Another hidden list found, so onward to part 5 of the series… This might be a new-ish container, but it logs recently created [SharePoint Online] lists by a person so it gets audited:
- Create script variables.
[System.String] $endUserAccount = "charles@contoso.com"
$endUserAccount = $endUserAccount.Replace("@", "_").Replace(".", "_")
[System.String] $tenantName = "contoso"
[System.String] $requestAPI = ""
[System.String] $siteGuid = ""
[System.String] $listGuid = ""
[System.String] $api = ""
- Query and return target site ID.
$api = "/sites/$($tenantName)-my.sharepoint.com:/"
$api += "personal/$($endUserAccount)?$select=id,name,webUrl"
## Get Site ID
foreach($site in (Get-GraphAPIResponse -GraphAPIRequest "$api")) {
$siteGuid = "$($site.id)"
}
- Query and return target list ID.
$api = "/sites/$($siteGuid)/lists"
$api += "?select=id,list,lastModifiedDateTime,displayName,name"
$lst = "RecentLists"
## Get List ID - Recent Lists
foreach($objList in ((Get-GraphAPIResponse -GraphAPIRequest "$api"))) {
foreach($list in ($objList.value | ? { $_.name -like "*$($lst)*" } | Sort-Object displayName)) {
$listGuid = "$($list.id)"
}
}
e.g., target list object.
- Iterate target list items and item fields.
$api = "/sites/$($siteGuid)/lists/$($listGuid)/items"
$api += "?expand=fields"
## Get List Items
foreach($objItem in ((Get-GraphAPIResponse -GraphAPIRequest "$api"))) {
foreach($item in ($objItem.value | Sort-Object id -Descending)) {
foreach($field in $item.fields) {
$field
}
}
}
e.g., Target list item export.
Key Takeaways:
The RecentListsJson object is a treasure trove of information. Parsing through, there are several helpful key-value pairs to audit the:
| siteId | listId | createdDate |
| siteUrl | listUrl | lastModifiedDate |
| siteTitle | listTitle | lastViewDateTime |
| siteColor |
Conclusion:
This list was an unexpected find, but offered plenty of helpful information. Again, the content is there and can be queried using the Microsoft Graph API. If it can be queried, then it can be audited…
“We learned about honesty and integrity – that the truth matters… that you don’t take shortcuts or play by your own set of rules… and success doesn’t count unless you earn it fair and square.”
Michelle LaVaughn Robinson Obama
#blacklivesmatter
console.log('Charles'); 