December 24, 2019

How To Use Graph API To Read Data From OneDrive For Business

2096 Views
How To Use Graph API To Read Data From OneDrive For Business

In my last project, there was a requirement to analyze the user's OneDrive data. For example, I needed to generate a report like if the item was a folder, file or Notebook. Also, I needed other information, for example, the size of the file and if the file was shared with external and internal users. One of the user’s OneDrive contained more than 100 GB data and 2 lakhs of items count. So, to achieve the goal, there were different options available, like we can use SharePoint Restful API or CSOM or Graph API.
In CSOM, there is a limitation of the threshold value. So, I decided to write a PowerShell with the Graph API. Microsoft Graph API is a Restful web API that enables us to access Microsoft Cloud Services. To call Graph API, first I needed to create and register an app and get it authenticated.

Steps to create Azure App and Grand Admin Concern:

Step 1. Login to Azure portal (https://portal.azure.com/) with a global admin account.
Step 2. Navigate to Azure Active Directory ->App registration –> New registration

How To Use Graph API To Read Data From OneDrive For Business

Step 3. Provide a user friendly APP name and use redirect URI as (https://localhost ) then click on “Register”

How To Use Graph API To Read Data From OneDrive For Business

Step 4: Configure permission. To call Graph API, I need to grant application level permission.

How To Use Graph API To Read Data From OneDrive For Business

Step 5. Grant admin consent for the app.

Step to Get client id and secrets

To authenticate and get access of the graph API, I need tenant Id, AppId and client Secret.

1. Login to Azure portal (https://portal.azure.com/) with a global admin account.
2. Navigate to Azure Active Directory ->App registration
3. Click on the newly created app from the list.

How To Use Graph API To Read Data From OneDrive For Business

4. Copy Client ID, tenant Id from the Overview section.

How To Use Graph API To Read Data From OneDrive For Business

5. Click on the “Certificate & secrets”

How To Use Graph API To Read Data From OneDrive For Business

6. Click on the “New client secret”

How To Use Graph API To Read Data From OneDrive For Business

7. Give some Description and select “Never”

How To Use Graph API To Read Data From OneDrive For Business

8. Copy the newly created value and store in safe place. We will use in our code.

How To Use Graph API To Read Data From OneDrive For Business

Writing and executing code

We are writing code in PowerShell. I write our code in VS Code.
We need “Microsoft.IdentityModel.Clients.ActiveDirectory.dll” to run the code.

Step 1. Declare 3 global variable and add tenantID, appID, client_secret.

$ADALpath = '\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
$tenantID = "######”
$appID = "#######" #the GUID of your app. For best result, use app with Sites.ReadWrite.All scope granted.
$client_secret = "########" #client secret for the app
Step 2. To obtain access toke use following code:

$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList "https://login.windows.net/$tenantID"
$ccred = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential -ArgumentList $appID,$client_secret
$global:authHeader = @{'Authorization'=$authenticationResult.Result.CreateAuthorizationHeader()}
Step 3. To get all users of your tenant, execute following query:

$uri = "https://graph.microsoft.com/v1.0/users?$`select=displayName,mail,userPrincipalName,id,userType&`$top=999&`$filter=userType eq 'Member'
$result = Invoke-WebRequest -Headers $AuthHeader -Uri $uri -Verbose:$VerbosePreference -ErrorAction Stop
Step 4: Loop each of the result and execute following line:

$uri = "https://graph.microsoft.com/v1.0/users/$($user.id)/drive/root"

It will return users root folder details.

Step 5: If root folder contains any child items then traverse each item.
Step 6: For getting child item details, we will execute following query:

$uri = https://graph.microsoft.com/v1.0/users/$($user.id)/drive/root/children
$children = @()
    do {
        $result = Invoke-GraphApiRequest -Uri "$URI" -Verbose:$VerbosePreference
        $URI = $result.'@odata.nextLink'
        $children += $result
    } while ($URI)
    if (!$children) { Write-Verbose "No items found for $($user.userPrincipalName), skipping..."; continue }
    $output = @()
    $cFolders = $children.value | ? {$_.Folder}
    $cFiles = $children.value | ? {$_.File} 
    $cNotebooks = $children.value | ? {$_.package.type -eq "OneNote"}

Store the output into a global variable.
To export output in a csv, execute the following query:


$Output | select OneDriveOwner,Name,lastModifiedDateTime,ItemType,Versions,Size,publicationStatus,Shared,ExternallyShared,Permissions,ItemPath | Export-Csv -Path "$((Get-Date).ToString('yyyy-MM-dd_HH-mm-ss'))_ODFBSharedItems.csv" -NoTypeInformation -Encoding UTF8 -UseCulture

One Reply to “How To Use Graph API To Read Data From OneDrive For Business”

  1. Hello,
    I have a question, how is $authenticationResult declared/defined and initialized? Is there maybe a line missing?

    I get errors on this line:
    $global:authHeader = @{‘Authorization’=$authenticationResult.Result.CreateAuthorizationHeader()}

    I am also not sure is $global:authHeader is declared anywhere.

Leave a Reply

Your email address will not be published. Required fields are marked *