[CmdletBinding()] param ( [Parameter(Mandatory = $true)] $inputFilePath ) $ClientID = "xxx" # Should be a ~35 character string insert your info here $ClientSecret = "xxx" # Should be a ~44 character string insert your info here $loginURL = "https://login.windows.net" $tenantname = "xxx.onmicrosoft.com" # For example, contoso.onmicrosoft.com $proxyURL = "xxx" function Get-OauthToken($tenantname, $proxyURL, $ClientID, $ClientSecret){ $loginURL = "https://login.windows.net" $resource = "https://graph.microsoft.com" $body = @{grant_type = "client_credentials"; resource = $resource; client_id = $ClientID; client_secret = $ClientSecret } $oauth = Invoke-RestMethod -Method POST -Uri $loginURL/$tenantname/oauth2/token?api-version=1.0 -Body $body -Proxy $proxyURL -ProxyUseDefaultCredentials if ($oauth.access_token -ne $null){ return $oauth; } return $null; } $oauth = Get-OauthToken -tenantname $tenantname -proxyURL $proxyURL -ClientID $ClientID -ClientSecret $ClientSecret $headerParams = @{'Authorization' = "$($oauth.token_type) $($oauth.access_token)" } $updateHeaderParams = @{'Authorization' = "$($oauth.token_type) $($oauth.access_token)"; 'Content-type' = 'application/json' } $dataRows = Get-Content -Path $inputFilePath foreach($mail in $dataRows){ $ApiUrl = "https://graph.microsoft.com/beta/users/$($mail)" $response = $null $response = (Invoke-RestMethod -Headers $headerParams -Uri $ApiUrl -Method Get); write-host "$mail --- $($response.onPremisesExtensionAttributes.extensionAttribute10) --- $($response.onPremisesSyncEnabled) --- $($response.AccountEnabled)" if($response -and $response.onPremisesExtensionAttributes.extensionAttribute10 -ne $null){ $res = (Invoke-RestMethod -Headers $updateHeaderParams -Uri $ApiUrl -Method patch -Body "{onPremisesExtensionAttributes:{extensionAttribute10:''}}"); #$res = (Invoke-RestMethod -Headers $updateHeaderParams -Uri $ApiUrl -Method patch -Body '{"accountEnabled":false}' -Proxy $proxyURL -ProxyUseDefaultCredentials); } }