#Set-ExecutionPolicy RemoteSigned
# Option 1 - This can be used to be prompted for credentials
$UserCredential = Get-Credential
# Create the session to Exchange Online
$Session = New-PSSession -ConfigurationName Microsoft.Exchange
-ConnectionUri https://outlook.office365.com/powershell-liveid/
-Credential $UserCredential -Authentication Basic -AllowRedirection
# Import the Exchange Online commands
Import-PSSession $Session
$csvFile = “c:\test\auditlog.csv”
# Setup our start and end dates to pull back events
#$start = Get-Date
$end = Get-Date
$start = $end.AddDays( -1 )
$i =1;
$startTime= Get-Date
do
{
$AuditData = Search-UnifiedAuditLog
-StartDate $start -EndDate $end
-RecordType SharePointFileOperation
-ResultSize 5000
-SessionCommand ReturnLargeSet
-SessionId "ExtractLogs"
-SiteIds <<Site GUID>>
$ConvertedOutput = $AuditData | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$ConvertedOutput | SELECT CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-csv $csvFile -NoTypeInformation -Append -Force
Write-Host $i++ . $AuditData.Count
$i = $i + 1;
}Until($AuditData.Count -eq 0)
$endTime= Get-Date
Write-Host $startTime - $endTime
Get Site Id
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$credential = Get-Credential
$context = New-Object Microsoft.SharePoint.Client.ClientContext("SiteURL")
$context.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.UserName,$credential.Password)
$site = $context.Site
$context.Load($site)
$context.ExecuteQuery();
$site.Id
Comments