionGroup -IncludedRecipients MailboxUsers -Name "Blog Lovers"
Doesn’t that feel better than using the UI? I thought so.
Security Groups and Microsoft 365 Groups
Both AAD Security Groups and Microsoft 365 Groups support dynamic membership, so they can be used the same way. A dynamic, all company, Microsoft 365 Group can be used for a site that you want everyone to have access to, and they’ll all get emails sent to that Group’s DL. Depending on how the Group is configured or how the users configure their mail client the Group’s emails may or may not show up in their Inbox. There will also be a Team for that Group that everyone will be in. Lots of ways to annoy everyone with one of these. I honestly can’t think of a way to leverage a Security Group in the context of Office 365, but I added since it’s the same process as the Office 365 Group, and it makes this blog post look that much longer.
How do I Create Them?
As we are all painfully aware, there are just shy of 117 different ways to create an Microsoft 365 Group. I think two more have been added since I started writing this blog post. There might be more than one way to create a dynamic Microsoft 365 Group, but I’m only going to cover how to do it in the Azure AD Portal and with Azure PowerShell. Navigate to the Groups blade and click "New group.” Under Membership type choose “Dynamic User”
If Membership type is greyed out that’s because the user creating the group does not have an Azure AD Premium license.
To set the rule, click “Edit dynamic query” button to get to the rules page. The rule we want is “user.objectId -ne null”. You can build that in the wizard at the top. Don’t worry about a user’s ID actually being “Null.” The rule knows the difference between null and “Null.” Ned Ull will not be the only member of the Group.
Once you tab out of the Value box the Save button will light up and you’ll be able to save the query and go back to creating your group. The process is the same for Security Groups.
But what about PowerShell?? I’m so glad you asked. Make sure you have the AzureAD module loaded and you’re connected as an account that can create Groups. Then run this little gem to create a Dynamic Microsoft 365 Group:
New-AzureADMSGroup -DisplayName "Dynamic M365 Group From PowerShell!" -Description "Dynamic group created with PowerShell!" -MailEnabled $true -MailNickName "Dynamic-M365-Group-From-PowerShell" -SecurityEnabled $True -GroupTypes "Unified","DynamicMembership" -MembershipRule "(user.objectId -ne null)" -MembershipRuleProcessingState "On"
If you only want a Security Group (I’m not sure why) change the –MailEnabled parameter to $false, and the –GroupTypes to only DynamicMembership, like this:
New-AzureADMSGroup -DisplayName "Dynamic Security Group From PowerShell!" -Description "Dynamic security group created with PowerShell!" -MailEnabled $false -MailNickName "Dynamic-Security365-Group-From-PowerShell" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.objectId -ne null)" -MembershipRuleProcessingState "On"
It is also possible to switch an existing static Security Group or Microsoft 365 Group to dynamic. It’s a long process, and this article does a good job explaining how. I don’t think there’s a way to convert a Security Group to a Microsoft 365 Group.
Happy Dynamic Group Creating!
Question #1: "Can you use Dynamic Groups with Audience targeting?"
Answer #1: Despite this Microsoft Support document saying otherwise, I was able to target links in both Global (top) Nav and Quick (left) Nav by audience with a Dynamic Microsoft 365 Group.
Question #2: "Does the 'user.objectId -ne null' approach include Guests?"
Answer #2: I'm not sure, I'll look into that and update this blog post.
tk
ShortURL: https://www.toddklindt.com/CreateDynamicGroups
Edit: 8/24/20 to add questions
| | | Todd O. Klindt | 7/29/2020 11:06 AM | Sharepoint; Office 365; PowerShell | 0 | | Workflow Retirement Series TOC Part 1 - SharePoint 2010 and 2013 Workflows Kaput in Office 365
Part 2 - Finding All the SharePoint 2010 Workflows in SharePoint Online
Part 3 - Find Only the Active SharePoint 2010 Workflows in SharePoint Online
Part 4 - Use PowerShell to Work with SharePoint 2010 Workflow Scan In Part 2 of my much beloved “Workflow Retirement Series” I covered how to scan your SharePoint Online environment for those pesky SharePoint 2010 workflows with the free SharePoint Modernization Scanner. I figured that was that. I was preparing to do my victory lap when I started getting some feedback. It seems some folks have a a lot of workflows in their environment, and a CSV file with a few hundred, or a few thousand rows isn’t terribly helpful. Now, once you get that CSV file into Excel you have one of the best data slicing and dicing tools invented by man at your disposal. You can slap a couple of filters on there, sort a few columns, hide a few others, and you can probably get whatever information you need. But I’m a PowerShell guy. I like to do things the hard way, with maximum typing. Let’s walk through what I did. One of the reports the SharePoint Modernization Scanner makes is ModernizationWorkflowScanResults.csv and that’s the one I’m going to use. Since it’s a pretty well formed CSV file we can import it into an object without much fuss: $results = Import-Csv .\ModernizationWorkflowScanResults.csv As a gut check we can see how many rows we brought in: $results.Count You can also type $results[0] to see the first row, since it’s just an object. And since it’s an object, it has Members that we can exploit. What are those Members? I’m glad you asked: $results | Get-Member 
My eagle-eyed readers will notice that the NoteProperties are the column headers in the CSV file. To get my feet below me I did a simple Select to get a few properties: $results | select "Definition Name",Version You can add any of the columns you want. Remember to put quotes around the columns with spaces in the name. $results | select "Definition Name","Subscription Name","List Title",Version,enabled Depending on how your PowerShell host is configured that might be wide enough that might switch from table to list. To get it back to table pipe it through Format-Table: $results | Select-Object "Definition Name","Subscription Name","List Title",Version,enabled,"Flow upgradability" | Format-Table –AutoSize 
This report has both SharePoint 2010 and SharePoint 2013 workflows in it. The current fire is around SharePoint 2010 workflows, so let’s just look at those: $results | Where-Object -Property version -EQ -Value "2010" | Select-Object "Definition Name","Subscription Name","List Title",Version,enabled,"Flow upgradability" | Format-Table -AutoSize That should give you a better picture of the Herculean task in front of you. There’s one final piece I want to show you, and that’s how to see which sites have the most workflows: $results | Where-Object -Property version -EQ -Value "2010" | Select-Object "Definition Name","List Title",enabled,"Site Url" | Group-Object -Property "Site Url" | Format-Table –AutoSize 
This will help you figure out where to focus your efforts between now and November 1st. Like I said at the beginning of this post, all of this and more is available in Excel and most of it has been done for you already in the Office 365 Classic workflow inventory.xlsx report that the SharePoint Modernization Scanner creates. But it’s a fun PowerShell exercise just the same. tk ShortURL: https://www.toddklindt.com/PoshWorkflowScan | | | Todd O. Klindt | 7/15/2020 11:59 AM | Office 365; PowerShell | 2 | | I have a OneNote file that is full of blog posts that seemed like a great idea at the time, but never saw the light of day for various reasons. Maybe I couldn’t research it as much as I wanted, maybe I couldn’t make it as thorough as I wanted, maybe I just got distracted by something shiny. This blog post is one of them. I was never confident enough to post this one, but given all the Workflow excitement, and a couple of customer requests I decided to dig in and get serious about it. So here it is, two years after I first took the notes for it. As an administrator, I find myself frustrated a lot by the lack, or at least lack of understanding on how to manage Flows and Power Apps. They never quite behave exactly like I want them to. One of the things that keeps coming up is being able to get a list of all of the Flows in a Tenant. This could be for licensing questions, migrating questions, or just plain curiosity. Whatever it is, it’s never as easy as I want it to be. Being the fanboy of PowerShell that I am, that’s where I looked. Without boring you with a lot of story part, I’ll show you the PowerShell I settled on. Get-AdminFlow | ForEach-Object { $user = Get-UsersOrGroupsFromGraph -ObjectId $_.CreatedBy.userId;[PSCustomObject]@{ FlowName = $_.DisplayName; OwnerName = $user.DisplayName ; OwnerEmail = $user.UserPrincipalName ; }; } Let’s break that down a bit. You’ll need to install the PowerApps and Flow for Admins module. Install the PowerApps and Flow for Makers module while you’re at it. If you don’t run Add-PowerAppsAccount and add your Tenant Admin account you’ll get prompted for authentication the first time you run Get-AdminFlow. Get-AdminFlow lists all of the Flows in a tenant, but not in the most user friendly way: 
So I cleaned it up a bit. Using ForEach-Object I walk through each Flow. I use Get-UsersOrGroupsFromGraph to get the Owner object. Then I create a PSCustomObject and populate it with the Flow’s DisplayName and the user’s DisplayName and UserPrincipalName properties. It looks like this: 
Making it an object is a little extra work as opposed to just spewing it onto the screen with Write-Host. But it’s worth the extra effort because I can send it down the pipeline and do more with it. For instance, I can easily pipe it out to a CSV file by appending | Export-Csv -Path .\Flows.csv –NoTypeInformation to the end. 
That seems a bit anticlimactic at first, but open up that CSV file and prepare to be amazed. 
If you want different information about each Flow, run Get-AdminFlow | Get-Member and see what other properties are exposed to you. Let me know if this helps and what else you’d like help with. tk ShortURL: https://www.toddklindt.com/POSHFindAllFlows Edit 7/15/2020 – Changed the PowerShell to be more efficient, but now it doesn’t match the screenshots. | | | Todd O. Klindt | 7/14/2020 10:25 AM | Office 365; Sharepoint | 3 | | Workflow Retirement Series TOC
Part 1 - SharePoint 2010 and 2013 Workflows Kaput in Office 365
Part 2 - Finding All the SharePoint 2010 Workflows in SharePoint Online
Part 3 - Find Only the Active SharePoint 2010 Workflows in SharePoint Online
Part 4 - Use PowerShell to Work with SharePoint 2010 Workflow Scan
In the last episode of “Oh my god, SharePoint Workflows are Going Away!!!” I covered how to find the SharePoint 2010 and 2013 Workflows that might be lurking about in your SharePoint Online environment. As I wrote that blog a big smile crept across my face. I figured this was going to solve everyone’s problem. I assumed I would be cheered as a hero, parks would named after me, the whole thing. Imagine my surprise when the response was, “That’s great Todd, but how can I tell which ones are actually being used?” No directions to the Todd Klindt Celebratory Highway or nothing. Ingrates!
After I dried my tears I did decided that question had some legitimacy to it, so I put pen to paper and wrote this blog post.
I was never much of a workflow guy, either on-prem or in SPO. But in the deep, dark recesses of my mind I did remember an on-prem issue where the “Workflow History List” would get huge and cause database issues. “Workflow History List” sounds promising. I wondered if SPO has such a beast. Sure enough, it does, and it seems to be exactly what we’re looking for.
Like the name suggest, it’s a List of the Workflow History. Since it’s a list it’s a child of a web, or the root web of a site. That list covers the Workflow History of the entire web or site. When you run the SharePoint Modernization Scanner from my previous blog post the ModernizationWorkflowScanResults.csv file lists all the Workflows in your tenant and which site (Columns A and B) that Workflow is in. It also shows when that Workflow was last edited (Column T) but not when it was last used. Fortunately we can take the URL in Column A, tack /lists/Workflow%20history/AllItems.aspx at the end of it and get which Workflows are being executed. Here is what we see in the report:
In my browser I pasted https://m365x541279.sharepoint.com/sites/SalesAndMarketing/lists/Workflow%20history/AllItems.aspx and I got a page like this:
From this I can tell that the “Create Home Schedule” Workflow is being used regularly and I need to find an alternate for it before November 1st, 2020. If a Workflow shows up in the Scan Results spreadsheet, but you can’t find it in the Workflow History List you probably don’t need to rewrite it. However, in the Workflow’s settings it is possible to assign a different list for that Workflow’s history.
Of course you won’t know that unless you look at every Workflow’s settings in SharePoint Designer, which sounds pretty tedious. I was able to whip up some PowerShell that looks for Workflow History lists:
Get-PnPList | Where-Object -Property BaseTemplate -EQ -Value "140" | Select-Object Title, @{Label="URL";Expression={$_.RootFolder.ServerRelativeUrl}}, BaseTemplate
You can run that against the sites that show up in the ModernizationWorkflowScanResults.csv file. If another list shows up there you’ll want to see which workflow is writing its history to that list. By default the Workflow History list is hidden in the UI, so you won't see it in the site's Site Contents page. You can unhide the list in SharePoint Designer, or my preferred method, PowerShell:
Set-PnPList -Identity "Workflow History" -Hidden $false
It’s also important to note that the Workflow History List purges entries over 60 days old. In this case that’s not a problem. Any Workflow that hasn’t been run in the last 60 days probably doesn’t deserve saving.
Look at all the time you just saved! More time to watch hamster videos on YouTube.
tk
ShortURL: https://www.toddklindt.com/FindActiveWorkflows
| | | Todd O. Klindt | 7/9/2020 2:53 PM | Office 365; SharePoint 2010; SharePoint 2013; Sharepoint | 11 | | Workflow Retirement Series TOC
Part 1 - SharePoint 2010 and 2013 Workflows Kaput in Office 365
Part 2 - Finding All the SharePoint 2010 Workflows in SharePoint Online
Part 3 - Find Only the Active SharePoint 2010 Workflows in SharePoint Online
Part 4 - Use PowerShell to Work with SharePoint 2010 Workflow Scan
By now you’ve probably seen Microsoft’s announcement that they’re going to remove SharePoint 2010 Workflows on November 1st, 2020. SharePoint 2013 Workflows aren’t too far behind. Not only did they not give us much time to rewrite these workflows in Power Automate, there aren’t any great ways to find out where they are in the first place. Since the beauty of SharePoint is how it empowers users to create, it’s likely that users are making workflows all over and admins have no exposure to it. Today I’m going to show you how to use the SharePoint Modernization Scanner (SMS) to find those Workflows that will soon be shown the door. The SMS is a general tool that helps people already in Office 365 to Modernize individual pieces of the platform. Workflow is one of those pieces. So while the tool wasn’t meant for exactly this scenario, it fits nicely.
To get started, download the SMS from the link on this page. It’s going to come down as an EXE, there’s no installation. I recommend copying it to its own location. When it creates its logs it creates them in the folder it was run from, and I’ve found it helpful to keep all of that in one place. In the screenshots in this blog post, I copied
SharePoint.Modernization.Scanner.exe to D:\SMAT. When you run the tool without any parameters it guides you through a UI Wizard. The first decision you have to make is how you’re going to authenticate against your tenant.
The default option is “Azure AD App Only” and it’s my recommendation that you go that route. You’ll notice there’s a very comfy looking “Username and password” option farther down the list. It’s tempting to go that route, as it’s much easier, but if you’re running the tool seriously in production, go to the extra work and create an App Registration for it. If there’s interest, I might do a blog post on that, too. It’s less scary than it seems. Here’s what my screen looked like all filled out.
The Application ID can be copied directly from the Overview page of the App Registration itself. The domain is the Azure AD domain, and it will most likely be a *.onmicrosoft.com address. This can be a bit confusing since we’re doing all of this in the context of SharePoint. It can feel like you should use tenant.sharepoint.com, but that won’t work. The App Registration is an Azure AD thing that happens to work with SharePoint. If you’re not sure what the correct Domain is, go to the Azure Active Directory Dashboard Overview page and find Primary Domain.
You will also need the PFX file for the certificate that was used for the App Registration, and the password for that cert.
After you’ve entered that hit Next. The next screen lets you choose which Site Collections you’ll be scanning. The environments I’ve run this on are small enough that I’ve been able to stick with the “Complete Tenant” option, but you can also choose them individually or feed the tool a CSV file. These options are handy if your tenant is large. You also need to enter your SharePoint tenant name in this screen.
The next screen is the whole reason we’re here, to scan those Workflows. The tool can find all manner of objects that can Modernized, and I encourage you to scan for all of them at some point, but I just chose Workflows to speed things along.
The final screen has some options. I always go with the defaults.
Hit “Start scan” and then anxiously await the report. It’ll look like this.
Maybe pop some popcorn. It might take a minute. Finally you’ll get this:
If you want to run it all from the command line like a hot shot, run this command with your own values in place of mine.
.\SharePoint.Modernization.Scanner.exe --azuretenant M365x541279.onmicrosoft.com --certificatepfx "d:\smat\SMAT App Reg.pfx" --certificatepfxpassword pass@word1 --tenant M365x541279 --mode WorkflowOnly --clientid a204b312-c2a9-4a47-861c-b0c874e8219a
If you're running version 2.14.0.0 or later you need to change the operation to WorkflowWithDetailsOnly. Starting in 2.14.0.0 WorkflowOnly gives fewer details about the individual Workflows. My 2.14.0.0 and later command line looks like this:
.\SharePoint.Modernization.Scanner.exe --azuretenant M365x541279.onmicrosoft.com --certificatepfx "d:\smat\SMAT App Reg.pfx" --certificatepfxpassword pass@word1 --tenant M365x541279 --mode WorkflowWithDetailsOnly --clientid a204b312-c2a9-4a47-861c-b0c874e8219a
It looks like this:
Once the scanner is finished it’ll drop a bunch of files into the folder listed above. Mine looked like this:
Since we only care about Workflows we can jump right into the ModernizationWorkflowScanResults.csv file and see where workflows are hiding out in our tenant. You may also want to give Errors.csv a once over just to see if everything went fine. Here’s my workflow report:
The report is pretty good. We can see I have two workflows, one 2010 and 2013. We can see which site and list they’re in. We can also see that the 2010 is published (Enabled) and the 2013 is only saved. If you go farther to the right there are also columns that indicate when it was changed last. Lots of good information there. At this point you’ll probably want to reach out to the site owner and have them verify if the Workflow is being used. You or they will have to connect with SharePoint Designer (still free) and start figuring out how to turn that workflow into a Flow.
I could end the blog post here. I’ve delivered the promised content, and did a fine job if I do say so myself. You’ve gotten your money’s worth.  I want to add one additional bit though. In that same report directory is Office 365 Classic workflow inventory.xlsx. That’s another Excel document with workflow information, but it uses a fancy Pivot Table to show it. You and I, we’re technical folks. The raw spreadsheet with sites and lists is what we wanted. But we likely have bosses (with or without pointy hair) and they like pictures. That’s where this last file comes in. Open up Office 365 Classic workflow inventory.xlsx and click “Enable” in the bar at the top. When you click Enable the spreadsheet will load the information from the ModernizationWorkflowScanResults.csv file and make it look all pretty.
That version will look better on a PowerPoint. You’ve got some filters to play with, really put some polish on it.
Hopefully this will help you chase down the SharePoint 2010 and 2013 Workflows in your Office 365 tenant. Let me know how it worked. You can leave a comment here, or reach out on Twitter at @toddklindt.
tk
ShortURL: https://www.toddklindt.com/FindO365Workflows
Edit (7/9/20): Edited to replace wrong tool name with SharePoint Modernization Scanner.
Edit (7/10/20): Edited to add command line syntax.
Edit (7/27/20): Edited to add the 2.14.0.0 and later command line syntax.
| | | Todd O. Klindt | 7/6/2020 9:37 PM | Office 365; SharePoint | 4 | | Workflow Retirement Series TOC
Part 1 - SharePoint 2010 and 2013 Workflows Kaput in Office 365
Part 2 - Finding All the SharePoint 2010 Workflows in SharePoint Online
Part 3 - Find Only the Active SharePoint 2010 Workflows in SharePoint Online
Part 4 - Use PowerShell to Work with SharePoint 2010 Workflow Scan
Hot off the presses! Today Microsoft announced the SharePoint 2010 workflow retirement in Office 365. They sort of buried it, but SharePoint 2013 workflows are meeting the same fate. Here’s a quick breakdown of the dates where stuff stops working:
| SharePoint 2010 workflows turned off for new tenants |
August 1, 2020
|
| SharePoint 2010 workflow turned off for ALL tenants |
November 1, 2020 |
| SharePoint 2013 workflow turned off for new tenants |
November 1, 2020 |
| SharePoint 2013 workflow turned off for ALL tenants |
TBD |
The following built-in workflows will also be removed; Approvals, Collect Feedback, Collect Signatures, Classic pages publishing Approval, and Three-state.
How do you know which workflow engine your workflows are using? It doesn’t really matter. They’re both going away. They should both be replaced with Power Automate flows. If you’ve been putting it off, now is the time to get on it. You do, however, need to know where all of these workflows are in your tenant. Microsoft has a tool, the SharePoint modernization scanner, that will search out classic workflows, among other things. It’s pretty painful tool to use, so I wouldn’t break it out late in the afternoon on Halloween. If I’m feeling sadistic, I may make a walkthrough of it. Once you have a good handle on where the workflows are being used in your tenant you can decide which ones to jettison, and which ones get to be reborn into flows.
Let me know what you think about it. Let me know how this impacts you. The July 15th, 2020 episode of Ask Sympraxis will cover this topic. Join us. It’s free. It’ll be a hoot, and worth every penny you spend on it.
tk
https://www.toddklindt.com/SP2010Workflows | | | Todd O. Klindt | 6/1/2020 3:34 PM | Office 365 | 0 | | Every couple of weeks me and my fellow Sympraxians get together on Wednesday for an open forum we call Ask Sympraxis. Anyone can get on and chat with us. We take questions to seed the discussion and then we all sit around and chat. If you’re not already attending, we’d love for you to join us. You can add it to your calendar, or you can just jump into the Teams meeting the first and third Wednesday of the month at 11:30 Central Time. If you want to get some free advice from us, or just talk about how great Marc’s hair is, stop by and say hello. tk ShortURL: https://www.toddklindt.com/AskSympraxis | | | Todd O. Klindt | 5/21/2020 11:26 AM | PowerShell; Office 365 | 0 | | I recently had a fun task come across my desk. A customer of mine has a large tenant, with a lot of Power Apps and a lot of Power App makers. They’re doing a tenant migration, and the Power Apps themselves will likely move over pretty easily. A lot of them are connecting to the tenant’s SharePoint site, and after the tenant move those SharePoint URLs are going kaput. The customer wanted to be able to find out which Power Apps were going to be broken so they could reach out to the owners to get them fixed. That’s where I, and my PowerShell prowess came in. I had whipped up some quick and dirty PowerShell for this customer before so they asked if I could work my magic with this. I have dabbled a bit with the Power Apps and Flow Power Automate PowerShell in the past, and while I found it… lacking, I figured this was something it could handle. Here is the PowerShell I eventually went with: Get-AdminPowerApp | ForEach-Object { if (Get-AdminPowerAppConnectionReferences -EnvironmentName $(Get-PowerAppEnvironment).EnvironmentName -AppName $_.AppName | Where-Object -Property ConnectorName -EQ -Value "shared_sharepointonline") {$_ | Select-Object DisplayName, @{Label="Owner";e={$_.Owner.displayName}},@{Label="Email";e={$_.Owner.userPrincipalName}}, AppName }} Here’s what it looks like when it runs: 
I have the following two Power Apps modules installed with these versions: 2.0.61 Microsoft.PowerApps.Administration.PowerShell
1.0.9 Microsoft.PowerApps.PowerShell (Full list of Office 365 PowerShell modules) You’ll get prompted to log in. The account will have to have the necessary permissions to enumerate all of the Power Apps in the tenant. I know what you’re thinking, “Todd, that’s amazing! Solid work! I hate to seem greedy, but, um, where is the URL of the SharePoint site the Power App is connecting to?” That’s a funny story, but the punchline is, there isn’t a way. At least not from the PowerShell modules we have today. Apparently the Center of Excellence Starter Kit has a way to get that information, but it’s a really big hammer for a nail this small. This will work for any of the Connectors. You can use the following PowerShell to see all Connectors that are in use: Get-AdminPowerAppConnection | Select-Object ConnectorName That will give you the value you need to search for with the Where-Object. If you’re looking for more ways to abuse Power Apps and Power Automate with PowerShell (so many Powers there) you can watch Shane’s so-so PowerShell for PowerApps and Flow video. It’s okay. I guess. In a pinch. Enjoy. tk ShortUrl: https://www.toddklindt.com/PoshFindPowerAppsConnectors | | | Todd O. Klindt | 4/17/2020 12:55 PM | Podcast | 0 | | | | | Todd O. Klindt | 4/14/2020 3:20 PM | Podcast | 0 | | | | | Todd O. Klindt | 4/10/2020 1:08 PM | Podcast | 0 | | | | | Todd O. Klindt | 4/1/2020 1:26 PM | Office 365; PowerShell; Speaking | 0 | | In these times of uncertainty and trouble we all need something to feel good about. You know what makes me feel good? PowerShell, that’s what. Tomorrow, April 2nd, at 11:30 CDT, I’ll be remotely presenting my fan favorite “PowerShell with Office 365” presentation for the Omaha SharePoint User Group. Even if you’re not quarantined in Omaha, I’d love for you to join me. I’ll be telling you how I use PowerShell and sharing scripts for you to quietly make fun of. Here is an ICS file to add the Teams meeting to your schedule. If you’re a crazy person and want to throw caution to the wind, here’s a direct link to the Teams meeting itself. Thanks to David and Amber at the Omaha SPUG for inviting me. I appreciate it. tk ShortURL: https://www.toddklindt.com/OmahaSPUGtalk2020 | | | Todd O. Klindt | 3/27/2020 1:52 PM | Podcast | 0 | | | | | Todd O. Klindt | 3/25/2020 4:44 PM | Tech Stuff; IoT | 4 | | With all of the working from home that’s going on, and all of the kids not going to school, it can be tough to keep the latter out of the former. In my continuing practice of making things more complicated than they need to be, I came up with a way for my kids to know they should not go down into the basement.
Come on down. And…
You shall not pass!
I posted those pictures on Facebook and a few friends asked me what I was using. It’s not as complicated as I’d like it to be, but it’s a work in progress. I can control it with an IR remote, an app on my phone, and with my digital assistant, Alexa. When I’m at my desk I only need to bark out, “Alexa, set busy lights to Red!” and she does.
I cobbled my solution together with parts I already had in “that damned box.” Since some of you don’t have that box (I feel so bad for you), here’s a link to a comparable package, Nexlux LED Strip Lights. If you want to put your own package together you’ll need three pieces; a power supply, a controller, and an LED light strip. You’ll find a nearly endless supply of combinations of those on Amazon. I used double-sided tape to stick the light strip to the door frame. The light strip has adhesive on the back, but my experience has shown that the heat from the LEDs degrades that adhesive pretty quickly.
I mentioned above that I have a few ways to change the light colors based on the controller I have. There is the included IR remote, the included app, and Alexa integration. Right now I don’t have any automation set up where the lights change based on my presence in Office 365 or my calendar. That may come later.
I was telling a friend of mine about this. He’s less inclined to nerd out on things like this. His loss. He thought he might just connect a string of Christmas lights up to a smart plug and get the same result. That would work too and would have all the same integration points depending on which smart plug you get. I have a few Wemo smart plugs from Belkin and they’ve treated me pretty well. They also integrate with IFTTT so I can have them flash a lamp when the garage door opens, fun things like that.
If this article was interesting, let me know. I’ll post some of my other home automation projects.
I've seen a couple of blog posts of people that have done this better than I have. Check out April Dunham's post on it and also Elio Struyf's.
tk
ShortURL: https://www.toddklindt.com/SmartBusyLight
| | | Todd O. Klindt | 3/25/2020 2:35 PM | Podcast | 0 | | | | | Todd O. Klindt | 3/24/2020 1:51 PM | Podcast | 0 | | | | | Todd O. Klindt | 3/23/2020 4:19 PM | PowerShell; Office 365 | 0 | | I recently was working on a customer project and I was trying to find the name of a certain SharePoint list item property. (Spoiler, it was “_ModerationStatus”) I knew it was hiding in the item’s FieldValues property, but I wasn’t sure where. To get you up to speed, here’s the PowerShell that got me to this spot: Connect-PnPOnline -Url https://m365x246038.sharepoint.com/sites/ContosoWeb1
(Get-PnPListItem -List "SitePages" -Id 5).FieldValues 
Not only is the list of FieldValues as long as my kids’ Christmas Lists, also like those lists, it’s not in alphabetical, chronological, numerical, or any other order I can conjure up. To say it’s random seems to be giving it more order than it really has. While I didn’t know exactly was the name of the property I did have a few ideas. Trying to find those random property names would make swimming upstream look like a piece of cake. Fortunately I’ve fought this battle before and I have the scars to prove it. I’m hoping I can save you all the pain I went through, over and over. The secret is the GetEnumerator() Method of the Hash Table. This got me what I was looking for: (Get-PnPListItem -List "SitePages" -Id 5).FieldValues.GetEnumerator() | Sort-Object -Property Key 
Isn’t that much better? Once you introduce .GetEnumerator() into the picture you can also get crazy with things like Where-Object, like this: (Get-PnPListItem -List "SitePages" -Id 5).FieldValues.GetEnumerator() | Sort-Object -Property Key | Where-Object -Property Key -Like -Value "*mod*" or (Get-PnPListItem -List "SitePages" -Id 5).FieldValues.GetEnumerator() | Sort-Object -Property Key | Where-Object -Property Value -Like -Value "true" 
Normally you would put the Where-Object before the Sort-Object so that the Sort has fewer items to churn through. While I did this in the context of a hash of SharePoint list item properties, it’s applicable to all PowerShell hash tables. Happy PowerShelling. tk ShortURL: https://www.toddklindt.com/PoshSortHashTables | | | Todd O. Klindt | 3/23/2020 9:52 AM | Podcast | 0 | | | | | Todd O. Klindt | 3/5/2020 2:28 PM | PowerShell | 0 | | | | | Todd O. Klindt | 2/20/2020 3:53 PM | Podcast | 0 | | | | | Todd O. Klindt | 2/19/2020 3:22 PM | Tech Stuff; Office 365; Windows 10 | 1 | | When Windows 10 came out I found out I had a pretty healthy dislike for the Edge browser that came with it. My dislike turned into public mocking and shaming. I was a Chrome man, like my father before me, and Edge had no chance of supplanting it as my browser of choice. No one liked Edge, probably not even Edge’s mother, and we all got a good chuckle at its expense.
And then Edge didn’t suck anymore.
In December of 2018 Microsoft announced that it was going to move to the Chromium engine for Edge. I remembered being pretty “Meh” about the announcement. It was confirmation of what I had always said, Edge was a stinker, and I was already using Chrome which was built on top of the Chromium engine, obviously, so what on Earth could Edge possibly offer me? I was about to find out.
Last year at Ignite Marc was telling me how he was using the Chromium Edge (henceforth affectionately referred to as ChrEdge) and he liked it. I asked him what was so great about it, besides it not being the crappy Edge. He slow played it and said “nothing much,” but that he enjoyed it. I kept my eye on it though. Considering how much work I do with Microsoft web technologies I had to. Plus I really like making fun of stuff, and if the first Edge was any indication, this Edge was going to find itself in my crosshairs too.
Then it grew on me.
The first thing I really liked about ChrEdge was not only did it have the profiles that I used constantly in Chrome, it allowed me to set up the Sync for those profiles with Microsoft accounts. That made my ears perk up. Most of my work is with Microsoft accounts and this made things a lot easier. I started using ChrEdge more and more each day.
And then it did the undoable, it made me hate Microsoft Teams less!
If there’s one new Microsoft technology I would complain about more than legacy Edge, it was Teams. I don’t want to get into all of my grievances here (it’s a long, long list, and this is a family friendly site) but I will highlight two of them. The Windows Desktop client is excruciatingly slow to switch tenants or identities, and in some cases it will disconnect you from a meeting if you do. Not cool, Teams, not cool. The other thing I hated was if you wanted to do two things at once it was difficult to navigate the interface to do that. For instance two chats, or heaven forbid, a chat and a meeting. And like I mentioned before, if those things were in two different tenants you had to wait for the context switching and your call would get hung up if you were on one. Teams wouldn’t come right out and kick you in the shin when you did it, but I’m sure that’s on the Teams roadmap somewhere.
One day, after a full complement of coffee, I’m sure, I got the bright idea to make the Teams experience suck just a little bit less by opening up the web client. I pointed ChrEdge at https://teams.microsoft.com/ and was able to experience the bliss that is being in a video call with Person A while chatting with Person B. I wasn’t saying anything about about Person A to Person B, I swear.
While I was poking around in ChrEdge I saw this new menu option I had never seen before, Apps. What is this? Chrome doesn’t have this! I clicked it and saw the option, “Install this site as an app!”
I’m the curious sort, I clicked it. Some whirring happened and the next thing I know there’s a new icon in my Taskbar.
The outlined icon, on the left, is the app that ChrEdge installed. The icon next to it is the regular Windows Teams Desktop client. You can see this web app looks like the real app, not like ChrEdge in the Taskbar. The icon is cool and all, but how does the app itself compare? Here’s a side by side comparison.
The ChrEdge web app for Teams is pretty good. In Red I highlighted a couple of the differences between the two. In the lower left the web app has a link to download the full app. Obviously the full app doesn’t have that.  The web app also has an extra title bar across the top, which honestly is usually the only way I can tell them apart during the day when I’m flittering about between them. That title bar has a three dot drop down menu that offers some browser specific goodies like printing, zooming, casting, and uinstalling. Nothing obvious is missing from the web app. In Green I highlighted a couple of pleasant similarities. In the upper right of the web app you can see that we can switch tenants just like the full app. This is handy if you are on a call in the full app and want to reply to an IM in another tenant. I also use this to maximize the video in a video call on one screen then have the chat window for that same video call in the web app on another screen. Finally, I was happy to see that the web client can also do audio and video calls just like the full app. Color me impressed Teams and ChrEdge, color me impressed. <slow clap>
Fresh off of this victorious life hack I started looking for that little “Apps” menu option in other Microsoft web apps. I found it in Outlook, OneNote, and OneDrive, among others. It popped up enough that I knew this wasn’t just a Teams or Office thing. Turns out it’s a web standard called Progressive Web Apps, PWAs. Many companies are taking part in this, not just Microsoft. Microsoft does, though, offer some guidance on making PWAs for Windows.
Since PWAs aren’t simply a Microsoft concoction you can find them all over the Internet. Wikipedia, Disney+, Amazon, and Slack among others have the option of installing a web based PWA.
You may be asking yourself why you’d want a PWA version of something that has a legit app. There are a few reasons. For one, you may be on a platform that doesn’t support the regular app, like a Chromebook or a machine running Windows S mode, like my Surface Go. Or, you just might not want to sully your machine with a big bulky download. Regardless of the reason, they’re worth a look. If you’re on Windows you can find the installed PWAs listed in the “Apps & Features” or at edge://apps in ChrEdge.
I indulged myself in a bit of a PWA sidetrack there. Thanks for sticking around. Long story short, the PWA version of Microsoft Teams in ChrEdge, was a game changer. It made me more productive and lowered my blood pressure by a considerable amount.
tk
ShortURL: https://www.toddklindt.com/ChrEdgeTeams | | | Todd O. Klindt | 2/19/2020 2:15 PM | Podcast | 0 | | | | | Todd O. Klindt | 2/18/2020 8:37 AM | Podcast | 0 | | | | | Todd O. Klindt | 2/14/2020 11:14 AM | Podcast | 0 | | | | | Todd O. Klindt | 1/16/2020 5:21 PM | Office 365; Sharepoint; PowerShell | 0 | | The cat is out of the bag and I’m glad I can talk about it. This picture is worth at least 9 or 10 words:
The mighty SharePoint Conference is May 19-21, 2020 at the MGM Grand in Las Vegas.
I’m doing two sessions, PowerShell, a Microsoft 365 Admin's Best Friend and Automating and Standardizing Site Creation with Site Designs and Site Scripts. Both will be amazing, I’m sure.
If you haven’t signed up for SPC yet, first, shame on you! Second, there are still spots. You can sign up here. To really put a bow on that SPC registration, you can use discount code “Sympraxis”. For that, you get $50 off of the already reasonably priced admission, and the eternal love and adoration of the entire Sympraxis gang. Except maybe Mike, he’s a bit prickly. We’re working on him. Marc and Julie are also presenting sessions, so as long they don’t conflict with mine.
Derek and Emily will also be there, so say Hi to them if you see them.
See you there,
tk
ShortURL: https://www.toddklindt.com/SPC20Yippee | | | Todd O. Klindt | 1/8/2020 5:05 PM | Office 365 | 4 | | In two previous blog posts I cover how to easily connect to Office 365 with multiple accounts in PowerShell, and in Chrome. Those techniques still work great and I use them daily.
Microsoft will soon be releasing a new version of the much maligned Edge Browser. The new version will be based on the Chromium engine, and along with that it inherits some great functionality. One of those features is Profiles. This means all of the techniques you use in Chrome to manage your Office 365 users works exactly the same. If you are already running the Chromium Edge (lovingly referred to as “ChrEdge”) beta, you can go to this page, edge://settings/profiles, to manage the Profiles, or click the Profile icon in the upper right corner of the browser.
An added benefit of Microsoft’s added touch to the Chromium Profile engine is that you can sync settings with an MSA (Microsoft Account) account like your old school @hotmail.com account. You can also sign in with an Azure AD account, which we all have courtesy of Office 365. I’ll blog more about that later as it’s a feature I’m really excited about.
tk
ShortURL: https://www.toddklindt.com/ChrEdgeProfiles | | | Todd O. Klindt | 11/18/2019 5:42 PM | PowerShell; Office 365 | 0 | | I’ve recently been working with a customer migrating some content from one SharePoint Online Site Collection to another. They have a lot of content, so automating the migrations with PowerShell was really the only we’d be able to get all of their content migrated before we died of old age. Part of what they wanted migrated over was the custom views they had in their Document Libraries. A couple of extra columns here, a grouping there, nothing too complicated. I fired up PowerShell (really VS Code) and started noodling. Whenever I’m trying something new in PowerShell I have a standard process. I do a Get-Command to see if there’s a cmdlet that does what I need. In this case there were four cmdlets that piqued my interest, Add-PnPView, Get-PnPView, Remove-PnPView, and Set-PnPView. The process seemed super easy, do a Get-PnPView on the source View, gobble up all the details, then spit them back into Add-PnPView on the other site collection. Easy Peasy. Until it isn’t. Here’s what the view looked like, roughly. 
I didn’t do much to it. I added a couple of columns, Created By and File Size and set the view to group by Created By. Pretty standard stuff. Here’s what Get-PnPView told me about said view: 
I can see the columns I added in the ViewFields property, but there’s no sign of the grouping anywhere. Knowing what I know about SharePoint I know that information is stored in a Query, but the ViewQuery property is conspicuously empty. What gives? The PnP, in an effort to be efficient, doesn’t download all of the property values for the objects we get. It downloads the schema, and then a subset of the properties that it thinks you’re most likely to use. What’s a fella to do if the thing you need is not in the PnP’s favorite list of properties? You break out one of the PnP’s overlooked gems, Get-PnPProperty. 
Here’s the code for it all: Connect-PnPOnline -Url https://toddklindt.sharepoint.com/sites/8884aced -Credentials Me
Get-PnPView -List Documents
Get-PnPView -List Documents -Identity 3c4126aa-d2fe-4b57-9a70-e03ebb9c76ef
$view = Get-PnPView -List Documents -Identity 3c4126aa-d2fe-4b57-9a70-e03ebb9c76ef
$view
$view | select *
$view.ViewQuery
Get-PnPProperty -ClientObject $view -Property ViewQuery
$view.ViewQuery
$view
$view | select * Not only does Get-PnPProperty get the value of the Property, but it also populates the property in the variable. If you’re getting a collection of objects and need to pull one property for each of them it looks like this: Get-PnPView –List Documents
$viewlist| ForEach-Object { Get-PnPProperty -ClientObject $_ -Property ViewQuery, ListViewXml } That hydrates the ViewQuery and ListViewXml property for all of the objects in $viewlist. 
It snuck some other properties in too, but I don’t mind. In this case I was using the View object, but this method is necessary for any PnP object. In the past I’ve had to use it with PnPFile and PnPLists. Sometimes the PnP gives you an error message telling you you need to get the property value, sometimes it’s just empty and you have to know. Either way, it’s worth trying to get the property’s value with Get-PnPProperty. tk ShortURL: https://www.toddklindt.com/PoshGetPNPProperty | | | Todd O. Klindt | 10/31/2019 3:24 PM | PowerShell; Office 365 | 0 | | I was recently dealt a fun task from a customer. They had a site in SharePoint that had a few links in the Quick Launch (left nav, quick nav, whatever) and they wanted to copy the Quick Launch from another site to it. They wanted to keep the existing links below the new ones. Here are some pictures to help it all make sense: I want to copy these links: 
and put them on top of these links on another site. 
Of course I immediately thought of your friend and mine, the PnP PowerShell for this task. Sure enough, there are cmdlets for that, Get-PnPNavigationNode and Add-PnPNavigationNode. Just what the doctor ordered. Add-PnPNavigationNode is pretty basic and I had to work a bit to get exactly what the customer wanted. When you add a Navigtation node with Add-PnPNavigationNode it puts it at the end of the list, which makes sense. You can also throw the switch parameter, –First, to put it at the top. In most situations that probably is fine, but mine was tricky. I didn’t want to put the copied nav nodes at the end, I wanted the existing ones to stay there. I also couldn’t just add them all as –First because then they would end up at the top, but in backwards order. When I get the old nav nodes with Get-PnPNavigationNode it returns them in their correct order, so as I walked through them with Foreach the first one would be added on top, but then the second one, also with the –First switch, would end up on top, and so on. Enter [array]::Reverse. The Array class in PowerShell has quite a few tricks up its sleeve in the form of operations, and Reverse is one of them. If you want to see the rest, go to this page, or type [array]:: in a PowerShell host and tab through the list. It’s quite impressive. Here’s what my code looked like: $oldsiteurl = “https://contoso.sharepoint.com/sites/8884aced”
$newsiteurl = “https://contoso.sharepoint.com/sites/PublicTest”
$oldsite = Connect-PnPOnline -Url $oldsiteurl -Credentials Compliance -ReturnConnection
$newsite = Connect-PnPOnline -Url $newsiteurl -Credentials Compliance –ReturnConnection
$oldnavlinks = Get-PnPNavigationNode -Location QuickLaunch -Connection $oldsite [array]::Reverse($oldnavlinks) # <-- The magic goes here foreach ($link in $oldnavlinks) {
Add-PnPNavigationNode -Location QuickLaunch -Title $link.Title -Url $link.Url -First -Connection $newsite -External
} There’s a lot of foundation there, but you can see where the Array reversal fits in. Here’s how it looked when I ran it: 
And here’s what it looked like after I ran it: 
There’s a lot more tweaking I can do, like make sure “Home” is still on top, stuff like that, but finding Reverse was an important step in the beginning. tk ShortURL: https://www.toddklindt.com/PoshReverseArray | | | Todd O. Klindt | 10/28/2019 10:39 AM | Podcast | 0 | | | | | Todd O. Klindt | 10/25/2019 9:11 AM | Podcast | 0 | | | | | Todd O. Klindt | 10/23/2019 3:46 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/23/2019 11:31 AM | Podcast | 0 | | | | | Todd O. Klindt | 10/21/2019 5:26 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/18/2019 3:17 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/18/2019 1:48 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/17/2019 8:57 PM | Podcast | 2 | | | | | Todd O. Klindt | 10/16/2019 1:36 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/16/2019 10:22 AM | Podcast | 0 | | | | | Todd O. Klindt | 7/8/2019 8:40 AM | PowerShell | 2 | | PowerShell does a pretty good job handling dates and times due to its good foundation with .NET and its focus on being cool to use PowerShell users. For basic DateTime formatting the help for Get-Date shows some great, easy to use examples. help Get-Date –Examples 
There’s –Format, –UFormat, and –DisplayHint, and those are all before we get to the flexibility that is .tostring(). There’s a lot of options, sometimes it’s too many options. Sometimes trying to string together exact combination of time and date information I’m looking for is a lot of work. Once again, PowerShell is there for me in the form of .GetDateTimeFormats() (Get-Date).GetDateTimeFormats() It lists out a collection of precanned DateTime formats you can select from: 
You can use one of those formats just by selecting its index number: 
That’s the good news. The bad news is that you have to specify which number you want, and there are 133 formats in the list. If the one that really tickles your fancy is #87 you have to count the lines until you get to it. Until now. I had danced this dance a few times, squinting to find that just perfect DateTime format I was looking for and counting the lines leading up to it. Then I put my PowerShell mojo to good use and came up with this little gem: (Get-Date).GetDateTimeFormats() | foreach {$I = 0} { Write-Host "$I - $_" ; $I++ } Edit 7/9/2019 A helpful reader suggested this even shinier gem: (Get-Date).GetDateTimeFormats() | foreach-object -begin {$I = 0} -process {[pscustomobject]@{Index = $I;Value = $_}; $I++ } This lists each format, along with its index number. 
Once you’ve found the format of your dreams you can look to its left and see what its index is. (Get-Date).GetDateTimeFormats()[27] 
If you want to use it with a variable instead of Get-Date, it looks like this: 
Now you have no excuses for getting exactly the DateTime format you want. tk ShortURL: https://www.toddklindt.com/PoshFormatDateTime | | | Todd O. Klindt | 7/2/2019 8:16 AM | Office 365; Sharepoint | 2 | | Another July 1st, another nervous couple of weeks. Fortunately the news this year was good, I was renewed.  Microsoft’s MVP Program is a way that they reward non-Microsoft folks for the contributions they’ve made to the community over the last year. I’ve done enough over the last year to meet that high bar, which is something that I’ve aspired to every year since 2006 when I got my first MVP award. Being in the MVP Program has been great for me. I have learned so much and made some great lifelong friends. It has been lifechanging. Congratulations to the other renewed and newly awarded MVPs. tk ShortURL: https://www.toddklindt.com/2019MVPAward | | | Todd O. Klindt | 7/1/2019 9:49 AM | Office 365; PowerShell | 2 | | A few months ago I wrote one of my favorite blog posts, Connecting to Office 365 with Multiple Accounts in PowerShell without Losing Your Damned Mind and I think it’s safe to say that no damned minds have been lost connecting to multiple Office 365 tenants since. A lesser man might have stopped there. He might have felt his mark on the world was made and he might just bask in the glory of all of that love and adoration. Not this guy. Today, I present you an even better way to connect to Office 365 with multiple accounts in PowerShell without losing your damned mind and without loading any additional modules!* *(as long as you already have the PnP PowerShell module installed, that is) Between that fateful day and today the delightful folks that work on the PnP PowerShell module have added three cmdlets that work with Stored Credentials, Add-PnPStoredCredential, Get-PnPStoredCredential, Get-PnPStoredCredential. 
While the PnP cmdlets themselves have been able to pull credentials directly out of the Credential Store you still needed an external module to pull credentials out for use with other modules, namely the Azure AD and MSOnline modules and the SharePoint Online module. I previously met that need with the Credential Manager module. Let’s see how it looks. Use the Get-PnPStoredCredential cmdlet to retrieve a stored credential by name. I’ve only had it work if I specify the –Type parameter with the PSCredential value. $creds = Get-PnPStoredCredential -Name MODAdmin -Type PSCredential You can output the $creds object to make sure it it grabbed the account you expected. Then you can pass that object to another cmdlet, like Connect-AzureAD and use it to authenticate. Connect-AzureAD -Credential $creds Here’s how it looks. 
I haven’t loaded the Credential Manager module since the stored credential cmdlets showed up in the PnP Module. I already have the PnP module installed everywhere, so it seems unnecessary. Happy Credential Storing. tk ShortURL: https://www.toddklindt.com/PoshMultipleAccountsPnP | | | Todd O. Klindt | 6/17/2019 8:52 AM | Office 365; SPDocKit | 0 | | | | | Todd O. Klindt | 6/4/2019 4:41 PM | Podcast | 0 | | | | | Todd O. Klindt | 6/4/2019 2:42 PM | Podcast | 0 | | | | | Todd O. Klindt | 5/13/2019 1:35 PM | | 0 | | I can’t believe it’s almost here! The SharePoint Conference 2019 is next week in Las Vegas. If you’re going to be there, and you’d like to hang out here are a couple of events I’ll be at: Monday May 20th - SharePoint Administrator Day Camp – That joker Shane and I are doing an all-day workshop on SharePoint Administration. There are still seats available. ($500 on top of regular conference registration) Tuesday May 21st 10:45 – 11:30 – SysKit Q&A at the SysKit Booth – I’ll be hanging out with my buddies at SysKit chatting about how great Office 365 is, how great the SysKit product line is, and how much we all like chocolate. Swing by, say hi and get some swag. I’ll also be wandering around spreading good cheer. If you want to catch up email me or tweet me @toddklindt. See you next week. tk ShortURL: https://www.toddklindt.com/SPC2019Meetup | | | Todd O. Klindt | 5/10/2019 10:48 PM | PowerShell | 3 | | One of the great things about PowerShell is how easy it is to extend it with modules. The only thing greater is all the modules that are out there. I have a bunch that I use on a daily basis, I couldn’t live without them. But in today’s rapid development cycle it’s easy to get behind on your favorite modules. I wrote this blog post to help people keep up with the Office 365 related PowerShell modules I use, but from what I understand there are other technologies out there with their own suite of modules that people want to keep up with. To help those folks out, I thought I’d share how I keep up to date with my favorite modules.
This method only works with modules that are installed from a repository. If a module has been installed some other way, like with an MSI or EXE you’re out of luck.
The key to this magic is a group of cmdlets that deal with modules, particularly Find-Module and Update-Module. That’s why it only works with modules installed from a repository with Install-Module. To find the relevant cmdlets run:
Get-Command -Noun module
and
Get-Command -Noun InstalledModule
Here’s how I stitch them together to get a list of modules that have updates:
Get-InstalledModule | foreach { $b = (find-module $_.name).version ; if ($b -ne $_.version) { Write-host "$($_.name) has an update from $($_.version) to $b" } }
Let’s break that down.
Get-InstalledModule
Gets all of the modules that have been installed from a repository.
| foreach
Pipes them all l through a foreach loop.
$b = (find-module $_.name).version
Grabs the current published version of the module in the loop.
if ($b -ne $_.version)
Checks to see if the published version is the same as the Version property of the installed module.
{ Write-host "$($_.name) has an update from $($_.version) to $b" }
If they are not equal, it writes out the module name, the installed version, and the current published version.
It looks like this:
In screenshot I ran Get-InstalledModule to show its full output, then the full command and its output.
Now we know which modules can be updated. We can update an individual module like this:
Update-Module SharePointPnPPowerShellOnline –Force
That will update the SharePointPnPPowerShellOnline module and won’t yell at us because it’s replacing an existing one. If the module has been installed with the “AllUsers” scope (the default) you’ll need to run the Update-Module cmdlet in an Administrator prompt.
Now if I run my command it will not report that that the SharePointPnPPowerShellOnline module has an update.
It would be easy to replace the “Write-Host…” part of the command with “Update-Module $_.name” and have it update them automatically. I didn’t do that mainly because the PowerApps modules’ install is a little hinky and requires some extra handholding. If you don’t have them installed, or you want to upgrade them manually first, you could have the command update them automatically.
I hope you’ve found this helpful.
tk
ShortURL: https://www.toddklindt.com/PoshUpdateModules | | | Todd O. Klindt | 5/8/2019 9:09 AM | Podcast | 0 | | | | | Todd O. Klindt | 5/6/2019 3:08 PM | Podcast | 0 | | | | | Todd O. Klindt | 4/24/2019 2:12 PM | | 0 | | | | | Todd O. Klindt | 4/22/2019 9:37 AM | Podcast | 0 | | | | | Todd O. Klindt | 4/10/2019 8:33 AM | Podcast | 0 | | | | | Todd O. Klindt | 4/1/2019 3:00 AM | Office 365; PowerShell | 8 | | | | | Todd O. Klindt | 3/27/2019 8:13 AM | Podcast | 0 | | | | | Todd O. Klindt | 3/25/2019 9:11 AM | | 0 | | When Microsoft introduced Office 365 Groups, (also known as “Unified Groups” and “What? more Groups??”) a few years ago there was much confusion. The name is confusing, as there are already about 16 different kinds of groups in the Windows and Office 365 world, and what they do is even more confusing, if that’s possible. On April 16th I’ll be doing a free Webinar with the folks at SysKit where I’ll explain what Groups are, how best to use them, and I’ll even throw in some administrative goodies at no extra charge. You can register here for the webinar. The webinar itself is free. If you want to heckle, that costs an extra $10. I hear it’s money well spent.  tk ShortURL: https://www.toddklindt.com/SysKitGroupsWebinar | | | Todd O. Klindt | 3/12/2019 5:40 PM | Podcast | 0 | | | | | Todd O. Klindt | 3/5/2019 4:19 PM | Podcast | 0 | | | | | Todd O. Klindt | 3/4/2019 11:02 AM | Podcast | 0 | | | | | Todd O. Klindt | 2/20/2019 4:28 PM | Podcast | 0 | | | | | Todd O. Klindt | 2/18/2019 2:54 PM | Podcast | 0 | | | | | Todd O. Klindt | 2/5/2019 4:33 PM | Podcast | 0 | | | | | Todd O. Klindt | 1/28/2019 2:06 PM | Podcast | 0 | | | | | Todd O. Klindt | 1/28/2019 8:28 AM | Podcast | 0 | | | | | Todd O. Klindt | 1/22/2019 8:30 AM | | 0 | | Here in the US there is currently a government shutdown and a lot of workers are furloughed. One of them recently reached out to me with resume, looking for some work to tide him over until he can go back to work. This got me thinking about what I could do to help. Sadly, not a lot. I can, though, offer some training or consulting to IT workers that have suddenly found themselves with some time on their hands. If you’re a furloughed US Government worker, and would like one hour of free SharePoint, Office 365, or PowerShell training, or just want to hang for an hour, email me at furlough@toddklindt.com. We’ll work out a time and some topics. Now, hopefully this will all be resolved soon and no one will be able to take me up on my offer.  tk ShortURL: https://www.toddklindt.com/Furlough | | | Todd O. Klindt | 1/9/2019 4:42 PM | Podcast | 0 | | | | | Todd O. Klindt | 1/8/2019 2:48 PM | | 0 | | | | | Todd O. Klindt | 1/4/2019 11:37 AM | PowerShell | 0 | | I recently had to do some testing for a customer on a Windows 10 machine whose primary language was not English. I, having lived in the midwest United States my entire life, do not speak any other languages fluently. The customer anticipated this and sent along a very thorough set of directions, complete with pictures, of how to switch the language to English for me. Very kind of them indeed. As I looked through the directions the thought occurred to me, “I’ll probably need to do this a few times. I wonder if I can automate it. I bet I can! PowerShell to the rescue!” Here’s the TL;DR of what I ran: Set-Culture en-US
Set-WinSystemLocale en-US
Set-WinHomeLocation 0xF4
Set-WinUILanguageOverride en-US logoff None of it takes place until you log back in, so I added the logoff at the end. With PowerShell, knowing the answer is good, but knowing how to get the answer is even better. One of my friends, Jeff Hicks, always does a good job explaining the process of find things in PowerShell, so I thought I’d do that here. I had the steps, in UI form, so I didn’t need to figure that out. There were 4 things that needed to be changed. I just needed to figure out how to make those changes with PowerShell. I went to a PowerShell prompt and typed: Get-Help language hoping PowerShell could nudge m in the right direction. I got this back: 
It wasn’t exactly what I needed, but it did show me there was a module, International, that was probably a good place to start. And knowing that I needed to change things, I was mostly interested in the Set cmdlets. There were also a couple of good help topics, about_Language_Keywords and about_Language_Modes that I could reference if I got stuck. My next step was to see what other cmdlets were in the International module. I did that with Get-Command -Module International. That filled in the blanks for me. 
For the pieces that didn’t obviously connect to the pictures I had from the customer’s instruction I had some Get cmdlets above to poke around and try to match values. My next hour or so consisted of running the different Get cmdlets and figuring out where the current setting was so I could use the appropriate Set cmdlet to change it. I made liberal use of the help cmdletname –examples paradigm to figure out what the parameter values should be. After I was finished and was searching to see if I was right I found this Technet article, How to change display language in Windows 10, that confirmed what I was doing was correct. My script is laser focused on what I was doing, that one is more useful and generic. If you want to understand this more, read through that script. That’s all there was to it. I can’t reboot the client machine but all of these changes have persisted multiple logouts. I did also have to use the CHCP command to change the code page of the PowerShell window. That did not persist across logins. I think there’s a way to set the default code page in the Registry, but I haven’t chased that down yet. tk ShortURL: https://www.toddklindt.com/PoshChangeLanguage | | | Todd O. Klindt | 1/2/2019 9:23 AM | | 1 | | OneDrive and PowerShell. They remind me of that song, My Favorite Things. Though I’m not sure which I like more, PowerShell or whiskers on kittens. It’s a close call. I write a lot of little PowerShell scripts to help me get through the day, and often those scripts fiddle with files that are being synced with OneDrive. In a few cases, if the file is large enough, my PowerShell script will fail because OneDrive will lock the file while it’s syncing it. Both responses are totally understandable. I want PowerShell to stop if it can’t sync a file, and I want OneDrive to sync files when I expect it to. I could, and I have in some cases, written a bunch of PowerShell to check the lock status of a file, to deal with the locking issues that OneDrive creates, and so on. It’s tedious though, and honestly I’m not very good at it. That’s where you all come in… What I really want, nay, need, is a way to pause OneDrive sync while I’m messing with files I know it will lock when syncing. I need two things, Stop-OneDriveSync and Start-OneDriveSync. That’s it. I asked Santa for them for Christmas, but all I got was socks. So I took the next step, I whined on Twitter. Someone, suggested I create a UserVoice for it. I thought that was pretty solid advice, so I did. Pause Syncing with PowerShell What I’m asking from you, is if you too would like to be able to start and stop OneDrive syncing from PowerShell, please vote up the UserVoice. Here it is again in case you missed it.  Pause Syncing with PowerShell I’ll be keeping an eye on it, and I’ll know if you voted! Thanks in advance. tk ShortURL: https://www.toddklindt.com/PoshPauseOneDrive | | | Todd O. Klindt | 12/27/2018 3:23 PM | Podcast | 0 | | | | | Todd O. Klindt | 12/27/2018 3:16 PM | Podcast | 0 | | | | | Todd O. Klindt | 12/18/2018 3:46 PM | PowerShell; Office 365 | 0 | | Office 365 Groups, or “Unified Groups” to their friends, have been a confusing Office 365 feature from an administrative perspective for as long as they’ve been around. Users can create them all willy-nilly (unless you disable that), the SharePoint sites they create don’t show up in the SharePoint Admin Center (until you use the new one), the list goes on and on. Another frustrating part of Groups is that you can’t do any nesting, of any kind. You can’t put a Unified Group in an Azure AD Security Group, or vice versa. You can’t put a SharePoint Group in a Unified Group either. Because of these limitations it’s very tough to reuse group membership. You can’t create an HR Azure AD Security Group and drop it into the HR Benefits Unified Group or the HR Hiring Unified Group. Now, the obvious question is, “If these two Unified Groups have the same membership why are they two groups instead of one?” Good question, fair reader. Sometimes it just works out that way. Sometimes the AD Security Group would only be a subset of the users in the Unified Group in question. Regardless, this question came up on a customer call and I was challenged to find a way to ease the administrative burden of manually adding the same users to multiple Unified Groups. What was my answer, “Of course I can do it, with PowerShell!” Sometimes I answer without thinking first. I had used the PnP PowerShell in the past to get a list of all of the Unified Groups in a tenant, so I was pretty sure it could be done. I whipped out Get-Command and listed all the cmdlets that contained the noun “UnifiedGroup.” Get-Command -Noun *unifiedgroup* That exposed two cmdlets I’d need: Get-PnPUnifiedGroupOwners and Get-PnPUnifiedGroupMembers. That’s good. But there were no corresponding “Set” cmdlets. That’s bad. Normally this is where I’d panic. Instead, I took a deep breath and instead of panicking, I typed Get-Command -ParameterName members. Low and behold, Get-Command blessed me with New-PnPUnifiedGroup and Set-PnPUnifiedGroup. We retrieve the list of Members with Get-PnPUnifiedGroupMembers but we set them with Set-PnPUnifiedGroup –Members. Not totally consistent, but I can work with that. From past experience I knew I had to be connected to the Microsoft Graph to use the Unified Group cmdlets, so I authenticated against the Graph so I could start poking around. Connect-PnPOnline –Graph If you haven’t connected to the Graph before, hold onto your hats. It’s different than what you’re used to. You’ll be given a code to register with the Graph that allows the PnP to query it. It feels weird, but everything is working correctly. Once I was connected to the Graph I ran Get-PnPUnifiedGroupMembers to see what the output looked like. It gave me back a collection of objects that corresponded to the users that were members of that Unified Group. Fair enough. 
We can store them in a variable for use later. Now, how do we assign membership? help Set-PnPUnifiedGroup –Examples didn’t provide a lot of help. It only showed adding a single Owner. But it did show me that the cmdlet was expecting the parameter to be a string, and that string needed to be the UPN of the user I wanted to add. I can work with that too. The mechanics of saving out the list of users and owners and assigning them to another group was a little tricky, but not bad. I walked through the output of Get- and wrote the UPNs of each object to a new collection that I would then pass on to Set-. It looks like this: $members = Get-PnPUnifiedGroupMembers -Identity $source $members | ForEach-Object -begin {$memberlist = @() } -process {$memberlist += $($_.UserPrincipalName) } Set-PnPUnifiedGroup -Identity $destination -Members $memberlist -Owners $ownerlist The only sticking point was that doing it that way would overwrite whatever Members or Owners the Destination Group already had. To handle that I created a boolean variable, $mergeusers, that I could set to $true or $false depending on whether I wanted to clobber the existing users or not. If I did not want to clobber them I used the following code to merge the current Members of Destination with the Members of Source: $membersDest = Get-PnPUnifiedGroupMembers -Identity $destination $members = $members + $membersDest Then later when I write the users in $members to the Destination Group it has both sets of Members. I added some very, very simple error handling so that another human has a chance of running it. This is what I ended up with: # Set some values
# use Get-PnPUnifiedGroup to get Unified Group names
# Name of Unified Group whose owners and membership we want to copy
$source = "Regulations" # Name of Unified Group whose owners and membership we want to populate
$destination = "Empty" # Whether to overwrite Destination membership or merge them
$mergeusers = $false # Check to see if PnP Module is loaded
$pnploaded = Get-Module SharePointPnPPowerShellOnline
if ($pnploaded -eq $false) {
Write-Host "Please load the PnP PowerShell and run again"
Write-Host "install-module SharePointPnPPowerShellOnline"
break
}
# PnP Module is loaded # Check to see if user is connected to Microsoft Graph
try
{
$owners = Get-PnPUnifiedGroupOwners -Identity $source
}
catch [System.InvalidOperationException]
{
Write-Host "No connection to Microsoft Graph found" -BackgroundColor Black -ForegroundColor Red
Write-Host "No Azure AD connection, please connect first with Connect-PnPOnline -Graph" -BackgroundColor Black -ForegroundColor Red
break
}
catch [System.ArgumentNullException]
{
Write-Host "Group not found" -BackgroundColor Black -ForegroundColor Red
Write-Host "Verify connection to Azure AD with Connect-PnPOnline -Graph" -BackgroundColor Black -ForegroundColor Red
Write-Host "Use Get-PnPUnifiedGroup to get Unified Group names" -BackgroundColor Black -ForegroundColor Red
break
}
catch
{
Write-Host "Some other error" -BackgroundColor Black -ForegroundColor Red
break
} $members = Get-PnPUnifiedGroupMembers -Identity $source if ($mergeusers -eq $true) {
# Get existing owners and members of Destination so that we can combine them
$ownersDest = Get-PnPUnifiedGroupOwners -Identity $destination
$membersDest = Get-PnPUnifiedGroupMembers -Identity $destination # Add the two lists together so we don't overwrite any existing owners or members in Destination
$owners = $owners + $ownersDest
$members = $members + $membersDest
} # Set the owners and members of Destination
$owners | ForEach-Object -begin {$ownerlist = @() } -process {$ownerlist += $($_.UserPrincipalName) }
$members | ForEach-Object -begin {$memberlist = @() } -process {$memberlist += $($_.UserPrincipalName) } Set-PnPUnifiedGroup -Identity $destination -Members $memberlist -Owners $ownerlist Feel free to pick through that for any nuggets that might help you. Happy copying. tk ShortURL: https://www.toddklindt.com/PoshCopyO365GroupMembers | | | Todd O. Klindt | 12/18/2018 2:21 PM | Podcast | 0 | | | | | Todd O. Klindt | 12/11/2018 5:39 PM | Office 365; PowerShell | 11 | | Quite often as a consultant, you get to work on truly fun and funny situations. The customer email that prompted this blog post is one of them.
My contact at the customer site emailed with a problem. A few weeks earlier one of their users deleted some pictures from one of their document libraries. Okay, not a few pictures, nearly 100,000 of them. And not only had that user deleted nearly 100,000 items, they hadn’t told anyone for 3 weeks, while they tried to upload the pictures they still had locally. I know what you’re saying, this is a job for the Recycle Bin! And you’re right, it is, but the other factors made it complicated. They couldn’t just restore all of the files in the Recycle Bin as there were also 3 weeks’ worth of legitimately deleted documents in there, including documents from that user. Also, since the user had re-uploaded a bunch of the deleted documents there would be “overwrite” prompts all over that would slow down the process. And let’s not forget that even if it all went smoothly, someone would have to manually restore nearly 100,000 files. No easy feat.
The customer talked to me because they wanted to share the story (it was a big funny after the fact) but also because they knew I always said that PowerShell could do anything. They were hoping PowerShell could bale them out of this mess too. I don’t mean to spoil the end of this story, but they were right, it could.
My tool of choice when it comes to making magic in Office 365 is the PnP PowerShell. I had never done this before, so I had to do a bit of spelunking. I ran Get-Command *recycle* -Module SharePointPnPPowerShellOnline to see what PowerShell cmdlets availed themselves to me. Looky, looky, there it is, Restore-PnPRecycleBinItem. Did you just hear angels sing? I know I did.
Now we needed to weave a little PowerShell magic. We couldn’t restore all of the deleted files, since other folks had legitimately deleted files in the meantime. We also only wanted to restore .JPG files that this user had deleted. Here’s command that got the files we needed:
Get-PnPRecycleBinItem | Where-Object -Property Leafname -Like -Value "*.jpg" | Where-Object -Property Dirname -Like -Value "Shared Documents/*" | Where-Object -Property DeletedByEmail -EQ –Value shane@tkdemo.com
That returned all the files, now what to do with them? Restore them, of course. This bit of code grabs all the files, counts them as it restores them, then spits out the time and date when it’s done.
$bin = Get-PnPRecycleBinItem | Where-Object -Property Leafname -Like -Value "*.jpg" | Where-Object -Property Dirname -Like -Value "Shared Documents/*" | Where-Object -Property DeletedByEmail -EQ –Value shane@tkdemo.com
$bin | foreach -begin { $a = 0} -Process {Write-Host "$a - $($_.LeafName)" ; $_ | Restore-PnPRecycleBinItem -Force ; $a++ } -End { Get-Date }
Normally, that would have worked, but it was going to take some time to restore the files. A loooong time. Several days in fact. With some testing I surmised that the client PowerShell was the bottleneck. I used a little PowerShell trick to break the entire 100,000 item collection into chunks of 10,000 and run it multiple PowerShell windows and on multiple machines. I changed the second line to look something like this:
($bin[20001..30000]) | foreach -begin { $a = 0} -Process {Write-Host "$a - $($_.LeafName)" ; $_ | Restore-PnPRecycleBinItem -Force ; $a++ } -End { Get-Date }
The $bin[20001..30000] only sends items 20001 to 30000 of the collection down the pipeline. I changed that on each client. $bin[0..10000], $bin[10001..20000], and so on. After they finished I ran through it all one more time to make sure I didn’t miss any. The entire script looked like this:
# Make sure necessary modules are installed
# PnP PowerShell to get access to Office 365
Install-Module SharePointPnPPowerShellOnline
# Module to securely store passwords
Install-Module CredentialManager
# Saved credentials
New-StoredCredential -Target "ImportantSite" -UserName madowner@tkdemo.com -Password 'Password goes here' -Persist LocalMachine
# Now the actual meat
# Connect to the site collection where the files were deleted
Connect-PnPOnline -Url https://tkdemo.sharepoint.com/ -Credentials ImportantSite
# Filter the recycle bin for only the files we want to restore, JPGs, from the Shared document library, deleted by Shane
$bin = Get-PnPRecycleBinItem | Where-Object -Property Leafname -Like -Value "*.jpg" | Where-Object -Property Dirname -Like -Value "Shared Documents/*" | Where-Object -Property DeletedByEmail -EQ -Value shane@tkdemo.com
# See how many pictures Shane deleted.
$bin.count
# Walk through the collection and restore each document. Spit out the time at the end so you know how long it took. Also keep a counter to see how it’s going as it churns through the collection
$bin | foreach -begin { $a = 0} -Process {Write-Host "$a - $($_.LeafName)" ; $_ | Restore-PnPRecycleBinItem -Force ; $a++ } -End { Get-Date }
# Since the OM is the bottleneck you can run this on multiple machines to speed things up. Here’s how to only restore a subset of the collection
($bin[20001..30000]) | foreach -begin { $a = 0} -Process {Write-Host "$a - $($_.LeafName)" ; $_ | Restore-PnPRecycleBinItem -Force ; $a++ } -End { Get-Date }
I hope you never need to use this. 
tk
ShortURL: https://www.toddklindt.com/PoshRestoreSPOFiles | | | Todd O. Klindt | 12/10/2018 10:43 AM | Podcast | 0 | | | | | Todd O. Klindt | 12/5/2018 2:59 AM | Podcast | 0 | | | | | Todd O. Klindt | 11/16/2018 8:41 AM | Podcast | 0 | | | | | Todd O. Klindt | 11/13/2018 3:22 PM | PowerShell; Office 365; Sharepoint | 0 | | This question has come up a few times so I thought I’d blog it so I had an easy place to point people. You can also go to the PnP PowerShell GitHub Comments for the same information. If you’ve watched any of my podcasts, or seen me speak at any technical events you know I’m a big fan of the Patterns and Practices (PnP) PowerShell cmdlets. They make working with Office 365 tolerable, even enjoyable. The PnP PowerShell is a community led, Microsoft supervised, project on GitHub. If you’re not already using it, you should check it out. Along with scads of other software running on our machines, it gets updated once a month or so. In the last couple of months a couple of clashing updates have caused PnP users some stress. Specifically when they use the Connect-PnPOnline cmdlet to connect to SharePoint Online they get a “Method not found” error message. The PnP team was on it. They published this fix: - Delete all the SharePoint Components from the Control Panel (Add/Remove)
- Open the GAC location (C:\windows\Microsoft.NET\assembly\GAC_MSIL), search for the term SharePoint and delete all the folders. (This is required since the reference is still old which is used by the PnP commands)
- Re-Start the machine
- Install the latest version of the SharePoint PnP
That should do it. From the comments I’ve seen, and my own experience, this has a 100% success rate. Again, you can read all about it on GitHub. Thanks to the PnP Team for all you do, and for getting this fix out so quickly. tk ShortURL: https://www.toddklindt.com/PoshPnPMethodNotFound | | | Todd O. Klindt | 11/13/2018 3:04 PM | Podcast | 0 | | | | | Todd O. Klindt | 11/6/2018 10:47 AM | Office 365; PowerShell | 3 | | The last (and first) installment in my ever popular “Without Losing Your Damned Mind” blog series, How to Connect to with Multiple Office 365 Accounts in your Browser without Losing Your Damned Mind, was a mild success, and the series was picked up. We decided it was time for a sequel, and here it is. As an IT Pro/Administrator in the Microsoft space you have to love PowerShell. You don’t have to be an expert in it (though that really helps, I envy those guys) but you have to be confident enough with PowerShell that you can see some PowerShell on the web and be able to understand what it’s doing before you run it yourself. The way you do that is slowly, after months and years, forcing yourself to do tasks in PowerShell no matter how much it sucks. In the context of Office 365 that can get cumbersome because you have to authenticate against cloud services all the time, with many different accounts, and that requires that cursed act of typing your password. Over and over and over again. I hate typing passwords so very much. It gets worse when sometimes I’m connecting as me, sometimes as my own tenant global admin, sometimes as a customer’s tenant admin, sometimes as a different customer’s admin, it never ends. A while back I started using Windows’ Credential Manager to manage my PowerShell logins, and that’s what this blog post is going to be about. I will assume you already know how to connect to Office 365 and Azure with PowerShell and that you have all of the necessary modules, executables, and the like installed. The secret sauce that makes this all bearable is a PowerShell module called PowerShell Credential Manager. This little beauty uses native PowerShell to access the Credential Manager in Windows. There are other modules that do similar things, and you can actually do all of this yourself in PowerShell without a module. I’ve found this module to be the best that works for me, but this process is the same regardless of what you use. You can install it with this line: Install-Module -Name CredentialManager It installs the following cmdlets: Get-StoredCredential
Get-StrongPassword
New-StoredCredential
Remove-StoredCredential You can use New-StoredCredential to put a new entry in the Windows Credential Manager. You can also use the Credential Manager UI to do it. It’s all the same. To create a credential with New-StoredCredential use something like this: New-StoredCredential –Target O365Admin –username admin@tenant1.onmicrosoft.com -password pass@word1 –Persist LocalMachine New-StoredCredential –Target Jimmy –username Jimmy@tenant1.onmicrosoft.com -password pass@word1 –Persist LocalMachine New-StoredCredential –Target OtherAdmin –username admin@tenant2.onmicrosoft.com -password pass@word1 –Persist LocalMachine And so on. A couple of things of note. First, all of the passwords are in plain text. If you’re running a transcript make sure you clear those out. Also, the –Persist switch is important. If you don’t add that, the Stored Credential will vanish into the ether when you close this PowerShell window. You won’t know why it doesn’t work the next and you’ll be very confused. Maybe that’s just me. You can also add a comment for the credential with the –Comment parameter. Running the command looks like this: 
The entries look like this in Windows: 
You can get to this screen in Control Panel, or by typing “cred” in the Start Menu. The credentials you create in PowerShell will show up under “Generic Credentials” and you can use anything that’s already there. You can also create credentials with the cleverly named, “Add a generic credential” link at the top. It doesn’t matter how they get there, it just matters that they’re there. You can create as many credentials as you want. There’s no charge.  Now that we’ve loaded the Credential Store up with some yummy Office 365 Credentials, how do we use? The magic word is Get-StoredCredential. We can use Get-StoredCredential to securely pull credentials from the Credential Manager and pass them to a PowerShell cmdlet. You can save them in a variable, or just call it directly when you connect. Here is how you connect to Azure AD: Connect-MsolService -Credential (Get-StoredCredential -Target O365Admin) It looks like this: 
No passwords were typed (Hooray!) and that means you can securely automate it. The process is the same for other Connect style cmdlets. Here are a couple of examples: Connect-AzureAD -Credential (Get-StoredCredential -Target O365Admin) Connect-SPOService -Url https://blogpost-admin.sharepoint.com -Credential (Get-StoredCredential -Target O365Admin) If I wanted to sign in as the Jimmy account, I would pass that to the –Target parameter: Connect-SPOService -Url https://blogpost-admin.sharepoint.com -Credential (Get-StoredCredential -Target Jimmy ) I’m a frequent user of the PnP PowerShell. I’d give up sliced bread before I gave them up. While you can use this same approach with them, you have another option that’s even less typing: Connect-PnPOnline -Url https://blogpost-admin.sharepoint.com -Credential O365Admin The Connect-PnPOnline cmdlet (and maybe others) natively know to check the Credential Manager if it’s passed a string. That’s all there is to it. Once you create a credential it’s yours to use however you’d like, as often as you’d like. This isn’t restricted to Office 365, either. Any PowerShell cmdlets that take credentials can take advantage of this. Enjoy. tk ShortURL: https://www.toddklindt.com/PoshMultipleAccounts | | | Todd O. Klindt | 11/5/2018 10:45 AM | Podcast | 0 | | | | | Todd O. Klindt | 11/2/2018 1:13 PM | | 0 | | Over the few months I’ve been doing a lot of consulting projects, and some of my favorites have been with my long time friends Marc Anderson (blog|twitter) and Julie Turner (blog|twitter). I’ve known Marc since roughly the beginning of time, and met Julie a few years ago when she joined him at Sympraxis. We’ve all been old friends ever since. They’re both developery types and over the last few months they’ve brought me in to help with some projects that needed an admin’s touch. At SPTechCon a couple of months ago we were sitting around catching up and Marc suggested that we put a ring on it and make it official. What a magnificent idea! Yesterday I officially started at Sympraxis. I’ll be doing all the same things I’ve been doing. Blogging, podcasting, teaching, and loving on SharePoint and Office 365 every day. Now though, Julie and Marc are legally required to chat with me on Teams during the day when I’m bored.  I will also continue to be the chief Evangelist for Syskit. I’m going to be staying very busy. If you’d like to bring Sympraxis into a project, drop us a note on our Contact Page and we’ll get a hold of you. Thanks to Marc and Julie for bringing me onboard. tk ShortURL: https://www.toddklindt.com/JoinSympraxis | | | Todd O. Klindt | 10/31/2018 9:07 AM | Podcast | 0 | | | | | Todd O. Klindt | 10/23/2018 4:14 PM | SPDocKit | 1 | | I’m not sure my heart can take much more of this. First SharePoint Server 2019 RTMs and the folks at SysKit put out another amazing version of SPDocKit, 8.0! Is today my birthday or something?! If you haven’t used SPDocKit before, you’re missing out. Luckily the folks at SysKit have you covered, before you do anything, including finishing this blog post, go out and download their free 30 day trial. Okay, now that we’ve got that out of the way, what is SPDocKit and what’s in it for you? I am so glad you asked! SPDocKit is a SharePoint Documentation tool. Quite possibly the best SharePoint Documentation tool to grace the earth with its footfall. Over the years I’ve watched the product evolve into nearly a work of art. The folks at SysKit love SharePoint, almost as much as I do, and they have their finger on the pulse of what SharePoint admins want. With each successive version of SPDocKit they add new reports and functionality that scratch the collective itches we SharePoint admins have. As a SharePoint Consultant I help all kinds of organizations implement and manage SharePoint servers. In the last year or two I’ve noticed a very pronounced shift towards wanting more reporting. Companies want a better idea of how their users are using SharePoint. SPDocKit gives that to them in spades, all in an easy to use interface. What kind of reports does it give you? There’s almost too many to name. I’ll rattle off some of my favorites though to get you started: - Full Farm Documentation – Servers, services, databases, sites, everything you can think of. Best of all it keeps a copy of every report you run, so you can compare them over time and see how your environment grows.
- Best Practices – SPDocKit looks into every crack and crevice of your SharePoint farm and let you know, nicely, what things you could be doing better. This could be SharePoint Configuration, SQL Server settings, anything. SPDocKit has your back.
- Security – Great reports on what has been changed, who has changed what. Security is a hot topic these days and SPDocKit has you covered.
- User Permissions – You can get Permissions reports, compare users’ permissions, copy user permissions, everything you can think of.
That’s just off the top of my head. There’s so much more. Here’s a list of just what they’ve added to version 8.0. Go out and take SPDocKit for a spin. You won’t regret it. While you’re out there check out SysKit’s other great tools like SysKit Insights, Security Manager, the free SysKit Point. tk ShortURL: https://www.toddklindt.com/SPDocKit8 | | | Todd O. Klindt | 10/22/2018 5:03 PM | SharePoint 2019; Sharepoint | 0 | | What a day, what a day. SharePoint Server 2019 is ready for us to download and deploy into our production farms. What’s new in SharePoint 2019 you ask? A bunch. Here’s a short list: - Modern Sites
- Modern Lists and Libraries
- Modern Pages
- Communication Sites
- OneDrive for Business sync client support
- Large file, large filename, fewer character restrictions
The list goes on and on. Here are a bunch of links to get you started: SharePoint Team Blog Post Download SharePoint Server 2019 Quick Start Guide Here at the Klindt Labs we’ll be installing SharePoint Server 2019 as quickly as we can and letting you know what our experience is. tk ShortURL: https://www.toddklindt.com/SP2019ishere | | | Todd O. Klindt | 10/18/2018 4:54 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/17/2018 5:01 PM | Podcast | 0 | | | | | Todd O. Klindt | 10/8/2018 3:17 PM | Podcast | 0 | | |
|
Compliance Details javascript:commonShowModalDialog('{SiteUrl}/_layouts/itemexpiration.aspx?ID={ItemId}&List={ListId}', 'center:1;dialogHeight:500px;dialogWidth:500px;resizable:yes;status:no;location:no;menubar:no;help:no', function GotoPageAfterClose(pageid){if(pageid == 'hold') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/hold.aspx?ID={ItemId}&List={ListId}'); return false;} if(pageid == 'audit') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/Reporting.aspx?Category=Auditing&backtype=item&ID={ItemId}&List={ListId}'); return false;} if(pageid == 'config') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/expirationconfig.aspx?ID={ItemId}&List={ListId}'); return false;}}, null); 0x0 0x1 ContentType 0x01 898 View in Browser /blog/_layouts/xlviewer.aspx?id={ItemUrl}&DefaultItemOpen=1 0x0 0x1 FileType xlsx 255 View in Browser /blog/_layouts/xlviewer.aspx?id={ItemUrl}&DefaultItemOpen=1 0x0 0x1 FileType xlsm 255 View in Browser /blog/_layouts/xlviewer.aspx?id={ItemUrl}&DefaultItemOpen=1 0x0 0x1 FileType xlsb 255 View in Browser /blog/_layouts/xlviewer.aspx?id={ItemUrl}&DefaultItemOpen=1 0x0 0x1 FileType ods 255 |
|