• Stephen Port

Updating User Profiles via PowerShell

Setting permissions to the app service

First, you will need to head to the following URL to register a SharePoint app to handle the permissions to another user’s profile to allow you to update it. You can't (even with admin rights) seem to update another users profile through PnP PowerShell.


https://contoso-admin.sharepoint.com/_layouts/15/AppRegNew.aspx

Click on Generate for both the Client Id and Client Secret and make a note of the values as you will need these later.

The next step is granting permissions to the newly created principal. Since we're granting tenant scoped permissions this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx. Once the page is loaded add your client id and look up the created principal:


In the App’s Permissions enter the below XML:

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
  <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
</AppPermissionRequests>

Click Create and then on the next screen select Trust It to grant the application permissions to update the user profiles of other users.


Preparing the user profile properties

Some user profile properties are locked from users being able to edit them. You will need to unlock these for the script to edit the properties.

Head over to the SharePoint Admin Centre to begin.



Select User Profiles and then select Manage User Properties


Creating Custom Properties

If you wanted to create a custom property for the user for example, provide a space for them to log their LinkedIn profile url then you can do so by creating a new property. Below is the example for LinkedIn URL.

  • Click on New Property

  • Set Name to LinkedIn

  • Set Display Name to LinkedIn

  • Select the Type to URL

  • Policy Setting to Optional

  • Default Privacy to Everyone

  • User can override is checked

  • Allow users to edit values for this property checked

  • Show in the profile properties section of the user's profile page checked

  • Show on the Edit Details page checked

  • Leave everything else as it is by default.

There are many different types of custom properties you can set and you can also utilise a Term Set to allow for specific choices should you so wish.


Updating existing properties

Some properties may be locked by default. Whilst a user won’t be able to edit these as they won’t appear on the edit profile page you will want to set the User can override property to check so the script can update the property when running.


Building the CSV file

In order for the script to run against multiple user accounts, you will need to build out a CSV file with the following column headings


Key Notes:

  • The key column heading is the UserAccount which needs to be the email address of the account you wish to update.

  • If you want to add additional properties then you can find the list of Properties at the following link - SP.UserProfiles.PersonProperties.userProfileProperties property (sp.userprofiles) | Microsoft Docs

  • If you have a field that accepts multiple values you will need to separate them with a delimiter such as a comma ‘,’ or a semi-colon ‘;’.

  • The column headings in the CSV must match the exact name of the property used in the user profile service.

Save the file to a local path and make a note of the path of the file as this will be required for the script.


Creating PowerShell Script

The below PowerShell script will need to be run to update all the user profiles. It uses a CSV file to read the required properties to be updated.

Edit the below script and paste your ClientId and Client Secret. Replace everything highlighted in bold with your new values.


Key Notes:

  • Notice that the ClientSecret is enclosed in quotations. You will need to keep these quotations in the script but not for the ClientId.

  • Where you have chosen single value profile properties, enter these into the $Properties variable

  • Where you have chosen multi-value profile properties, enter these into the $MultiProperties variable

Connect-PnPOnline -Url "https://portasconsulting-admin.sharepoint.com" -ClientId xxxxxxxxxxxxxxxxxxxxxxxxxxx -ClientSecret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$Users = Import-Csv -Path C:Users\stephen\Downloads\UserProfiles.csv
$Properties = "WorkPhone","LinkedIn","AboutMe"
$MultiProperties = "SPS-Skills","SPS-Interests","SPS-School","SpokenLanguages"
foreach ($User in $Users)
{
foreach ($Property in $Properties){
Set-PnPUserProfileProperty -Account $User.UserAccount -PropertyName $Property -Value $User.$Property}
foreach ($MultiProperty in $MultiProperties){
Set-PnPUserProfileProperty -Account $User.UserAccount -PropertyName $MultiProperty -Values $User.$MultiProperty.Split(",")}
}