Tag Archives: PnP.PowerShell

Connect-PnPOnline Interactive with Client App Id

Scenario

You use PnP.PowerShell and you need to connect to SharePoint Online via Connect-PnPOnline interactively (on behalf of a user).

You do not have tenant admin permissions or any tenant-level admin permissions (SharePoint, Teams, Exchange etc. ). But you can register an Azure App with delegated permissions.

Solution

  • register an Azure App
  • authentication blade: add platform – “Mobile and Desktop app”
    add “http://localhost”
  • API permissions blade: add delegated permissions you need
    (refer to specific API you’ll use)
  • use the following code 
$orgName = "yourTenant"
$adminUrl = "https://$orgName-admin.sharepoint.com"
$appId = "" # Client Id

$connection = Connect-PnPOnline -ClientId $AppId -Url $adminUrl -Interactive -ReturnConnection # -ForceAuthentication
$connection

Sometimes interactive window Pops up and disappears so you never have a chance to enter your admin id because you already authenticated (single-sigh-on) with your user Id. To ensure Connect-PnPOnline asks your credentials – use ” -ForceAuthentication”

Read access: Read items that were created by the user via PowerShell

Scenario:

You have a list in SharePoint Online. You want list items be visible to specific users only.
You want to leverage Item-Level Permissions under List Advanced settings: “Read access: Read items that were created by the user”. But the problem is it was not users who created items. E.g. the list was imported from excel file or created programmatically or migrated.

Solution:

PnP.PowerShell helps. Using “Set-PnPListItem”, you can re-write “Author” field in the list item.

Set-PnPListItem -List "Test" -Identity 1 -Values @{"Author"="testuser@domain.com"}

And, of course, use Item-Level Permissions under List Advanced settings: “Read access: Read items that were created by the user”:

Add users to “Site Visitors” group for read-only access:

… more TBP

Fastest way to delete all items in a large SPO list: PnP.PowerShell batches

Scenario: You have a large (>5k items) list in SharePoint Online.
You need to delete this list. “Remove-PnPList” fails with a message “The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator“. Deleting with UI fails too.

Try this PowerShell command with ScriptBlock:

Get-PnPListItem -List $list -Fields "ID" -PageSize 100 -ScriptBlock { Param($items) $items | Sort-Object -Property Id -Descending | ForEach-Object{ $_.DeleteObject() } } 

or this PowerShell with batches:

$batch = New-PnPBatch
1..12000 | Foreach-Object { Remove-PnPListItem -List $list -Identity $_ -Batch $batch }
Invoke-PnPBatch -Batch $batch

for me both methods gave same good result: ~17 items per second ( ~7 times faster than regular).

PnP.PowerShell batches

With a new PnP.PowerShell we can perform some operations against an SPO list with batches!
How fast PnP batches are? My measurements:

Time elapsed, secondswith batcheswith scriptBlockwithout batches
Add-PnPListItem (100 items)4.33 seconds42 seconds
Add-PnPListItem (500 items)21 seconds234 seconds
Add-PnPListItem (7000 items)314 seconds
Remove-PnPListItem (1000 items)58 seconds58 seconds429 seconds
Remove-PnPListItem (7000 items)395 seconds397 seconds

i.e. with batches your pnp.powershell code runs 7-10 times faster!

References: