powershell - 使用 PowerShell Invoke-RestMethod 查询 MSGraph API 不会返回与 MSGraph Explorer 相同数量的详细信息

Question

我使用 MSGraph Explorer 和 PowerShell Invoke-RestMethod 来查询相同的 MSGraph API，但 MSGraph Explorer 返回的详细信息比 PowerShell 命令多得多。这可能是权限问题，或者我错过了 PowerShell 命令中的某些内容。

这里是 URI，用于检索特定目录更改的审核日志。

https://graph.microsoft.com/beta/auditLogs/directoryAudits/Directory_029A8_49125229

这是 MSGraph Explorer 的输出:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/directoryAudits/$entity",
    "id": "Directory_029A8_49125229",
    "category": "Core Directory",
    "correlationId": "d534994f-61f4-4015-8040-c16f728ec8b3",
    "result": "success",
    "resultReason": "",
    "activityDisplayName": "Update user",
    "activityDateTime": "2018-10-04T05:41:19.9668303Z",
    "loggedByService": null,
    "initiatedBy": {
        "app": null,
        "user": {
            "id": "1f5c2159-f515-4cea-a99c-11c6ce1f7a5e",
            "displayName": null,
            "userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7b0f1416561a1f1612153b1814150f140814551415161218091408141d0f55181416" rel="noreferrer noopener nofollow">[email protected]</a>",
            "ipAddress": "<null>"
        }
    },
    "targetResources": [
        {
            "@odata.type": "#microsoft.graph.targetResourceUser",
            "id": "498b3884-f723-444c-9c01-b75ec2c0ef08",
            "displayName": null,
            "userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f6a2999bd8a493979ab695999882998599d895999b" rel="noreferrer noopener nofollow">[email protected]</a>",
            "modifiedProperties": [
                {
                    "displayName": "AssignedLicense",
                    "oldValue": "[\"[SkuName=ENTERPRISEPACK, AccountId=cdc4b90d-7fa9-4a, SkuId=6f94b900, DisabledPlans=[]]\"]",
                    "newValue": "[]"
                },
                {
                    "displayName": "AssignedPlan",
                    "oldValue": "[{\"SubscribedPlanId\":..., \"ServicePlanId\":\"50e68c76-46c6-4674-81f9-75456511b170\"}]",
                    "newValue": "[{\"SubscribedPlanId\":... 50e68c76-46c6-4674-81f9-75456511b170\"}]"
                },
                {
                    "displayName": "Included Updated Properties",
                    "oldValue": null,
                    "newValue": "\"AssignedLicense, AssignedPlan\""
                },
                {
                    "displayName": "TargetId.UserType",
                    "oldValue": null,
                    "newValue": "\"Member\""
                }
            ]
        }
    ],
    "additionalDetails": [
        {
            "key": "UserType",
            "value": "Member"
        }
    ]
}

这是 Invoke-RestMethod 的输出:

{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/directoryAudits/$entity",
"id": "Directory_029A8_49125229",
"category": "Core Directory",
"correlationId": "d534994f-61f4-4015-8040-c16f728ec8b3",
"result": "success",
"resultReason": "",
"activityDisplayName": "Update user",
"activityDateTime": "2018-10-04T05:41:19.9668303Z",
"loggedByService": null,
"initiatedBy": {
"app": null,
"user": {
"id": "1f5c2159-f515-4cea-a99c-11c6ce1f7a5e",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8ccd7d595d9dcd5d1d6f8dbd7d6ccd7cbd796d7d6d5d1dbcad7cbd7decc96dbd7d5" rel="noreferrer noopener nofollow">[email protected]</a>",
"ipAddress": "\u003cnull\u003e"
}
},
"targetResources": [
{
"@odata.type": "#microsoft.graph.targetResourceUser",
"id": "498b3884-f723-444c-9c01-b75ec2c0ef08",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a7f3c8ca89f5c2c6cbe7c4c8c9d3c8d489c4c8ca" rel="noreferrer noopener nofollow">[email protected]</a>",
"modifiedProperties": " "
}
],
"additionalDetails": [
{
"key": "UserType",
"value": "Member"
}
]
}

如您所见，Invoke-RestMethod 不会在“additionalDetails”下返回任何详细信息。

这是我的 PowerShell 脚本

Function GetAuthToken
{
    param
        (
        [Parameter(Mandatory=$true)]
        $TenantName
        )
    Import-Module Azure
    $clientId = "ef9bcdf0-a675-4cd5-9ec3-fa549f9ee4cf" 
    $redirectUri      = "https://RedirectURI.com" 
    $resourceAppIdURI = "https://graph.microsoft.com"
    $authority = "https://login.microsoftonline.com/$TenantName"
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
    $Credential = Import-Clixml -Path "C:\MIMA\tom_admin_cred.xml"
    $AADCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $credential.UserName,$credential.Password
    $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId,$AADCredential)
    return $authResult
}
    if($Version -eq $null) {$Version='Beta'}
    #------Get the authorization token------#
    $token = GetAuthToken -TenantName $tenant 

    #------Building Rest Api header with authorization token------#
    $authHeader = @{
        'Content-Type'='application\json'
        'Authorization'=$token.CreateAuthorizationHeader()
        }

    $uri = "https://graph.microsoft.com/beta/auditlogs/directoryAudits/Directory_029A8_49125229"
     $results = Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get
     $results |ConvertTo-Json

Answer 1

我相信您的查询和权限一切正常，但结果有所不同，因为 ConvertTo-Json cmdlet 默认 JSON 表示中包含 2 个级别的包含对象。

因此，如果您希望directoryAudit所有属性都包含在结果中，则需要显式指定Depth参数，例如:

$results |ConvertTo-Json -Depth 3   #at least 3 levels for directoryAudit entry