machv · August 6, 2020 09:18
diff --git a/temp.ps1 b/temp.ps1
 #region Functions
 function ConvertFrom-Timestamp {
    param(
        [Parameter(Mandatory = $true)]
        [int]$Timestamp
    )

    $utc = (Get-Date 01.01.1970) + ([System.TimeSpan]::fromseconds($Timestamp))
    $datetime = [datetime]::SpecifyKind($utc, 'Utc').ToLocalTime()

    $datetime
 }

 function Get-ReadableSize($Size) {
    $suffix = "B", "kB", "MB", "GB", "TB"
    $index = 0
    while ($Size -gt 1kb) {
        $Size = $Size / 1kb
        $index++
    } 

    "{0:N1} {1}" -f $Size, $suffix[$index]
 }

 function Invoke-ClientCredentialsFlow  {
    param(
        [string]$Tenant,
        [Parameter(ParameterSetName='ClientCredential')]
        [pscredential]$Client,
        [Parameter(ParameterSetName='ClientExplicit')]
        [string]$ClientId,
        [Parameter(ParameterSetName='ClientExplicit')]
        [string]$ClientSecret,
        [string]$Resource = "https://graph.microsoft.com",
        [string]$AuthorizationEndpoint = "https://login.microsoftonline.com/{0}/oauth2/token"
    )

    $authUrl = $AuthorizationEndpoint -f $Tenant
    $parameters = @{
        grant_type = "client_credentials"
        client_secret = $ClientSecret
        resource = $Resource
        client_id = $ClientId
    }

    $response = Invoke-RestMethod -Uri $authUrl -Method Post -Body $parameters
    $expires = ConvertFrom-Timestamp -Timestamp $response.expires_on
    
    $result = [PSCustomObject]@{
        Expires = $expires
        AccessToken = $response.access_token
    }

    $result
 }
 #endregion

 #region Option 3: AAD Graph API -> Microsoft Graph API (which goes to ExO mailbox)
 $startTime = Get-Date

 # MS Graph
 $msgToken = Invoke-ClientCredentialsFlow -Tenant $tenant -ClientId $clientId -ClientSecret $clientSecret -Resource "https://graph.microsoft.com"
 $msgHeaders = @{
    "Authorization" = "Bearer $($msgToken.AccessToken)"
    "Content-Type" = "image/jpeg"
 }

 # AAD Graph API
 $aadToken = Invoke-ClientCredentialsFlow -Tenant $tenant -ClientId $clientId -ClientSecret $clientSecret -Resource "https://graph.windows.net"
 $aadHeaders = @{
    "Authorization" = "Bearer $($aadToken.AccessToken)"
    "Content-Type" = "image/jpeg"
 }

 $url = "https://graph.windows.net/myorganization/users/?`$filter=dirSyncEnabled eq true&`$top=500&api-version=1.6"
 $r = Invoke-RestMethod -Method Get -Uri $url -Headers $aadHeaders

 $users = $r.value
 while($r.'odata.nextLink') 
 {
    $nextLink = $r.'odata.nextLink'+'&api-version=1.6'
    $r = Invoke-RestMethod -Uri "https://graph.windows.net/myorganization/$($nextLink)" -Headers $aadHeaders -Method Get
    $users += $r.value
 }

 #$user = $users | ? UserPrincipalNAme -eq "marge.simpson@litware.ml"
 foreach($user in $users) {
    $user.userPrincipalName

    $exch = $user.assignedPlans | Where-Object service -EQ "exchange"
    if(-not $exch) {
        Write-Host -ForegroundColor Yellow " - user without Exchange license -> skipping"
        continue
    }
    
    $photo = $null
    $url = "https://graph.windows.net/myorganization/users/$($user.userPrincipalName)/thumbnailPhoto?api-version=1.6"
    try { 
        $r = Invoke-WebRequest -Method Get -Uri $url -Headers $aadHeaders 
        $photo = $r.Content
    } catch { 
        if($_.Exception.Response.StatusCode.value__ -eq 404) { 
            Write-Host -ForegroundColor Yellow " - no photo available -> skipping" 
        } 
        else {
            Write-Host -ForegroundColor Red "Error while loading pic: $($_.Exception)"
        }
        continue
    }

    if($photo) {
        Write-Host " - updating a picture [$(Get-ReadableSize -Size $photo.Length)]... " -NoNewline
        try { 
            $r = Invoke-WebRequest -Method Patch -Uri "https://graph.microsoft.com/v1.0/users/$($user.UserPrincipalName)/photo/`$value" -Headers $msgHeaders -Body $photo
            if($r.StatusCode -eq 200) {
                Write-Host "OK"
            }
        } catch { 
            Write-Host ""
            Write-Host -ForegroundColor Red (" - server returned {0} -> probably user does not have an ExO mailbox?" -f $_.Exception.Response.StatusCode)
        }
    }
 }

 $endTime = Get-Date
 $duration = $endTime - $startTime
 Write-Host ("Total sync duration: {0}" -f $duration)
 #endregion
	#region Functions
	function ConvertFrom-Timestamp {
	param(
	[Parameter(Mandatory = $true)]
	[int]$Timestamp
	)

	$utc = (Get-Date 01.01.1970) + ([System.TimeSpan]::fromseconds($Timestamp))
	$datetime = [datetime]::SpecifyKind($utc, 'Utc').ToLocalTime()

	$datetime
	}

	function Get-ReadableSize($Size) {
	$suffix = "B", "kB", "MB", "GB", "TB"
	$index = 0
	while ($Size -gt 1kb) {
	$Size = $Size / 1kb
	$index++
	}

	"{0:N1} {1}" -f $Size, $suffix[$index]
	}

	function Invoke-ClientCredentialsFlow {
	param(
	[string]$Tenant,
	[Parameter(ParameterSetName='ClientCredential')]
	[pscredential]$Client,
	[Parameter(ParameterSetName='ClientExplicit')]
	[string]$ClientId,
	[Parameter(ParameterSetName='ClientExplicit')]
	[string]$ClientSecret,
	[string]$Resource = "https://graph.microsoft.com",
	[string]$AuthorizationEndpoint = "https://login.microsoftonline.com/{0}/oauth2/token"
	)

	$authUrl = $AuthorizationEndpoint -f $Tenant
	$parameters = @{
	grant_type = "client_credentials"
	client_secret = $ClientSecret
	resource = $Resource
	client_id = $ClientId
	}

	$response = Invoke-RestMethod -Uri $authUrl -Method Post -Body $parameters
	$expires = ConvertFrom-Timestamp -Timestamp $response.expires_on

	$result = [PSCustomObject]@{
	Expires = $expires
	AccessToken = $response.access_token
	}

	$result
	}
	#endregion

	#region Option 3: AAD Graph API -> Microsoft Graph API (which goes to ExO mailbox)
	$startTime = Get-Date

	# MS Graph
	$msgToken = Invoke-ClientCredentialsFlow -Tenant $tenant -ClientId $clientId -ClientSecret $clientSecret -Resource "https://graph.microsoft.com"
	$msgHeaders = @{
	"Authorization" = "Bearer $($msgToken.AccessToken)"
	"Content-Type" = "image/jpeg"
	}

	# AAD Graph API
	$aadToken = Invoke-ClientCredentialsFlow -Tenant $tenant -ClientId $clientId -ClientSecret $clientSecret -Resource "https://graph.windows.net"
	$aadHeaders = @{
	"Authorization" = "Bearer $($aadToken.AccessToken)"
	"Content-Type" = "image/jpeg"
	}

	$url = "https://graph.windows.net/myorganization/users/?`$filter=dirSyncEnabled eq true&`$top=500&api-version=1.6"
	$r = Invoke-RestMethod -Method Get -Uri $url -Headers $aadHeaders

	$users = $r.value
	while($r.'odata.nextLink')
	{
	$nextLink = $r.'odata.nextLink'+'&api-version=1.6'
	$r = Invoke-RestMethod -Uri "https://graph.windows.net/myorganization/$($nextLink)" -Headers $aadHeaders -Method Get
	$users += $r.value
	}

	#$user = $users \| ? UserPrincipalNAme -eq "marge.simpson@litware.ml"
	foreach($user in $users) {
	$user.userPrincipalName

	$exch = $user.assignedPlans \| Where-Object service -EQ "exchange"
	if(-not $exch) {
	Write-Host -ForegroundColor Yellow " - user without Exchange license -> skipping"
	continue
	}

	$photo = $null
	$url = "https://graph.windows.net/myorganization/users/$($user.userPrincipalName)/thumbnailPhoto?api-version=1.6"
	try {
	$r = Invoke-WebRequest -Method Get -Uri $url -Headers $aadHeaders
	$photo = $r.Content
	} catch {
	if($_.Exception.Response.StatusCode.value__ -eq 404) {
	Write-Host -ForegroundColor Yellow " - no photo available -> skipping"
	}
	else {
	Write-Host -ForegroundColor Red "Error while loading pic: $($_.Exception)"
	}
	continue
	}

	if($photo) {
	Write-Host " - updating a picture [$(Get-ReadableSize -Size $photo.Length)]... " -NoNewline
	try {
	$r = Invoke-WebRequest -Method Patch -Uri "https://graph.microsoft.com/v1.0/users/$($user.UserPrincipalName)/photo/`$value" -Headers $msgHeaders -Body $photo
	if($r.StatusCode -eq 200) {
	Write-Host "OK"
	}
	} catch {
	Write-Host ""
	Write-Host -ForegroundColor Red (" - server returned {0} -> probably user does not have an ExO mailbox?" -f $_.Exception.Response.StatusCode)
	}
	}
	}

	$endTime = Get-Date
	$duration = $endTime - $startTime
	Write-Host ("Total sync duration: {0}" -f $duration)
	#endregion
No results found