Skip to content

Instantly share code, notes, and snippets.

@gscales

gscales/gist:3645324ee264fe91d7b26cd7c8a3e773

Created June 21, 2019 06:50
Show Gist options
  • Save gscales/3645324ee264fe91d7b26cd7c8a3e773 to your computer and use it in GitHub Desktop.
Save gscales/3645324ee264fe91d7b26cd7c8a3e773 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
function Connect-Exchange {
param(
[Parameter(Position = 0, Mandatory = $true)] [string]$MailboxName,
[Parameter(Position = 1, Mandatory = $false)] [string]$url,
[Parameter(Position = 2, Mandatory = $false)] [string]$ClientId,
[Parameter(Position = 3, Mandatory = $false)] [string]$redirectUrl,
[Parameter(Position = 4, Mandatory = $false)] [string]$AccessToken,
[Parameter(Position = 5, Mandatory = $false)] [switch]$basicAuth,
[Parameter(Position = 6, Mandatory = $false)] [System.Management.Automation.PSCredential]$Credentials
)
Begin {
Load-EWSManagedAPI
## Set Exchange Version
if ([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2016) {
$ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2016
}
else {
$ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2013_SP1
}
## Create Exchange Service Object
$service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)
## Set Credentials to use two options are availible Option1 to use explict credentials or Option 2 use the Default (logged On) credentials
if ($basicAuth.IsPresent) {
$creds = New-Object System.Net.NetworkCredential($Credentials.UserName.ToString(), $Credentials.GetNetworkCredential().password.ToString())
$service.Credentials = $creds
}
else {
if ([String]::IsNullOrEmpty($AccessToken)) {
$Resource = "Outlook.Office365.com"
if ([String]::IsNullOrEmpty($ClientId)) {
$ClientId = "d3590ed6-52b3-4102-aeff-aad2292ab01c"
}
if ([String]::IsNullOrEmpty($redirectUrl)) {
$redirectUrl = "urn:ietf:wg:oauth:2.0:oob"
}
$Script:Token = Get-EWSAccessToken -MailboxName $MailboxName -ClientId $ClientId -redirectUrl $redirectUrl -ResourceURL $Resource -Prompt $Prompt -CacheCredentials
$OAuthCredentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials((ConvertFrom-SecureStringCustom -SecureToken $Script:Token.access_token))
}
else {
$OAuthCredentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($AccessToken)
}
$service.Credentials = $OAuthCredentials
}
#Credentials Option 1 using UPN for the windows Account
#$psCred = Get-Credential
#Credentials Option 2
#service.UseDefaultCredentials = $true
#$service.TraceEnabled = $true
## Choose to ignore any SSL Warning issues caused by Self Signed Certificates
#Handle-SSL
## Set the URL of the CAS (Client Access Server) to use two options are availbe to use Autodiscover to find the CAS URL or Hardcode the CAS to use
#CAS URL Option 1 Autodiscover
if ($url) {
$uri = [system.URI] $url
$service.Url = $uri
}
else {
$service.AutodiscoverUrl($MailboxName, {$true})
}
#Write-host ("Using CAS Server : " + $Service.url)
#CAS URL Option 2 Hardcoded
#$uri=[system.URI] "https://casservername/ews/exchange.asmx"
#$service.Url = $uri
## Optional section for Exchange Impersonation
#$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)
if (!$service.URL) {
throw "Error connecting to EWS"
}
else {
return, $service
}
}
}
function Load-EWSManagedAPI {
param(
)
Begin {
if(Test-Path ($script:ModuleRoot + "/Microsoft.Exchange.WebServices.dll")){
Import-Module ($script:ModuleRoot + "/Microsoft.Exchange.WebServices.dll")
$Script:EWSDLL = $script:ModuleRoot + "/Microsoft.Exchange.WebServices.dll"
write-verbose ("Using EWS dll from Local Directory")
}else{
## Load Managed API dll
###CHECK FOR EWS MANAGED API, IF PRESENT IMPORT THE HIGHEST VERSION EWS DLL, ELSE EXIT
$EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Web Services'|Sort-Object Name -Descending| Select-Object -First 1 -ExpandProperty Name)).'Install Directory') + "Microsoft.Exchange.WebServices.dll")
if (Test-Path $EWSDLL) {
Import-Module $EWSDLL
$Script:EWSDLL = $EWSDLL
}
else {
"$(get-date -format yyyyMMddHHmmss):"
"This script requires the EWS Managed API 1.2 or later."
"Please download and install the current version of the EWS Managed API from"
"http://go.microsoft.com/fwlink/?LinkId=255472"
""
"Exiting Script."
exit
}
}
}
}
function Handle-SSL {
param(
)
Begin {
## Code From http://poshcode.org/624
## Create a compilation environment
$Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
$Compiler = $Provider.CreateCompiler()
$Params = New-Object System.CodeDom.Compiler.CompilerParameters
$Params.GenerateExecutable = $False
$Params.GenerateInMemory = $True
$Params.IncludeDebugInformation = $False
$Params.ReferencedAssemblies.Add("System.DLL") | Out-Null
$TASource = @'
namespace Local.ToolkitExtensions.Net.CertificatePolicy{
public class TrustAll : System.Net.ICertificatePolicy {
public TrustAll() {
}
public bool CheckValidationResult(System.Net.ServicePoint sp,
System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Net.WebRequest req, int problem) {
return true;
}
}
}
'@
$TAResults = $Provider.CompileAssemblyFromSource($Params, $TASource)
$TAAssembly = $TAResults.CompiledAssembly
## We now create an instance of the TrustAll and attach it to the ServicePointManager
$TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
[System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
## end code from http://poshcode.org/624 ##
}
}
function ConvertTo-String($ipInputString){
$Val1Text = ""
for ($clInt=0;$clInt -lt $ipInputString.length;$clInt++){
$Val1Text = $Val1Text + [Convert]::ToString([Convert]::ToChar([Convert]::ToInt32($ipInputString.Substring($clInt,2),16)))
$clInt++
}
return $Val1Text
}
function TraceHandler(){
$sourceCode = @"
public class ewsTraceListener : Microsoft.Exchange.WebServices.Data.ITraceListener
{
public System.String LogFile {get;set;}
public void Trace(System.String traceType, System.String traceMessage)
{
System.IO.File.AppendAllText(this.LogFile, traceMessage);
}
}
"@
Add-Type -TypeDefinition $sourceCode -Language CSharp -ReferencedAssemblies $Script:EWSDLL
$TraceListener = New-Object ewsTraceListener
return $TraceListener
}
function Get-TeamsMeetingsFolder{
param(
[Parameter(Position = 1, Mandatory = $true)] [string]$MailboxName,
[Parameter(Position = 2, Mandatory = $false)] [string]$AccessToken,
[Parameter(Position = 3, Mandatory = $false)] [string]$url,
[Parameter(Position = 4, Mandatory = $false)] [switch]$useImpersonation,
[Parameter(Position = 5, Mandatory = $false)] [switch]$basicAuth,
[Parameter(Position = 6, Mandatory = $false)] [System.Management.Automation.PSCredential]$Credentials,
[Parameter(Position =7, Mandatory = $false) ] [Microsoft.Exchange.WebServices.Data.ExchangeService]$service
)
Process {
if($service -eq $null){
if ($basicAuth.IsPresent) {
if (!$Credentials) {
$Credentials = Get-Credential
}
$service = Connect-Exchange -MailboxName $MailboxName -url $url -basicAuth -Credentials $Credentials
}
else {
$service = Connect-Exchange -MailboxName $MailboxName -url $url -AccessToken $AccessToken
}
$service.HttpHeaders.Add("X-AnchorMailbox", $MailboxName);
if ($useImpersonation.IsPresent) {
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)
}
}
$folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root,$MailboxName)
$TeamMeetingsFolderEntryId = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([System.Guid]::Parse("{07857F3C-AC6C-426B-8A8D-D1F7EA59F3C8}"), "TeamsMeetingsFolderEntryId", [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::Binary);
$psPropset= new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
$psPropset.Add($TeamMeetingsFolderEntryId)
$RootFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid,$psPropset)
$FolderIdVal = $null
$TeamsMeetingFolder = $null
if ($RootFolder.TryGetProperty($TeamMeetingsFolderEntryId,[ref]$FolderIdVal))
{
$TeamMeetingFolderId= new-object Microsoft.Exchange.WebServices.Data.FolderId((ConvertId -HexId ([System.BitConverter]::ToString($FolderIdVal).Replace("-","")) -service $service))
$TeamsMeetingFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$TeamMeetingFolderId);
}
return $TeamsMeetingFolder
}
}
function Get-TeamsCDRItems{
param(
[Parameter(Position = 1, Mandatory = $true)] [string]$MailboxName,
[Parameter(Position = 2, Mandatory = $false)] [string]$AccessToken,
[Parameter(Position = 3, Mandatory = $false)] [string]$url,
[Parameter(Position = 4, Mandatory = $false)] [switch]$useImpersonation,
[Parameter(Position = 5, Mandatory = $false)] [switch]$basicAuth,
[Parameter(Position = 6, Mandatory = $false)] [System.Management.Automation.PSCredential]$Credentials,
[Parameter(Position = 10, Mandatory = $false)] [DateTime]$startdatetime = (Get-Date).AddDays(-30),
[Parameter(Position = 11, Mandatory = $false)] [datetime]$enddatetime = (Get-Date)
)
Process {
if ($basicAuth.IsPresent) {
if (!$Credentials) {
$Credentials = Get-Credential
}
$service = Connect-Exchange -MailboxName $MailboxName -url $url -basicAuth -Credentials $Credentials
}
else {
$service = Connect-Exchange -MailboxName $MailboxName -url $url -AccessToken $AccessToken
}
$service.HttpHeaders.Add("X-AnchorMailbox", $MailboxName);
if ($useImpersonation.IsPresent) {
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)
}
$TeamsMeetingFolder = Get-TeamsMeetingsFolder -service $service -MailboxName $MailboxName
$CalendarItemsHash = Get-CalendarItems -MailboxName $MailboxName -service $service -startdatetime $startdatetime -enddatetime $enddatetime
$fiItems = $null
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(100)
$ItemPropsetIdOnly = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly)
$ivItemView.PropertySet = $ItemPropsetIdOnly
$ItemPropset = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
$CleanObjectId = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::Meeting,0x23, [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::Binary)
$PR_START_DATE = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x0060, [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::SystemTime)
$PR_END_DATE = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x0061, [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::SystemTime)
$ItemPropset.Add($CleanObjectId)
$ItemPropset.Add($PR_START_DATE)
$ItemPropset.Add($PR_END_DATE)
#$ItemPropset.Add($SkypeTeamsProperties)
$ItemPropset.RequestedBodyType = [Microsoft.Exchange.WebServices.Data.BodyType]::Text
$Sfgt = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsGreaterThan([Microsoft.Exchange.WebServices.Data.ItemSchema]::DateTimeReceived, $startdatetime)
$Sflt = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsLessThan([Microsoft.Exchange.WebServices.Data.ItemSchema]::DateTimeReceived, $enddatetime)
$sfCollection = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+SearchFilterCollection([Microsoft.Exchange.WebServices.Data.LogicalOperator]::And);
$sfCollection.add($Sfgt)
$sfCollection.add($Sflt)
do {
$error.clear()
try {
$fiItems = $TeamsMeetingFolder.service.FindItems($TeamsMeetingFolder.Id,$sfCollection, $ivItemView)
}
catch {
write-host ("Error " + $_.Exception.Message)
if ($_.Exception -is [Microsoft.Exchange.WebServices.Data.ServiceResponseException]) {
Write-Host ("EWS Error : " + ($_.Exception.ErrorCode))
Start-Sleep -Seconds 60
}
$fiItems = $TeamsMeetingFolder.service.FindItems($TeamsMeetingFolder.Id, $ivItemView)
}
if ($fiItems.Items.Count -gt 0) {
[Void]$TeamsMeetingFolder.service.LoadPropertiesForItems($fiItems, $ItemPropset)
}
if ($fiItems.Items.Count -gt 0) {
Write-Host ("Processed " + $fiItems.Items.Count + " : " + $ItemClass)
foreach ($Item in $fiItems.Items) {
$rptObj = "" | Select-Object Subject,Start,End,Organizer,MeetingCid,CDRLog
$Regex = [Regex]::new("(?<=/Thread Id\:)(.*)(?=/Communication Id\:)")
$Match = $Regex.Match($Item.Subject)
$rptObj.MeetingCid = $Match.Value.Trim()
$rptObj.Subject = $Item.Subject
$rptObj.Start = $Item.Start
$rptObj.End = $Item.End
$PR_START_DATE_Value = $null
if($Item.TryGetProperty($PR_START_DATE,[ref]$PR_START_DATE_Value)){
$rptObj.Start = $PR_START_DATE_Value
}
$PR_END_DATE_Value = $null
if($Item.TryGetProperty($PR_END_DATE,[ref]$PR_END_DATE_Value)){
$rptObj.End = $PR_END_DATE_Value
}
if($CalendarItemsHash.ContainsKey($rptObj.MeetingCid)){
$rptObj.Subject = $CalendarItemsHash[$rptObj.MeetingCid].Subject
$rptObj.Organizer = $CalendarItemsHash[$rptObj.MeetingCid].Organizer
}
$rptObj.CDRLog = $Item.Body.Text
Write-Output $rptObj
}
}
$ivItemView.Offset += $fiItems.Items.Count
}while ($fiItems.MoreAvailable)
}
}
function Get-CalendarItems{
param (
[Parameter(Position = 1, Mandatory = $true)] [string]$MailboxName,
[Parameter(Position = 2, Mandatory = $false)] [Microsoft.Exchange.WebServices.Data.ExchangeService]$service,
[Parameter(Position = 3, Mandatory = $false)] [DateTime]$startdatetime,
[Parameter(Position = 4, Mandatory = $false)] [datetime]$enddatetime
)
process{
$rptHash = @{}
$folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Calendar,$MailboxName)
$Calendar = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)
$Recurring = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::Appointment, 0x8223,[Microsoft.Exchange.WebServices.Data.MapiPropertyType]::Boolean);
$psPropset= new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
$SkypeTeamsProperties = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::PublicStrings, "SkypeTeamsProperties", [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String);
$psPropset.Add($Recurring)
$psPropset.Add($SkypeTeamsProperties)
$psPropset.RequestedBodyType = [Microsoft.Exchange.WebServices.Data.BodyType]::Text;
#Define the calendar view
$CalendarView = New-Object Microsoft.Exchange.WebServices.Data.CalendarView($startdatetime,$enddatetime,1000)
$fiItems = $service.FindAppointments($Calendar.Id,$CalendarView)
if($fiItems.Items.Count -gt 0){
$type = ("System.Collections.Generic.List"+'`'+"1") -as "Type"
$type = $type.MakeGenericType("Microsoft.Exchange.WebServices.Data.Item" -as "Type")
$ItemColl = [Activator]::CreateInstance($type)
foreach($Item in $fiItems.Items){
$ItemColl.Add($Item)
}
[Void]$service.LoadPropertiesForItems($ItemColl,$psPropset)
}
foreach($Item in $ItemColl){
$SkypeTeamsProperties_Value = $null
if($Item.TryGetProperty($SkypeTeamsProperties,[ref]$SkypeTeamsProperties_Value)){
$SkypeTeamsPropertiesObj = ConvertFrom-Json $SkypeTeamsProperties_Value
if(!$rptHash.ContainsKey($SkypeTeamsPropertiesObj.cid)){
$rptHash.Add($SkypeTeamsPropertiesObj.cid,$Item)
}
}
}
return $rptHash
}
}
function ConvertId{
param (
[Parameter(Position=1, Mandatory=$false)] [String]$HexId,
[Parameter(Position=2, Mandatory=$false)] [Microsoft.Exchange.WebServices.Data.ExchangeService]$service
)
process{
$aiItem = New-Object Microsoft.Exchange.WebServices.Data.AlternateId
$aiItem.Mailbox = $MailboxName
$aiItem.UniqueId = $HexId
$aiItem.Format = [Microsoft.Exchange.WebServices.Data.IdFormat]::HexEntryId
$convertedId = $service.ConvertId($aiItem, [Microsoft.Exchange.WebServices.Data.IdFormat]::EwsId)
return $convertedId.UniqueId
}
}
function Invoke-GenericFolderItemEnum {
param(
[Parameter(Position = 1, Mandatory = $false)] [psObject]$Folder,
[Parameter(Position = 2, Mandatory = $false)] [switch]$FullDetails,
[Parameter(Position = 3, Mandatory = $false)] [switch]$ReturnSentiment,
[Parameter(Position = 4, Mandatory = $false)] [Int]$MaxCount,
[Parameter(Position = 5, Mandatory = $false)] [psobject]$fldIndex,
[Parameter(Position = 6, Mandatory = $false)] [String]$QueryString
)
Process {
$PR_ENTRYID = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x0FFF, [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::Binary)
$RecoveryFolder = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::PublicStrings, "FIIM-RecoveryFolder", [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String)
if ($MaxCount -gt 0) {
$Script:MaxCount = $MaxCount
$Script:UseMaxCount = $true
$Script:MaxCountExceeded = $false
}
else {
$Script:MaxCount = 0
$Script:UseMaxCount = $false
$Script:MaxCountExceeded = $false
}
if ($Script:UseMaxCount) {
if ($Script:MaxCount -gt 1000) {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1000)
}
else {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView($Script:MaxCount)
}
}
else {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1000)
}
$ItemPropset = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
$ItemPropset.Add($PR_ENTRYID)
$ItemPropset.Add([Microsoft.Exchange.WebServices.Data.EmailMessageSchema]::Preview)
$ItemPropset.Add($RecoveryFolder)
if ($ReturnSentiment.IsPresent) {
$Sentiment = New-Object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition([Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::Common, "EntityExtraction/Sentiment1.0", [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String);
$ItemPropset.Add($Sentiment)
}
$ItemPropsetIdOnly = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly)
if ($FullDetails.IsPresent) {
$ivItemView.PropertySet = $ItemPropsetIdOnly
if ($Script:UseMaxCount) {
if ($Script:MaxCount -gt 100) {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(100)
}
else {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView($Script:MaxCount)
}
}
else {
$ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(100)
}
}
else {
$ivItemView.PropertySet = $ItemPropset
}
$itemCount = 0
$fiItems = $null
do {
$error.clear()
try {
if ([String]::IsNullOrEmpty($QueryString)) {
$fiItems = $Folder.service.FindItems($Folder.Id, $ivItemView)
}
else {
$fiItems = $Folder.service.FindItems($Folder.Id, $QueryString, $ivItemView)
}
}
catch {
write-host ("Error " + $_.Exception.Message)
if ($_.Exception -is [Microsoft.Exchange.WebServices.Data.ServiceResponseException]) {
Write-Host ("EWS Error : " + ($_.Exception.ErrorCode))
Start-Sleep -Seconds 60
}
if ([String]::IsNullOrEmpty($QueryString)) {
$fiItems = $Folder.service.FindItems($Folder.Id, $ivItemView)
}
else {
$fiItems = $Folder.service.FindItems($Folder.Id, $QueryString, $ivItemView)
}
}
if ($FullDetails.IsPresent) {
if ($fiItems.Items.Count -gt 0) {
[Void]$Folder.service.LoadPropertiesForItems($fiItems, $ItemPropset)
}
}
if ($fiItems.Items.Count -gt 0) {
Write-Host ("Processed " + $fiItems.Items.Count + " : " + $ItemClass)
}
foreach ($Item in $fiItems.Items) {
$itemCount ++
$Okay = $true;
if ($Script:UseMaxCount) {
if ($itemCount -gt $Script:MaxCount) {
$okay = $False
}
}
if ($Okay) {
$Item | Add-Member -Name "FolderPath" -Value $Folder.FolderPath -MemberType NoteProperty
Write-Output $Item
}
}
if ($Script:UseMaxCount) {
if ($itemCount -ge $Script:MaxCount) {
$Script:MaxCountExceeded = $true
}
}
$ivItemView.Offset += $fiItems.Items.Count
}while ($fiItems.MoreAvailable -eq $true -band (!$Script:MaxCountExceeded))
}
}
function ConvertToString($ipInputString) {
$Val1Text = ""
for ($clInt = 0; $clInt -lt $ipInputString.length; $clInt++) {
$Val1Text = $Val1Text + [Convert]::ToString([Convert]::ToChar([Convert]::ToInt32($ipInputString.Substring($clInt, 2), 16)))
$clInt++
}
return $Val1Text
}
function Invoke-ValidateToken {
param (
[Parameter(Position = 0, Mandatory = $true)]
[Microsoft.Exchange.WebServices.Data.ExchangeService]$service
)
begin {
$MailboxName = $Script:Token.mailbox
$minTime = new-object DateTime(1970, 1, 1, 0, 0, 0, 0, [System.DateTimeKind]::Utc);
$expiry = $minTime.AddSeconds($Script:Token.expires_on)
if ($expiry -le [DateTime]::Now.ToUniversalTime().AddMinutes(10)) {
if ([bool]($Script:Token.PSobject.Properties.name -match "refresh_token")) {
write-host "Refresh Token"
$Script:Token = Invoke-RefreshAccessToken -MailboxName $MailboxName -AccessToken $Script:Token
$OAuthCredentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials((ConvertFrom-SecureStringCustom -SecureToken $Script:Token.access_token))
$service.Credentials = $OAuthCredentials
}
else {
throw "App Token has expired"
}
}
}
}
function ConvertToString($ipInputString) {
$Val1Text = ""
for ($clInt = 0; $clInt -lt $ipInputString.length; $clInt++) {
$Val1Text = $Val1Text + [Convert]::ToString([Convert]::ToChar([Convert]::ToInt32($ipInputString.Substring($clInt, 2), 16)))
$clInt++
}
return $Val1Text
}
function Get-EWSAccessToken {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = $true)]
[string]
$MailboxName,
[Parameter(Position = 1, Mandatory = $false)]
[string]
$ClientId,
[Parameter(Position = 2, Mandatory = $false)]
[string]
$redirectUrl,
[Parameter(Position = 3, Mandatory = $false)]
[string]
$ClientSecret,
[Parameter(Position = 4, Mandatory = $false)]
[string]
$ResourceURL,
[Parameter(Position = 5, Mandatory = $false)]
[switch]
$Beta,
[Parameter(Position = 6, Mandatory = $false)]
[String]
$Prompt,
[Parameter(Position = 7, Mandatory = $false)]
[switch]
$CacheCredentials
)
Begin {
Add-Type -AssemblyName System.Web
$HttpClient = Get-HTTPClient -MailboxName $MailboxName
if ([String]::IsNullOrEmpty($ClientId)) {
$ReturnToken = Get-ProfiledToken -MailboxName $MailboxName
if ($ReturnToken -eq $null) {
Write-Error ("No Access Token for " + $MailboxName)
}
else {
return $ReturnToken
}
}
else {
if ([String]::IsNullOrEmpty(($ClientSecret))) {
$ClientSecret = $AppSetting.ClientSecret
}
if ([String]::IsNullOrEmpty($redirectUrl)) {
$redirectUrl = [System.Web.HttpUtility]::UrlEncode("urn:ietf:wg:oauth:2.0:oob")
}
else {
$redirectUrl = [System.Web.HttpUtility]::UrlEncode($redirectUrl)
}
if ([String]::IsNullOrEmpty($ResourceURL)) {
$ResourceURL = $AppSetting.ResourceURL
}
if ([String]::IsNullOrEmpty($Prompt)) {
$Prompt = "refresh_session"
}
$Phase1auth = Show-OAuthWindow -Url "https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2F$ResourceURL&client_id=$ClientId&response_type=code&redirect_uri=$redirectUrl&prompt=$Prompt&domain_hint=organizations"
$code = $Phase1auth["code"]
$AuthorizationPostRequest = "resource=https%3A%2F%2F$ResourceURL&client_id=$ClientId&grant_type=authorization_code&code=$code&redirect_uri=$redirectUrl"
if (![String]::IsNullOrEmpty($ClientSecret)) {
$AuthorizationPostRequest = "resource=https%3A%2F%2F$ResourceURL&client_id=$ClientId&client_secret=$ClientSecret&grant_type=authorization_code&code=$code&redirect_uri=$redirectUrl"
}
$content = New-Object System.Net.Http.StringContent($AuthorizationPostRequest, [System.Text.Encoding]::UTF8, "application/x-www-form-urlencoded")
$ClientReesult = $HttpClient.PostAsync([Uri]("https://login.windows.net/common/oauth2/token"), $content)
$JsonObject = ConvertFrom-Json -InputObject $ClientReesult.Result.Content.ReadAsStringAsync().Result
if ([bool]($JsonObject.PSobject.Properties.name -match "refresh_token")) {
$JsonObject.refresh_token = (Get-ProtectedToken -PlainToken $JsonObject.refresh_token)
}
if ([bool]($JsonObject.PSobject.Properties.name -match "access_token")) {
$JsonObject.access_token = (Get-ProtectedToken -PlainToken $JsonObject.access_token)
}
if ([bool]($JsonObject.PSobject.Properties.name -match "id_token")) {
$JsonObject.id_token = (Get-ProtectedToken -PlainToken $JsonObject.id_token)
}
Add-Member -InputObject $JsonObject -NotePropertyName clientid -NotePropertyValue $ClientId
Add-Member -InputObject $JsonObject -NotePropertyName redirectUrl -NotePropertyValue $redirectUrl
Add-Member -InputObject $JsonObject -NotePropertyName mailbox -NotePropertyValue $MailboxName
if ($Beta.IsPresent) {
Add-Member -InputObject $JsonObject -NotePropertyName Beta -NotePropertyValue $True
}
return $JsonObject
}
}
}
function Show-OAuthWindow {
[CmdletBinding()]
param (
[System.Uri]
$Url
)
## Start Code Attribution
## Show-AuthWindow function is the work of the following Authors and should remain with the function if copied into other scripts
## https://foxdeploy.com/2015/11/02/using-powershell-and-oauth/
## https://blogs.technet.microsoft.com/ronba/2016/05/09/using-powershell-and-the-office-365-rest-api-with-oauth/
## End Code Attribution
Add-Type -AssemblyName System.Web
Add-Type -AssemblyName System.Windows.Forms
$form = New-Object -TypeName System.Windows.Forms.Form -Property @{ Width = 440; Height = 640 }
$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{ Width = 420; Height = 600; Url = ($url) }
$DocComp = {
$Global:uri = $web.Url.AbsoluteUri
if ($Global:Uri -match "error=[^&]*|code=[^&]*") { $form.Close() }
}
$web.ScriptErrorsSuppressed = $true
$web.Add_DocumentCompleted($DocComp)
$form.Controls.Add($web)
$form.Add_Shown( { $form.Activate() })
$form.ShowDialog() | Out-Null
$queryOutput = [System.Web.HttpUtility]::ParseQueryString($web.Url.Query)
$output = @{ }
foreach ($key in $queryOutput.Keys) {
$output["$key"] = $queryOutput[$key]
}
return $output
}
function Get-ProtectedToken {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = $true)]
[String]
$PlainToken
)
begin {
$SecureEncryptedToken = Protect-String -String $PlainToken
return, $SecureEncryptedToken
}
}
function Get-HTTPClient {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = $true)]
[string]
$MailboxName
)
process {
Add-Type -AssemblyName System.Net.Http
$handler = New-Object System.Net.Http.HttpClientHandler
$handler.CookieContainer = New-Object System.Net.CookieContainer
$handler.AllowAutoRedirect = $true;
$HttpClient = New-Object System.Net.Http.HttpClient($handler);
#$HttpClient.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", "");
$Header = New-Object System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json")
$HttpClient.DefaultRequestHeaders.Accept.Add($Header);
$HttpClient.Timeout = New-Object System.TimeSpan(0, 0, 90);
$HttpClient.DefaultRequestHeaders.TransferEncodingChunked = $false
if (!$HttpClient.DefaultRequestHeaders.Contains("X-AnchorMailbox")) {
$HttpClient.DefaultRequestHeaders.Add("X-AnchorMailbox", $MailboxName);
}
$Header = New-Object System.Net.Http.Headers.ProductInfoHeaderValue("RestClient", "1.1")
$HttpClient.DefaultRequestHeaders.UserAgent.Add($Header);
return $HttpClient
}
}
function Protect-String {
<#
.SYNOPSIS
Uses DPAPI to encrypt strings.
.DESCRIPTION
Uses DPAPI to encrypt strings.
.PARAMETER String
The string to encrypt.
.EXAMPLE
PS C:\> Protect-String -String $secret
Encrypts the content stored in $secret and returns it.
#>
[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")]
[CmdletBinding()]
Param (
[Parameter(ValueFromPipeline = $true)]
[string[]]
$String
)
begin {
Add-Type -AssemblyName System.Security -ErrorAction Stop
}
process {
foreach ($item in $String) {
$stringBytes = [Text.Encoding]::UTF8.GetBytes($item)
$encodedBytes = [System.Security.Cryptography.ProtectedData]::Protect($stringBytes, $null, 'CurrentUser')
[System.Convert]::ToBase64String($encodedBytes) | ConvertTo-SecureString -AsPlainText -Force
}
}
}
function Invoke-RefreshAccessToken {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = $true)]
[string]
$MailboxName,
[Parameter(Position = 1, Mandatory = $true)]
[psobject]
$AccessToken
)
process {
Add-Type -AssemblyName System.Web
$HttpClient = Get-HTTPClient -MailboxName $MailboxName
$ClientId = $AccessToken.clientid
# $redirectUrl = [System.Web.HttpUtility]::UrlEncode($AccessToken.redirectUrl)
$redirectUrl = $AccessToken.redirectUrl
$RefreshToken = (ConvertFrom-SecureStringCustom -SecureToken $AccessToken.refresh_token)
$AuthorizationPostRequest = "client_id=$ClientId&refresh_token=$RefreshToken&grant_type=refresh_token&redirect_uri=$redirectUrl"
$content = New-Object System.Net.Http.StringContent($AuthorizationPostRequest, [System.Text.Encoding]::UTF8, "application/x-www-form-urlencoded")
$ClientResult = $HttpClient.PostAsync([Uri]("https://login.windows.net/common/oauth2/token"), $content)
if (!$ClientResult.Result.IsSuccessStatusCode) {
Write-Output ("Error making REST POST " + $ClientResult.Result.StatusCode + " : " + $ClientResult.Result.ReasonPhrase)
Write-Output $ClientResult.Result
if ($ClientResult.Content -ne $null) {
Write-Output ($ClientResult.Content.ReadAsStringAsync().Result);
}
}
else {
$JsonObject = ConvertFrom-Json -InputObject $ClientResult.Result.Content.ReadAsStringAsync().Result
if ([bool]($JsonObject.PSobject.Properties.name -match "refresh_token")) {
$JsonObject.refresh_token = (Get-ProtectedToken -PlainToken $JsonObject.refresh_token)
}
if ([bool]($JsonObject.PSobject.Properties.name -match "access_token")) {
$JsonObject.access_token = (Get-ProtectedToken -PlainToken $JsonObject.access_token)
}
if ([bool]($JsonObject.PSobject.Properties.name -match "id_token")) {
$JsonObject.id_token = (Get-ProtectedToken -PlainToken $JsonObject.id_token)
}
Add-Member -InputObject $JsonObject -NotePropertyName clientid -NotePropertyValue $ClientId
Add-Member -InputObject $JsonObject -NotePropertyName redirectUrl -NotePropertyValue $redirectUrl
Add-Member -InputObject $JsonObject -NotePropertyName mailbox -NotePropertyValue $MailboxName
if ($AccessToken.Beta) {
Add-Member -InputObject $JsonObject -NotePropertyName Beta -NotePropertyValue True
}
}
return $JsonObject
}
}
function ConvertFrom-SecureStringCustom {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = $true)]
[System.Security.SecureString]
$SecureToken
)
process {
#$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureToken)
$Token = Unprotect-String -String $SecureToken
return, $Token
}
}
function Unprotect-String {
<#
.SYNOPSIS
Uses DPAPI to decrypt strings.
.DESCRIPTION
Uses DPAPI to decrypt strings.
Designed to reverse encryption applied by Protect-String
.PARAMETER String
The string to decrypt.
.EXAMPLE
PS C:\> Unprotect-String -String $secret
Decrypts the content stored in $secret and returns it.
#>
[CmdletBinding()]
Param (
[Parameter(ValueFromPipeline = $true)]
[System.Security.SecureString[]]
$String
)
begin {
Add-Type -AssemblyName System.Security -ErrorAction Stop
}
process {
foreach ($item in $String) {
$cred = New-Object PSCredential("irrelevant", $item)
$stringBytes = [System.Convert]::FromBase64String($cred.GetNetworkCredential().Password)
$decodedBytes = [System.Security.Cryptography.ProtectedData]::Unprotect($stringBytes, $null, 'CurrentUser')
[Text.Encoding]::UTF8.GetString($decodedBytes)
}
}
}
$Script:EWSDLL = ""
$Script:Token = $null
$Script:MaxCount = 0
$Script:UseMaxCount = $false
$Script:MaxCountExceeded = $false
$script:ModuleRoot = $PSScriptRoot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment