Perform Index reset for Cloud SSA using Multi Factor Authentication

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: SharePoint Support Blog articles.

I was working on a case recently, where the users were trying to delete the Index from SharePoint Cloud SSA and when followed the article https://docs.microsoft.com/en-gb/archive/blogs/spses/cloud-search-service-application-removing-items-from-the-office-365-search-index , it had the script to perform the same.

 

However, the end user had their accounts configured with Multi Factor Authentication and the above didn't have the context.

Went ahead and tweaked the script and wrote one to leverage the App Context and connect to the SPO Service.

 

Alternatively, You can use

PowerShell PnP authentication manager which allows for a web login to provide your SPO credentials, which will allow for MFA.

<#
.SYNOPSIS
Issue a call to SharePoint Online to delete all metadata from on-premises content that was
indexed through cloud hybrid search. This operation is asynchronous.
.PARAMETER PortalUrl
SharePoint Online portal URL, for example 'https://abhassai.sharepoint.com'.
.PARAMETER Credential
Logon credential for tenant admin. Will prompt for credential if not specified.
#>
param(
[Parameter(Mandatory=$true, HelpMessage="SharePoint Online portal URL, for example 'https://contoso.sharepoint.com'.")]
[ValidateNotNullOrEmpty()]
[String] $PortalUrl,

[Parameter(Mandatory=$false, HelpMessage="Logon credential for tenant admin. Will be prompted if not specified.")]
[PSCredential] $Credential
)

$AzureEnvironment = "AzureCloud"
$IsGermanCloud = $false
$IsChinaCloud = $false
$IsITARvNext = $false
If ($Portalurl.EndsWith(".de") -or $Portalurl.EndsWith(".de/"))
{
$IsGermanCloud = $true
$AzureEnvironment = "AzureGermanyCloud"
}
If ($Portalurl.EndsWith(".cn") -or $Portalurl.EndsWith(".cn/"))
{
$IsChinaCloud = $true
$AzureEnvironment = "AzureChinaCloud"
}
If ($Portalurl.EndsWith(".dps.mil") -or $Portalurl.EndsWith(".dps.mil/") -or $Portalurl.EndsWith(".sharepoint-mil.us") -or $Portalurl.EndsWith(".sharepoint-mil.us/") -or $Portalurl.EndsWith(".sharepoint.us") -or $Portalurl.EndsWith(".sharepoint.us/"))
{
$IsITARvNext = $true
$AzureEnvironment = "USGovernment"
}
If ($IsPortalForUSGovernment)
{
$AzureEnvironment = "USGovernment"
}

$SP_VERSION = "15"
$regKey = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office Server\15.0\Search" -ErrorAction SilentlyContinue
if ($regKey -eq $null) {
$regKey = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search" -ErrorAction SilentlyContinue
if ($regKey -eq $null) {
throw "Unable to detect SharePoint Server installation."
}
$SP_VERSION = "16"
}

$code = @"
using System;
using System.Net;
using System.Security;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.IdentityModel;
using Microsoft.SharePoint.IdentityModel.OAuth2;

static public class ClientContextHelper
{
public static ClientContext GetAppClientContext(string siteUrl)
{
SPServiceContext serviceContext = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);
using (SPServiceContextScope serviceContextScope = new SPServiceContextScope(serviceContext))
{
ClientContext clientContext = new ClientContext(siteUrl);
ICredentials credentials = null;
clientContext.ExecutingWebRequest += (sndr, request) =>
{
request.WebRequestExecutor.RequestHeaders.Add(HttpRequestHeader.Authorization, "Bearer");
request.WebRequestExecutor.WebRequest.PreAuthenticate = true;
};

// Run elevated to get app credentials
SPSecurity.RunWithElevatedPrivileges(delegate()
{
credentials = SPOAuth2BearerCredentials.Create();
});

clientContext.Credentials = credentials;

return clientContext;
}
}
}
"@

$assemblies = @(
"System.Core.dll",
"System.Web.dll",
"Microsoft.SharePoint, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c",
"Microsoft.SharePoint.Client, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c",
"Microsoft.SharePoint.Client.Runtime, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
)

Add-Type -AssemblyName ("Microsoft.SharePoint.Client, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
Add-Type -AssemblyName ("Microsoft.SharePoint.Client.Search, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
Add-Type -AssemblyName ("Microsoft.SharePoint.Client.Runtime, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
Add-Type -TypeDefinition $code -ReferencedAssemblies $assemblies


<# if ($Credential -eq $null)
{
$Credential = Get-Credential -Message "SharePoint Online tenant admin credential"
} #>
Connect-MsolService -AzureEnvironment $AzureEnvironment
$cctx = [ClientContextHelper]::GetAppClientContext($PortalUrl)

$manager = New-Object Microsoft.SharePoint.Client.Search.ContentPush.PushTenantManager $cctx
$task = $manager.DeleteAllCloudHybridSearchContent()
$cctx.ExecuteQuery()

Write-Host "Started delete task (id=$($task.Value))"




Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.