\Graph_ODFB_remove_all_shared.ps1 -Verbose -User that not all permissions can be removed, for example secondary admin for the ODFB site will always keep their access. Once you have downloaded it, use the following syntax to run it against a given user. Without further ado, you can find the script over at GitHub. You can also specify the – Verbose switch to spill out additional details during the processing of the drive in question.
The last parameter you need to specify is the user against which we will be running the script, via the – User parameter, and provide the value in the form of an UserPrincipalName or GUID. Unlike the “report” script, this time we will expand folders by default (controlled via the – ExpandFolders switch), up to a depth of two levels (controlled via the – Depth parameter), as to make sure we cover the bulk of the items available within the drive. If a valid drive is found for the user, the script will proceed to enumerate all items within it, depending on the specified parameter values. permissions are also necessary, as to perform a check whether the provided user identifier corresponds to an actual user within the tenant. The application will need to have the permission in order to be able to enumerate drives, files within them and their permissions, as well as remove the permission entries.
The script uses the application permissions model, so you will need to provide your tenantID, the appID of an Azure AD application you’ve created and the client secret associated with it. Kind of like the “stop sharing” button we have for individual items, but applied at the user level.Īs before, we will be using the Graph API endpoints, and to start with, we need a valid token. Instead, I’ve compiled another “proof of concept” script that will remove sharing permissions from any and all files within given user’s OneDrive for business drive. A quick way to achieve this is to play with the sharing permissions on the individual Site collection corresponding to the user’s drive, but where’s the fun in that. This is a common task for “leavers” scenarios, where the organization wants to make sure that content of user’s drive will not be accessible anymore by anyone else other than some designated person, be it the user’s manager or someone within the same team or even the legal department.
You can apply much of the same code to a different scenario – removing access for any shared files.
Sort of like the “sharing” report that you can generate within Office 365, but for all users. The script used the Graph API endpoints to get a list of users within your tenant, then for each user checked the presence of a OneDrive “drive”, enumerated the items therein and spilled details for any “shared” file.
Enroll today at for the full learning experience including lesson discussions, quizzes, exams, and a completion certificate.
This video is part of my FREE 30+ lesson self-paced online training course called Collaboration in Microsoft 365 (OneDrive, SharePoint, and Teams). You can also restore those deleted files or specific versions from your OneDrive’s recycle bin. You can delete whole files or just specific versions of files in OneDrive for Business.