$results = Invoke-MgGraphRequest -Method 'GET' = "Next time call $deltaLink" Write-Host "- Remove user: $($member.id) -" # If it doesn't have a property then the member was added # Only process users though, not groups or other membership changes $results = Invoke-MgGraphRequest -Method 'GET' -Uri '$select=members' > $results = Invoke-MgGraphRequest -Method 'GET' -Uri '$select=members' Here’s me invoking the URL with the delta token. This is what contains – which is why the URL looks like $deltatoken=eKgfrPQSvBw5VPEZGw9Ff.Īll this and more can be found in the delta API docs by the way. Nice, huh? And at the end of that you will get a new delta token which can be used in subsequent invocations to get all the changes since then. The next time you call the API – which can be immediately or after how many every hours or days – if you do so with the delta token, it will give you all the changes since the previous invocation. So essentially, you keep polling the API with skip tokens until you get no skip token at which point you should have a delta token and so you capture that somewhere. You only get the delta token when you get the final set of results – i.e. Similarly, the delta token is a token that captures the point in time or state of the output. That’s what is, which is why the URL looks like $skiptoken=eKgfrPQSvBw5VPEZGw9FfwaG4. To make things easy, the API gives you a new URL each time with the skip token added. The idea is you keep calling the API with skip tokens until you get all the output and skip token is empty. The skip token is an indicator of how much output was returned so calling the API again with the skip token gives you the next set of output with a new skip token. The way the delta API works is that the output includes these tokens – a skip token ( $skiptoken) and a delta token ( $deltatoken). In the second run, I don’t get a any more. You could filter against a particular group, but by default it just gives everything. It’s a bit of a weird call coz you don’t actually run this against a particular group. The best approach for this seems to be the group: delta Graph API call. If someone adds F to the destination group, I am fine with that stayin on… even though the source group doesn’t have it. The source group will thus contain A, B, C, D, E, while the destination contains A, B, C, D. Then I add D and E, I want these to sync over to the destination but now if someone removes E from the destination I am OK with that. That is to say, if my source group contains users A, B, and C and the destination group too contains the same. Any additions/ deletions in the source group must be made in the destination, but I don’t care if anyone adds/ removes entries in the destination group itself. remove anything in the destination group that’s not present in the source group – this time I only wanted a one way sync. It’s not bad, and I don’t plan on replacing a working thing with something else, but with the new task I had to do I wanted to try something different.įor one, while previously I wanted to do a full sync – i.e. This is slow though because I have some 100+ groups to do with this and while the actual comparision is fast I still have to make all those Graph API calls to get membership and such, which eventually leads to throttling and disconnects etc. $ removeMembers = ] :: Except ( ] $ existingMembers, ] $ newMembers, $ ignoreCaseComparer )
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |