我使用 MSGraph Explorer 和 PowerShell Invoke-RestMethod 来查询相同的 MSGraph API,但 MSGraph Explorer 返回的详细信息比 PowerShell 命令多得多。这可能是权限问题,或者我错过了 PowerShell 命令中的某些内容。
这里是 URI,用于检索特定目录更改的审核日志。
https://graph.microsoft.com/beta/auditLogs/directoryAudits/Directory_029A8_49125229
这是 MSGraph Explorer 的输出:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/directoryAudits/$entity",
"id": "Directory_029A8_49125229",
"category": "Core Directory",
"correlationId": "d534994f-61f4-4015-8040-c16f728ec8b3",
"result": "success",
"resultReason": "",
"activityDisplayName": "Update user",
"activityDateTime": "2018-10-04T05:41:19.9668303Z",
"loggedByService": null,
"initiatedBy": {
"app": null,
"user": {
"id": "1f5c2159-f515-4cea-a99c-11c6ce1f7a5e",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7b0f1416561a1f1612153b1814150f140814551415161218091408141d0f55181416" rel="noreferrer noopener nofollow">[email protected]</a>",
"ipAddress": "<null>"
}
},
"targetResources": [
{
"@odata.type": "#microsoft.graph.targetResourceUser",
"id": "498b3884-f723-444c-9c01-b75ec2c0ef08",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f6a2999bd8a493979ab695999882998599d895999b" rel="noreferrer noopener nofollow">[email protected]</a>",
"modifiedProperties": [
{
"displayName": "AssignedLicense",
"oldValue": "[\"[SkuName=ENTERPRISEPACK, AccountId=cdc4b90d-7fa9-4a, SkuId=6f94b900, DisabledPlans=[]]\"]",
"newValue": "[]"
},
{
"displayName": "AssignedPlan",
"oldValue": "[{\"SubscribedPlanId\":..., \"ServicePlanId\":\"50e68c76-46c6-4674-81f9-75456511b170\"}]",
"newValue": "[{\"SubscribedPlanId\":... 50e68c76-46c6-4674-81f9-75456511b170\"}]"
},
{
"displayName": "Included Updated Properties",
"oldValue": null,
"newValue": "\"AssignedLicense, AssignedPlan\""
},
{
"displayName": "TargetId.UserType",
"oldValue": null,
"newValue": "\"Member\""
}
]
}
],
"additionalDetails": [
{
"key": "UserType",
"value": "Member"
}
]
}
这是 Invoke-RestMethod 的输出:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/directoryAudits/$entity",
"id": "Directory_029A8_49125229",
"category": "Core Directory",
"correlationId": "d534994f-61f4-4015-8040-c16f728ec8b3",
"result": "success",
"resultReason": "",
"activityDisplayName": "Update user",
"activityDateTime": "2018-10-04T05:41:19.9668303Z",
"loggedByService": null,
"initiatedBy": {
"app": null,
"user": {
"id": "1f5c2159-f515-4cea-a99c-11c6ce1f7a5e",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8ccd7d595d9dcd5d1d6f8dbd7d6ccd7cbd796d7d6d5d1dbcad7cbd7decc96dbd7d5" rel="noreferrer noopener nofollow">[email protected]</a>",
"ipAddress": "\u003cnull\u003e"
}
},
"targetResources": [
{
"@odata.type": "#microsoft.graph.targetResourceUser",
"id": "498b3884-f723-444c-9c01-b75ec2c0ef08",
"displayName": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a7f3c8ca89f5c2c6cbe7c4c8c9d3c8d489c4c8ca" rel="noreferrer noopener nofollow">[email protected]</a>",
"modifiedProperties": " "
}
],
"additionalDetails": [
{
"key": "UserType",
"value": "Member"
}
]
}
如您所见,Invoke-RestMethod 不会在“additionalDetails”下返回任何详细信息。
这是我的 PowerShell 脚本
Function GetAuthToken
{
param
(
[Parameter(Mandatory=$true)]
$TenantName
)
Import-Module Azure
$clientId = "ef9bcdf0-a675-4cd5-9ec3-fa549f9ee4cf"
$redirectUri = "https://RedirectURI.com"
$resourceAppIdURI = "https://graph.microsoft.com"
$authority = "https://login.microsoftonline.com/$TenantName"
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$Credential = Import-Clixml -Path "C:\MIMA\tom_admin_cred.xml"
$AADCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $credential.UserName,$credential.Password
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId,$AADCredential)
return $authResult
}
if($Version -eq $null) {$Version='Beta'}
#------Get the authorization token------#
$token = GetAuthToken -TenantName $tenant
#------Building Rest Api header with authorization token------#
$authHeader = @{
'Content-Type'='application\json'
'Authorization'=$token.CreateAuthorizationHeader()
}
$uri = "https://graph.microsoft.com/beta/auditlogs/directoryAudits/Directory_029A8_49125229"
$results = Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get
$results |ConvertTo-Json
最佳答案
我相信您的查询和权限一切正常,但结果有所不同,因为 ConvertTo-Json
cmdlet 默认 JSON 表示中包含 2 个级别的包含对象。
因此,如果您希望directoryAudit
所有属性都包含在结果中,则需要显式指定Depth
参数,例如:
$results |ConvertTo-Json -Depth 3 #at least 3 levels for directoryAudit entry
关于powershell - 使用 PowerShell Invoke-RestMethod 查询 MSGraph API 不会返回与 MSGraph Explorer 相同数量的详细信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52661810/