Cli-microsoft365: Add 'spo personalsite add' command

Created on 13 Apr 2019 · 19Comments · Source: pnp/cli-microsoft365

Hi,

I would love to see the new-pnppersonalsite cmdlet ported to the office365-cli. @waldekmastykarz is this the right naming?

Cheers,
Daniel

good first issue new feature not supported

Source

Laskewitz

Most helpful comment

I have raised this as an issue in PnP PowerShell repo https://github.com/SharePoint/PnP-PowerShell/issues/2267

@waldekmastykarz I think it would be best to put this on hold for now, looks like an API issue to me.

garrytrinder on 22 Sep 2019

❤1 👍1

All 19 comments

Absolutely! Want to propose a spec @Laskewitz?

waldekmastykarz on 16 Apr 2019

Creates personal site for the specified users

spo personalsite add -e|--emails <emails>

emails: Comma-separated list of e-mail addresses of users for whom to create a personal site

Equivalent of the New-PnPPersonalSite PowerShell cmdlet

waldekmastykarz on 28 Apr 2019

Hey @waldekmastykarz I don't mind picking this up 👍🏻

garrytrinder on 5 Sep 2019

👍1

Done some digging into this, no REST endpoint for this, but caught this XML payload in a Fiddler trace whilst executing the New-PnPPersonalSite cmdlet so can pass this to Client.svc

<Request AddExpandoFieldTypeSuffix="true" 
  SchemaVersion="15.0.0.0" 
  LibraryVersion="16.0.0.0" 
  ApplicationName="SharePoint PnP PowerShell Library" 
  xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009">
  <Actions>
    <ObjectPath Id="5" 
      ObjectPathId="4" />
    <Method Name="CreatePersonalSiteEnqueueBulk" 
      Id="6" 
      ObjectPathId="4">
      <Parameters>
        <Parameter Type="Array">
          <Object Type="String">[email protected]</Object>
          <Object Type="String">[email protected]</Object>
        </Parameter>
      </Parameters>
    </Method>
  </Actions>
  <ObjectPaths>
    <StaticMethod Id="4" 
      Name="GetProfileLoader" 
      TypeId="{9c42543a-91b3-4902-b2fe-14ccdefb6e2b}" />
  </ObjectPaths>
</Request>

garrytrinder on 5 Sep 2019

Awesome! Yeah, for some commands there is no REST API in SharePoint and we need to basically mimic CSOM call.

waldekmastykarz on 5 Sep 2019

👍1

I've been working on this tonight and stumbled across a permissions issue as I am getting Error: Access denied. You do not have permission to perform this action or access this resource. response from the request when authenticated as Global Administrator.

I assume that as the Client.svc request mimics the ProfileLoader.CreatePersonalSiteEnqueueBulk() method, the CLI will require User.ReadWrite.All permissions rather than User.Read.All which it is currently given.

@waldekmastykarz any guidance on what I should do here? Is it possible to point the CLI to use my own app identity with the User.ReadWrite.All permission granted?

garrytrinder on 17 Sep 2019

I managed to work out how to point to my own app identity after reading through the docs. Who would have thought documentation could be so useful... 😄

Anyway, I tried using my own identity with User.ReadWrite.All permissions granted and I'm still getting the same error 🤔 Any ideas?

garrytrinder on 17 Sep 2019

A quick google has found this, so it looks like it might be a licensing issue with the users I’m using in my testing, rather than a permissions issue.

https://sharepoint.stackexchange.com/questions/234993/access-denied-on-a-createpersonalsiteenqueuebulk-request-by-global-admin

garrytrinder on 17 Sep 2019

👍1

Great to see that you were able to unblock yourself using the docs 😄 It would be helpful if you could verify that it's indeed a licensing issue rather than something in the code that would prevent us from implementing it. Appreciate your help 👏

waldekmastykarz on 17 Sep 2019

I plan on setting up a new demo tenant to test the license theory against, so this is still work in progress.

garrytrinder on 17 Sep 2019

I've created a new tenant, assigned a user an E5 licence, but still getting Access Denied error thrown, that is also when granted User.ReadWrite.All using a custom app identity. It must be something else... 🤔

garrytrinder on 19 Sep 2019

@waldekmastykarz looks like I've stumbled across an issue in the API, see referenced issue above.

garrytrinder on 19 Sep 2019

👍1

Nice find! How is this solved in PnP PowerShell? Do they have the same issue?

waldekmastykarz on 21 Sep 2019

I’ll do some more digging over the weekend but as far as I know PnP-PowerShell uses a single CSOM call using the Tenant Admin URL.

I’ll inspect the request in more detail, see I’m missing a header somewhere.

garrytrinder on 21 Sep 2019

I've tested the New-PnPPersonalSite cmdlet and found that when using Forms Authentication (Get-Credentials) the cmdlet works as expected, however when using an App Identity (Bearer Token) I get the same error.