Understanding the PowerShell Script — Part 1

Welcome to the SharePoint Archiving Solution Series:

This blog is divided into multiple sections, each focusing on a crucial aspect of the migration process. Below are links to navigate directly to each section:

1. Introduction
2. Pre-requisites
3. Application Registration and API Permissions
4. PowerShell Script Workflow
5. Understanding the PowerShell Script — Part 1
6. Understanding the PowerShell Script — Part 2
7. Understanding the PowerShell Script — Part 3
8. Get Full Script from GitHub

Welcome to the final section of our migration series. In this part, we will dive deep into the PowerShell script that automates the migration process from SharePoint to OneDrive.

Before we start, here are a few things to keep in mind:

1. Take Your Time: The script is detailed and complex. Don’t rush through it. Take your time to understand each part.
2. Break It Down: We will break down the script into manageable sections. Focus on one section at a time to avoid feeling overwhelmed.
3. Refer Back: Feel free to refer back to the previous sections of this series. They provide the foundational knowledge necessary for understanding the script.
4. Ask Questions: If something isn’t clear, jot down your questions. You can seek further clarification through comments or additional resources.
5. Practice: Try running parts of the script in a safe, test environment. Hands-on practice will reinforce your understanding.

Let’s get started and demystify the PowerShell script step by step.

Script Folder Structure

When you download or pulled the script from the GitHub, you will see the following folder structure:

SharePoint to OneDrive
├── Modules
│   ├── AccessToken.psm1
│── setting.json
├── start_exe.ps1
└── README.md

Let’s break down what each file and folder is for:

Modules Folder > AccessToken.psm1: The AccessToken.psm1 Module is designed to obtain an access token from the Microsoft Online OAuth 2.0 endpoint, which is essential for authenticating and interacting with Microsoft Graph API.

function Get-AccessToken {
    param(
        [string]$TenantID,
        [string]$ClientID,
        [string]$ClientSecret
    )
    $TokenURL = "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token"


    $body = @{
        grant_type = 'client_credentials'
        client_id = $ClientID
        client_secret = $ClientSecret
        scope = 'https://graph.microsoft.com/.default'
    }

    $bodyString = ""
    foreach ($param in $body.GetEnumerator()) {
        $bodyString += "&$($param.Name)=$($param.Value)"
    }

    $response = Invoke-RestMethod -Uri $TokenURL -Method Post -Body $bodyString -ContentType "application/x-www-form-urlencoded" 

    $response.access_token
}

Export-ModuleMember -Function Get-AccessToken

Here’s a breakdown of what the script does:

1. Function Definition: The function Get-AccessToken is defined with three parameters: $TenantID, $ClientID, and $ClientSecret. These parameters are required to authenticate and obtain an access token from Microsoft.
2. Token URL: The $TokenURL is constructed using the provided $TenantID to target the specific Azure AD tenant's token endpoint.
3. A hashtable $body is created to store the parameters needed for the token request: grant_type -> Specifies the type of grant being used, which is 'client_credentials' in this case. client_id ->The application (client) ID registered in Azure AD. client_secret -> The application secret associated with the client ID. scope -> The scope of the access request, which is set to 'https://graph.microsoft.com/.default' to get a token for accessing Microsoft Graph.
4. Body String Construction: The script constructs a string from the hashtable to be sent in the request body using a loop.
5. Invoke REST Method: The Invoke-RestMethod cmdlet is used to make a POST request to the $TokenURL with the constructed body string and appropriate content type. The response, which includes the access token, is stored in $response.

setting.json: This JSON file contains configuration settings needed for the script to run, such as Sites IDs, Client ID, Tenant ID or other necessary parameters.

{
    "TenantID": "d9d6f-dfhd8d7hf-d9768hd-f6hfhk",
    "ClientSecret": "Jkl_ldhj~jdhfllshdkfhja;khHGKlkl",
    "ClientID": "37dks-jfj76d-hdfjd7nd-76fbhdks",
    "OneDriveUPN": "user@contoso.com",
    "SiteIDs": [
        "23hjfh-dhfJ-hjdKHH-lk876KHhkk-Hlkhdl"
    ],
    "ModifiedDate": "2015-03-05"
}

Here is the breakdown of ‘setting.json’

1. TenantID: This is the unique identifier for the Azure Active Directory tenant. It is used to target the correct tenant when requesting an access token. Add your tenant ID you saved when you Registered your App.
2. ClientID: This is the unique identifier for the application registered in Azure AD. It is used to identify the application when requesting an access token. Add your Client ID here.
3. ClientSecret: This is the secret key associated with the application registered in Azure AD. It is used alongside the client ID to authenticate and obtain an access token. Add your Client Secret here.
4. OneDriveUPN: This is the email address of the One Drive account you want to migrate your SharePoint into.
5. SiteIDs: You can add more than one site ids here to transfer from multiple SharePoint Sites. There is a different way you can get site Id One way is to get from SharePoint Admin center, Click here for instruction.
6. ModifiedDate: Add your date as show in the json setting file. Script will transfer files before modified Date.

By organizing the project in this manner, the script becomes modular and easier to manage. Each component has a specific role, making it easier for other developers to understand and contribute to the project.

< Previous — 1 2 3 4 5 6 7 — Next >