New command: onedrive add

[plamber]

Usage

onedrive add [options]

Description

Pre-provision OneDrive for users in your organization

Options

Option	Description
-o, --option <option>	option
-o, --output [output]	Output type. json,text. Default text
-e, --emails <emails>	User emails
--verbose	Runs command with verbose logging
--debug	Runs command with debug logging

Additional Information

Reference issue #929. There are issues if you run the command in app-only context. Nevertheless, administrators might want to run it in their context or with a privileged user.

Official documentation. New-PnpPersonalSite

[waldekmastykarz]

Isn't the issue related to bearer token altogether rather than just app-only? Let's double check before proceeding.

[garrytrinder]

Isn't the issue related to bearer token altogether rather than just app-only? Let's double check before proceeding.

This was my understanding as well, btw all the code for this is in a branch on my fork https://github.com/garrytrinder/cli-microsoft365/tree/spo-personalsite-add

[nicodecleyre]

Tried some approaches here:

• POST https://contoso-admin.sharepoint.com/_api/SP.UserProfiles.ProfileLoader.GetProfileLoader/CreatePersonalSiteEnqueueBulk
• The great xml find by @garrytrinder from here
• GET https://graph.microsoft.com/v1.0/drives/user@contoso.onmicrosoft.com/root

But they all result in an error, after all this time it seems that it's still not possible to pre-provision OneDrive unfortunately 😞

[waldekmastykarz]

How is it implemented in the PnP PowerShell cmdlet Patrick linked in the issue? Or is it broken there as well?

[nicodecleyre]

How is it implemented in the PnP PowerShell cmdlet Patrick linked in the issue? Or is it broken there as well?

No, the New-PnpPersonalSite command works, but somehow we get an invalid request response back when we do the same steps:

First you have to get a Request Digest by doing:

POST https://contoso-admin.sharepoint.com/_vti_bin/sites.asmx

Headers:

• Content-Type: text/xml

With the body:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <GetUpdatedFormDigestInformation xmlns="http://schemas.microsoft.com/sharepoint/soap/" />
  </soap:Body>
</soap:Envelope>

and then you do following request with that request digest:

POST https://contoso-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

Headers:

• Content-Type: text/xml
• X-RequestDigest: The DigestValue you got back from the previous call

With the body:

<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="16.0.0.0" ApplicationName="CLI for Microsoft 365" xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009">
    <Actions>
        <ObjectPath Id="2" ObjectPathId="1" />
        <Method Name="CreatePersonalSiteEnqueueBulk" Id="3" ObjectPathId="1">
            <Parameters>
                <Parameter Type="Array">
                    <Object Type="String">user@contoso.onmicrosoft.com</Object>
                </Parameter>
            </Parameters>
        </Method>
    </Actions>
    <ObjectPaths>
        <StaticMethod Id="1" Name="GetProfileLoader" TypeId="{9c42543a-91b3-4902-b2fe-14ccdefb6e2b}" />
    </ObjectPaths>
</Request>

Which results in this response:

[nicodecleyre]

Update, when replacing the single quotes in the xml body with escaped double quotes, we get an Attempted to perform an unauthorized operation. error back. Tried with an aad application with several permissions regarding SharePoint, no luck..

[MathijsVerbeeck]

Hi

I've just done some research regarding this, and indeed the code is working when using PnP PowerShell, but it is only working on my end when we would the deprecated option -UseWebLogin, not when using -Interactive, the newer version of -UseWebLogin.

When I execute the code that PnP PowerShell uses in a console application, authenticated using new AuthenticationManager().GetWebLoginClientContext("https://mathijsdev2-admin.sharepoint.com/"), I can execute the code that the PnP PowerShell uses without any issues. The only thing that I can see in Postman is that instead of using the X-Request-Digest, it uses the cookie option, so I think that this is a special request that perhaps only allow us using an authentication cookie, which is retrieved based on the credentials entered by the users if I'm not mistaken, so I'm not sure if we can do this when we use --deviceLogin, that's something else that I will have to research.