ReportCloudServicesScriptContext

The ReportCloudServicesScriptContext class is used to work with cloud services. To access an instance of this class, use the CloudServices property of the predefined PowerShell variable called $Context in your scripts used to generate reports or report custom columns.

Inheritance: Object

Methods

  • Method

  • Description

  • GetO365Tenant()

  • Returns an instance of the IAdmO365Tenant interface that represents the Microsoft 365 tenant the specified object is associated with.

  • GetAzureAuthAccessToken(IADs)

  • Returns an Azure authentication token for the Microsoft 365 tenant the specified object is associated with. The token can be used for Microsoft Graph API only.

  • GetAzureAuthAccessToken(IADs, String)

  • Returns an Azure authentication token to be used to authenticate to the specified resource in the Microsoft 365 tenant the specified object is associated with.

  • CreateExchangeOnlinePSSession()

  • Creates a remote PowerShell session to Exchange Online in the Microsoft 365 tenant the specified object is associated with.

Details

GetO365Tenant()

Returns an instance of the IAdmO365Tenant interface that represents the Microsoft 365 tenant the specified object is associated with.

IAdmO365Tenant GetO365Tenant(IADs object)

Return value

If there is no Microsoft 365 tenant associated with the specified object, the method returns NULL.


GetAzureAuthAccessToken(IADs)

Returns an Azure authentication token for the Microsoft 365 tenant the specified object is associated with. The token can be used for Microsoft Graph API only.

String GetAzureAuthAccessToken(IADs object)

Examples

The following code sample gets the date when a user last logged on to Azure AD.

# Get access token for Microsoft Graph API
$user = $Context.BindToObjectByDN("CN=John Smith,DC=company,DC=com")
$token = $Context.CloudServices.GetAzureAuthAccessToken($user)

# Get the last logon date
$o365ObjectId = [Guid]$user.Get("adm-O365ObjectId")
$url = 'https://graph.microsoft.com/beta/users/' + $o365ObjectId.ToString() + `
'?$select=signInActivity'
$response = Invoke-RestMethod -Method GET `
    -uri $url `
    -Headers @{Authorization="Bearer $token"}

$lastLogonDate = $response.value[0].signInActivity.lastSignInDateTime

GetAzureAuthAccessToken(IADs, String)

Returns an Azure authentication token to be used to authenticate to the specified resource in the Microsoft 365 tenant the specified object is associated with.

String GetAzureAuthAccessToken(IADs object, String resourceId)

Parameters

  • object - Specifies the object associated with the Microsoft 365 tenant for which to retrieve an authentication token.
  • resourceId - Specifies the identifier of the resource for which to retrieve an authentication token.

Examples

The following code sample uses Azure Active Directory Graph API to get Azure AD groups a user is a member of.

# Get access token for Azure Active Directory Graph
$user = $Context.BindToObjectByDN("CN=John Smith,CN=Users,DC=company,DC=com")
$resourceId = "https://graph.windows.net/"
$token = $Context.CloudServices.GetAzureAuthAccessToken($user, $resourceId)

# Get tenant details
$tenant = $Context.CloudServices.GetO365Tenant($user)
$tenantId = $tenant.TenantID
$credential = $tenant.GetCredential()

# Get groups the user is a member of
$userId = [Guid]$user.Get("adm-O365ObjectId") 
Connect-AzureAD -AccountId $credential.AppId -AadAccessToken $token -TenantId $tenantId
$groups = Get-AzureADUserMembership -ObjectId $userId

CreateExchangeOnlinePSSession()

Creates a remote PowerShell session to Exchange Online in the Microsoft 365 tenant the specified object is associated with.

PSSession CreateExchangeOnlinePSSession(IADs object)

Examples

The following code sample gets the Litigation Hold status of a user mailbox.

# Bind to the user
$user = $Context.BindToObjectByDN("CN=John Smith,CN=Users,DC=company,DC=com")

try
{
    $session = $Context.CloudServices.CreateExchangeOnlinePSSession($user)
    Import-PSSession $session -CommandName "Get-MailBox"
    
    # Get Litigation Hold status
    $o365ObjectId = [Guid]$user.Get("adm-O365ObjectId")
    $userMailbox = Get-MailBox -Identity $o365ObjectId.ToString()

    $litigationHoldStatus = $userMailbox.LitigationHoldEnabled    
}
finally
{
    # Close the remote session
    if ($session) { Remove-PSSession $session }
}

Requirements

Minimum required version: 2021.1

See also