Looking for a way through which I can add multiple users to a yammer group.
I tried this, but it doesn't work.
Is there any PowerShell scripts or an option available on the UI to add multiple users? I also tried to separate the users via comma delimiters but this doesn't work either.
Have also tried adding a AAD group but that didn't work either (the group doesn't appears in the dropdown).
Below is the PS script:
# Input Parameters
$developerToken = "999-test"
$uri="https://www.yammer.com/api/v1/group_memberships.json"
$headers = #{ Authorization=("Bearer " + $developerToken) }
$body=#{group_id="groupid";email="test#test.com"}
# Invoke Web Request - Add user to Group
$webRequest = Invoke-WebRequest –Uri $uri –Method POST -Headers $headers -Body $body
Related
I wish to call http api to change password in roundcube mail client using python code. How can this be done? Where is the exact location in the roundcube configuration and how is it invoked?
Ensure the httpapi is available in your install
In the main roundcube configuration file config.inc.php set the variables:
$config['password_httpapi_url'] =
'http://host:5000/change_user_password'; // required
$config['password_httpapi_method'] = 'GET'; // default
$config['password_httpapi_var_user'] = 'username'; // optional
$config['password_httpapi_var_curpass'] = 'curpass'; // optional
$config['password_httpapi_var_newpass'] = 'newpass'; // optional
Important NOTE: If you use the GET method you can pass the variables as parameters using query string values eg. the request.args.get('username')
If you use the POST method you need to use the form fields. eg. request.form['username']
Pass the http api driver name in plugins/password/config.inc.php:
$config['password_driver'] = 'httpapi';
Reload the web server.
How to post /poll command to Slack using hooks correctly? When we use it like this:
URL = 'https://hooks.slack.com/services/XXX/XXX/XXX'
CMD = '/poll "Name" "A" "B"'
requests.post(URL, json = {'text': CMD})
The result in slack is just text, not the applied command.
It's not possible for a slash command to be invoked by another app or integration. Slash commands are interpreted first by a Slack client and then executed -- human interaction is expected. You won't be able to execute a slash command by sending text via a webhook.
for automation purpose - running a migration from one AD to another - I want to authenticate my script actions towards the AD servers which I am connecting to to carry out the action.
creating a user for example via powershell is quite simple:
PS C:\Users\myuser> Get-ADUser -Server "domain1.net" -Identity username-1 | Set-ADUser -Server \
"domain1.net" -SamAccountName usernam-1-mig -DisplayName usernam-1-mig -Surname usernam-1-mig \
-UserPrincipalName usernam-1-mig -GivenName usernam-1-mig -Credential AD\admin-user
Since every time a user gets renamed a login is required, and since i am not using only powershell but rather python (yes because the migration is not only related to AD move but many more actions), I wanted to provide to each powershell command its username and password for the domain authentication.
I tried a couple of approaches from other websites but couldn't make it work. PSCredentials I looked at but couldn't figure it out either.
From python i am calling the powershell command like this
migration = subprocess.Popen(["powershell.exe", ps_rename_cmd ], stdout=subprocess.PIPE)
migration.wait()
ps_rename_cmd is a simple text variable with similar content from the first code snippet
Thanks a lot in advance for your help
OK, after digging down into the documentation and thanks to a great page!, I was able to figure it out...
From the powershell i learned that this works fine:
New-ADUser -Server "domain.net" -AccountPassword (ConvertTo-SecureString user_password \
-AsPlainText -Force) -EmailAddress "user1#domain.net" -Name "user1" -DisplayName "user1" \
-GivenName "user1" -Surname "user1" -UserPrincipalName "user1" -path \
"OU=COMPANY,OU=Applications,OU=Users,OU=DEPARTMENT,OU=Global,DC=department,DC=domain,\
DC=net" -PasswordNeverExpires $true -Confirm:$false -Credential (New-Object \
System.Management.Automation.PSCredential ("DOMAIN\admin-user",(ConvertTo-SecureString \
"password" -AsPlainText -Force)))
Important was to have the text inside the variables well formatted!
created the string for the Credential part
ps_credentials = (f' (New-Object System.Management.Automation.PSCredential ("DOMAIN1\{auth_user}",(ConvertTo-SecureString "{auth_pw}" -AsPlainText -Force)))')
the command as a string itself, well formatted! The ps_credentials var is used in brakets ()
ps_create_cmd = (f'New-ADUser -Server \"{domain_name}\" -Path \"{ou_destination}\" -AccountPassword ({sec_pw}) -EmailAddress {username}#domain.net -Name {username} -SamAccountName {username} -DisplayName {username} -Surname {username} -UserPrincipalName {username} -GivenName {username} -PasswordNeverExpires $true -Confirm:$false -Credential {ps_credentials}')
Running the powershell command like this
create_user = subprocess.run(["powershell.exe", (f'{ps_create_cmd}')], capture_output=True, text=True)
The credential window, which was hindering me to automate all this, doesn't pop up anymore and the admin user gets authenticated towards the AD server to create the new account. Ofc this can be altered to work with any -Credential requiring command.
Big Thanks to the Author of the website duffney. Really well done
I hope someone else will find this useful in the future. Looking forward for productive discussions :)
I have a simple python script: the generates an x-icon from a hex colour given to it, then it returns a valid byte-stream (BytesIO).
I want to get something like this (please, do not laugh, I'm using Nginx for about two days):
location ~^/icons/(?<colour>[a-fA-F0-9]{6})\.ico$ {
send 200 (./favicon.py colour); # System call to `favicon.py` with `colour` argument.
}
Is it possible at all?
The following config should do the work:
location ~^/icons/(?<colour>[a-fA-F0-9]{6})\.ico$ {
content_by_lua '
local command = "./favicon.py colour"
local handle = io.popen(command)
local content = handle:read("*a")
handle:close()
ngx.print(content)
';
}
Basically it uses Lua for executing and providing the content
NOTE: your nginx should be compiled with the lua module for this solution to work
I have a Python script that is running periodically on an AWS EC2 Ubuntu machine.
This script reads data from some files and sometimes changes data in them.
I want to download these files from OneDrive, do my own thing with them, and upload them back to OneDrive.
I want this to be done automatically, without the need for a user to approve any login or credentials. I'm ok with doing it once (i.e. approving the login on the first run) but the rest has to run automatically, without asking ever again for approvals (unless the permissions change, of course).
What is the best way to do this?
I've been reading the documentation on Microsoft Graph API but I'm struggling with the authentication part. I've created an application in Azure AAD, gave the sample permissions (to test) and created a secret credential.
I managed to do it. I'm not sure if it's the best way but it is working now. It's running automatically every hour and I don't need to touch it.
I followed the information on https://learn.microsoft.com/en-gb/azure/active-directory/develop/v2-oauth2-auth-code-flow
This is what I did.
Azure Portal
Create an application. Azure Active Directory -> App Registrations -> Applications from personal account
In Supported account types, choose the one that has personal Microsoft accounts.
In Redirect URI, choose Public client/native. We'll add the specific URI later.
In the application details, in the section Overview, take note of the Application (client) ID. We'll need this later.
In the section Authentication, click Add a Platform and choose Desktop + devices. You can use your own, I chose one of the suggested: https://login.microsoftonline.com/common/oauth2/nativeclient
In the section API permissions, you have to add all the permissions that your app will use. I added User.Read, Files.ReadWrite and offline_access. The offline_access is to be able to get the refresh token, which will be crucial to keep the app running without asking the user to login.
I did not create any Certificate or Secret.
Web
Looks like to get a token for the first time we have to use a browser or emulate something like that.
There must be a programmatic way to do this, but I had no idea how to do it. I also thought about using Selenium for this, but since it's only one time and my app will request tokens every hour (keeping the tokens fresh), I dropped that idea.
If we add new permissions, the tokens that we have will become invalid and we have to do this manual part again.
Open a browser and go to the URL below. Use the Scopes and the Redirect URI that you set up in Azure Portal.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=your_app_client_id&response_type=code&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&response_mode=query&scope=User.Read%20offline_access%20Files.ReadWrite
That URL will redirect you to the Redirect URI that you set up and with a code=something in the URL. Copy that something.
Do a POST request with type FORM URL Encoded. I used https://reqbin.com/ for this.
Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token
Form URL: grant_type=authorization_code&client_id=your_app_client_id&code=use_the_code_returned_on_previous_step
This will return an Access Token and a Refresh Token. Store the Refresh Token somewhere. I'm saving it in a file.
Python
# Build the POST parameters
params = {
'grant_type': 'refresh_token',
'client_id': your_app_client_id,
'refresh_token': refresh_token_that_you_got_in_the_previous_step
}
response = requests.post('https://login.microsoftonline.com/common/oauth2/v2.0/token', data=params)
access_token = response.json()['access_token']
new_refresh_token = response.json()['refresh_token']
# ^ Save somewhere the new refresh token.
# I just overwrite the file with the new one.
# This new one will be used next time.
header = {'Authorization': 'Bearer ' + access_token}
# Download the file
response = requests.get('https://graph.microsoft.com/v1.0/me/drive/root:' +
PATH_TO_FILE + '/' + FILE_NAME + ':/content', headers=header)
# Save the file in the disk
with open(file_name, 'wb') as file:
file.write(response.content)
So basically, I have the Refresh Token always updated.
I call the Token endpoint using that Refresh Token, and the API gives me an Access Token to use during the current session and a new Refresh Token.
I use this new Refresh Token the next time I run the program, and so on.
I've just published a repo which does this. Contributions and pull requests welcome:
https://github.com/stevemurch/onedrive-download