參考文檔:Calling Dataverse Web API in PowerShell using Client Credentials
以下是powershell腳本:
<#
.SYNOPSIS
Connect to Dataverse and run Custom API Function
.NOTES
Author : Richard Wilson
Author2 : Leiah modified on 20250209
.PARAMETER $oAuthTokenEndpoint
The v2 OAuth endpoint for the App registration. This can be found by opening the App registation and
clicking the Endpoints button in the Overview area. Copy the OAuth 2.0 token endpoint (v2) url.
.PARAMETER $appId
The Application (client) ID of the App registration
.PARAMETER $clientSecret
The client secret generated within the App registration
.PARAMETER $dataverseEnvUrl
The url of the Dataverse environment you want to connect to
#>
param
(
[string] $oAuthTokenEndpoint = '',
[string] $appId = '',
[string] $clientSecret = '',
[string] $dataverseEnvUrl = ''
)
##########################################################
# Access Token Request
##########################################################
# OAuth Body Access Token Request
$authBody =
@{
client_id = $appId;
client_secret = $clientSecret;
# The v2 endpoint for OAuth uses scope instead of resource
scope = "$($dataverseEnvUrl)/.default"
grant_type = 'client_credentials'
}
# Parameters for OAuth Access Token Request
$authParams =
@{
URI = $oAuthTokenEndpoint
Method = 'POST'
ContentType = 'application/x-www-form-urlencoded'
Body = $authBody
}
# Get Access Token
Write-Host 'Getting Access Token...'
$authRequest = Invoke-RestMethod @authParams -ErrorAction Stop
$authResponse = $authRequest
Write-Host "Access Token Received"
Write-Host "================================"
##########################################################
# Get user_email list from local file
##########################################################
$userEmailList = Get-Content -Path "Your local file path"
foreach ($user_email in $userEmailList) {
##########################################################
# Call Dataverse WebAPI using Authentication Token
##########################################################
$GUID = Get-SystemUserId -user_email $user_email -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
Write-Host "The system user guid is: $GUID"
Write-Host "================================"
$Roles = Get-UserRoles -GUID $GUID -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
Write-Host "$user_email has the following security roles:"
foreach ($roleid in $Roles) {
Write-Host "roleId:" $roleid.Matches.Groups[1].Value
}
Write-Host "================================"
Remove-UserRoles -GUID $GUID -Roles $Roles -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
Write-Host "Done removing security roles for user: $user_email"
Write-Host "================================"
}
##########################################################
# Call Dataverse WebAPI using Authentication Token
##########################################################
function Get-SystemUserId {
param (
[string] $user_email,
[string] $dataverseEnvUrl,
[object] $authResponse
)
$uriParams = "systemusers?`$filter=internalemailaddress eq '$user_email'&`$select=systemuserid"
$apiCallParams =
@{
URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
Headers = @{
"Authorization" = "$($authResponse.token_type) $($authResponse.access_token)"
}
Method = 'GET'
}
Write-Host 'Sending GET request to retrieve systemuserid for user:' $user_email
$apiCallRequest = Invoke-RestMethod @apiCallParams -ErrorAction Stop
$apiCallResponse = $apiCallRequest
$systemUserId = $apiCallResponse.value | Select-String -Pattern "systemuserid=([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})"
return $systemUserId.Matches.Groups[1].Value
}
function Get-UserRoles {
param (
[string] $GUID,
[string] $dataverseEnvUrl,
[object] $authResponse
)
$uriParams = "systemusers($GUID)/systemuserroles_association/`$ref"
$apiCallParams =
@{
URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
Headers = @{
"Authorization" = "$($authResponse.token_type) $($authResponse.access_token)"
}
Method = 'GET'
}
Write-Host "Sending GET request to retrieve user security roles..."
Write-Host "================================"
$apiCallRequest = Invoke-RestMethod @apiCallParams -ErrorAction Stop
$apiCallResponse = $apiCallRequest
$Roles = $apiCallResponse.value | Select-String -Pattern "roles\((.*?)\)"
return $Roles
}
function Remove-UserRoles {
param (
[string] $GUID,
[array] $Roles,
[string] $dataverseEnvUrl,
[object] $authResponse
)
foreach ($roleids in $Roles) {
$roleid = $roleids.Matches.Groups[1].Value
$uriParams = "systemusers($GUID)/systemuserroles_association/`$ref?`$id=https://orgcd973b6c.api.crm.dynamics.com/api/data/v9.2/roles($roleid)"
$apiCallParams =
@{
URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
Headers = @{
"Authorization" = "$($authResponse.token_type) $($authResponse.access_token)"
}
Method = 'DELETE'
}
Write-Host "Removing user security roles:" $roleid
Invoke-RestMethod @apiCallParams -ErrorAction Stop
Write-Host "User security role removed"
Write-Host "================"
}
}
Write-Host "Script completed"
