PowerShell module for managing Axcient Anchor via the v2 API
This module is designed to administer and automate all aspects of the Anchor system that are available through the API. Functions should be PS-friendly, returning objects and accepting pipeline input where possible, including collections of objects, which allows for creation/modification/deletion of Anchor objects in bulk. (See ModuleGoals.md.)
- PowerShell offers powerful capabilities for administration and automation. Combining this with the flexibility of Anchor affords many benefits.
- System administrators are already using PowerShell to administer and automate products like Office 365 and ActiveDirectory.
- Other popular Web-based services (like Autotask) have open-source PowerShell wrappers. A PowerShell wrapper for Anchor allows administrators to use data from one (or several) systems to drive actions in other systems.
- Powershell's abilities to manipulate collections of objects, run multi-threaded processes, and schedule jobs allows for process automation that is not available through the native Anchor interfaces. Examples, both general and specific:
- Backup FSE mappings. If FSE mappings are lost (because a tech re-registers the sync account under a different Windows profile, for example π‘) there is no way to recover them, and no native record of what they were. See the Examples folder, and if you haven't done this, do it now.
- Add users, shares, etc. to multiple organizations at one time.
- Add a specific file or folder to the root of every user, in companies that start with 'A', that are in the US/Eastern time zone, all at once, with a single command.
- List machines that are specific to an organization and not its children. (Seriously, this should be implemented natively, but it's not.)
PS> Get-AnchorOrg -Top | Get-AnchorOrgMachines -ExcludeChildren - Get the last date and time the contents of a root changed.
Get-AnchorRootLastModified - Daily, create a list of machines that have not logged in for a specific time period and create a ticket in your PSA to have someone check on the machine.
- Monitor for specific administrative activity (like creation of an organization) and create tickets or send emails to appropriate resources for necessary follow-up.
- Automate the onboarding of an entire organization, including org policies, shares, users, and groups, with a collection of .csv files and a single command.
- Automate user termination procedures, including granting access to the user's root to other users.
- Monitor for the existence of specific files in a location for automated processing. (For example, saving a .csv file into a particular folder could trigger creation of user accounts in Office 365 or even Anchor itself.)
- Create a report of user access rights that can be formatted and manipulated to meet specific requirements.
- Automatically upload and share files created from other automation processes.
- Security monitoring: Get a list of all file shares created before a certain date that are still active.
- Automatically provision more space for an organization that approaches its space quota and generate an email/ticket for follow-up.
- Compare the list of an organizaiton's machines to a list of company managed machines (queried from an RMM tool, for example) to determine if users have loaded the agent on non-authorized machines; automatically create tickets/emails for followup.
- Check for the existence of a backup of certain folders on every machine and create it if it doesn't exist.
- Move a file or folder between roots that aren't synced to your PC. (This can be accomplished natively in a multi-step process, by navigating to the folder in the Web portal, downloading the file, then navigating to the target folder and uploading the file, then deleting the copy on your PC. With the Powershell Anchor-Api module this --is-- will be performed in a single command.)
-
Download the files in the Anchor-Api folder to a folder named Anchor-Api, in your $env:PSModulePath (usually %userprofile%\My Documents\WindowsPowerShell\Modules, or C:\Program Files\WindowsPowerShell\Modules, or C:\windows\system32\WindowsPowerShell\v1.0\Modules).
-
Run
Import-Module Anchor-Apito import the functions, classes, and variables into your current session. -
Try it out.
- You'll probably want to start with
Get-AnchorOrg -Top, which will return the top-level organization (yours). You can use that object as the key in other functions. - For example:
$anchorTopOrg = Get-AnchorOrg -Top$anchorTopOrg | Get-AnchorOrgChildren#anchorTopOrg | Get-AnchorOrgMachines - You'll probably want to start with
- To see the list of available commands, use
Get-Command -Module Anchor-Api. Get-Help <command-name>returns helpful info in some cases. (More to come.)- Look at the Examples folder of this git for examples.
β Connect-AnchorApiSession
Gets an Oauth token from the API. You can supply -Username and -Password values from the command line, pipe a [PSCredential] object, or supply nothing, in which case the function will prompt you to supply credentials.
β Disconnect-AnchorApiSession
Revokes the current Oauth token
β Update-AnchorApiSession
Refreshes the Oauth token. This is handled automatically by the function calls as needed, but if you're building in automation and not going to call any functions for longer than the expiry period, you might want to do this manually.
β Get-AnchorOauthState
Returns the state of the current Oauth token
β Get-AnchorOauthToken
Returns the current Oauth token so it can be inspected or manually exported and imported into another session without needing to re-authenticate (as long as the token hasn't expired).
β Set-AnchorOauthToken
Manually set the Oauth token for the current session to prevent the need to authenticate again if you already have a valid token from another session (as long as the token hasn't expired).
β Set-AnchorOauthUri
Change the Web URI from which tokens are granted. Should work with self-hosted Anchor instances.
β Get-AnchorActivityTypes (Get a list of activity types)
β Get-AnchorApiVersion (Version)
β Get-AnchorActivity (Get an activity record)
β New-AnchorActivity (Create an activity record)
Oddly enough, this command allows you to create false activity events in the activity log.
β Get-AnchorFileMetadata (Get file metadata)
β Get-AnchorFolderMetadata (Get folder metadata)
β¬ Create a subfolder
β¬ Delete a file
β¬ Delete a folder
β Move-AnchorFile (Move a file)
Ultimately, hope to add a feature to specify a root id so that a file can be moved to another root (by copying locally).
β¬ Move a folder
β Rename a file
β¬ Rename a folder
β Save-AnchorFile (Download a file)
β¬ Save-AnchorFolder (Download a folder)
Defaults to downloading a ZIP file of folder contents.
Include -AsFiles option to download child files and folders individually.
β¬ Upload a file to a folder
β¬ Write-AnchorFolder (not implemented in API)
Upload the contents and structure of a folder.
β¬ Lock a file
β¬ Lock a folder
β New-AnchorFileShare (Share a file)
β¬ Share a folder
β¬ Unlock a file
β¬ Unlock a folder
β Get-AnchorGroup (Get a group)
β Get-AnchorGroupMembers (List group members)
The API returns only the id's of member persons and groups. This function includes the -Expand option, to include group and person names in the results.
β New-AnchorGroup (Create a group)
Can accept csv input.
β¬ Update a group
β¬ Update group members
β¬ Delete a group
β¬ Convert a guest to a standard account
β¬ Create a guest
β¬ Update a guest
β¬ Delete a guest
β Get-AnchorGuest (Get a guest)
Provides an option to -Expand the object to include company_name and creator_name for human-friendly output.
β Get-AnchorGuestFileShares (Get files and folders shared with a guest)
Returned object includes a created(local_offset) field that is a valid PowerShell DateTime object with the correct local offset. This is convenient not only because it displays in local time, but because it can be used in PowerShell DateTime commands without additional conversion from a string or worrying about the time zone.
Optional -Expand parameter looks up the creator_name from the creator_id and adds it to the returned object.
β Get-AnchorMachine (Get a machine)
β Get-AnchorMachineBackup (Get a backup)
β Get-AnchorMachineBackups (List backups)
β Get-AnchorMachineLocalFolders (List files on a file server enabled machine)
The Api endpoint machine/<machine_id>/ls does not behave as the title describes:
- It does not list files, only folders.
- It works for any machine with a desktop client, not just FSE machines
Unlike most of the endpoints, this one returns a paginated array of folder name strings, rather than nice key:value pairs.
β Get-AnchorMachineFseMap (Get a machine mapping)
β Get-AnchorMachineFseMaps (List mapped paths on a file server enabled machine)
Includes -Expand property
β Get-AnchorMachineStatus (Get a machine's status)
β New-AnchorMachineBackup (Create a backup)
β Remove-AnchorMachineBackup (Delete a backup)
β¬ Restore a backup
β¬ Delete a machine mapping
β¬ Map a path on a file server enabled machine to a root
β Get-AnchorOrg (Get an organization)
β Get-AnchorOrgActivity (List recent activity for an organization)
Automatically gets activity descriptions and returns them as part of the object for human-friendly output.
Provides option to set a -RecordCountLimit
β Get-AnchorOrgAuthSources (List an organization's authentication sources)
β New-AnchorOrgChild (Create an organization)
See CSV_Import_Files folder for an example import file.
Have not yet tested CSV import.
β Get-AnchorOrgChildren (List an organization's child organizations)
Optionally, include the parent organization in the results using the -IncludeParent switch. Using the function in this manner, the results can be piped to the Where-Object cmdlet to find a particular company by name, time zone, policy value, etc.
β Get-AnchorOrgGroups (List an organization's groups)
β Get-AnchorOrgGuests (List an organization's guests)
Provides option to set a -RecordCountLimit
β Get-AnchorOrgMachines (List an organization's machines)
β Get-AnchorOrgRoot (Get a root)
This call requires both a company_id and a root_id. Not sure why you would want to use this over getting the root metadata, which only requires a root_id.
β Get-AnchorOrgRoots (List an organization's roots)
β Get-AnchorOrgShare (Get a share)
β Get-AnchorOrgShares (List an organization's shares)
β Get-AnchorOrgShareSubscribers( List share subscribers)
Makes the returned data structure more friendly. Contains a -Raw option if you prefer the original, unfriendly object structure.
β Get-AnchorOrgUsage (Get usage for an organization)
β Get-AnchorOrgUsers (List an organization's users)
β¬ Update an organization
β¬ Update an organization's policy
β¬ Delete an organization
β¬ Create a share
β¬ Update a share
β¬ Update share subscribers
β¬ Delete a share
β Get-AnchorPerson (Get a person)
β Get-AnchorPersonActivity (List recent activity for a person)
Automatically gets activity descriptions and returns them as part of the object for human-friendly output.
Provides option to set a -RecordCountLimit
β New-AnchorPerson (Create a person)
Accepts command line, pipeline, or CSV input for bulk additions, including adding accounts to more than one organization at a time.
β¬ Update a person
β Remove-AnchorPerson (Delete a person)
Accepts multiple values in the -id parameter, or pipeline input, for bulk deletions.
β BE VERY CAREFUL WHAT YOU PASS TO THIS FUNCTION! Something like $users = Get-AnchorOrg -Top | Get-AnchorOrgUsers; $users | Remove-AnchorPerson -Confirm:$false will delete all users across all organizations without warning. (Just typing that gave me chills!)
Supports PowerShell -Confirm and -WhatIf common parameters to help avoid potential disasters.
π All of the API parameters appear to be non-functional.
β¬ Create an account sync root
β Find-AnchorRootFilesAndFolders (Search files and folders)
β Get-AnchorRootFilesModifiedSince (List recently modified files)
β Get-AnchorRootLastModified (not specified in API)
Uses multiple API functions to determine the last time any file in a root was modified.
β Get-AnchorRootMetadata (Get root metadata)
β¬ Create a folder in a root
β¬ Lock a root
β¬ Unlock a root
β¬ Upload a file to a root
β Get-AnchorRawData
This is a straight API wrapper that returns exactly what the API returns.
β Update-AnchorModule
Alias: ReloadAnchor
Exports the current Oauth token, re-imports the module, then updates the Oauth token.
Yes. You can navigate the Anchor file system from the PowerShell command line! It's not a PSDrive. It's kind of like FTP. Ultimately, not all that practical, but an interesting distraction.
β apwd
Display the present working Org:Root:Folder
β aco/acc
Select a new organization/company by id
β alo/alc
List child organizations/companies of the present working organization/company
β acr
Select a new root by id
β alr
List roots in the present working organization/company
β acd
Select a new folder in the present working root by id
β aget
Download a file in the present working root by id
β¬ aput
Upload a file to the present working folder
See: https://stackoverflow.com/questions/25318199/powershell-module-where-to-store-user-settings
- I know I'm onto something when I can write statements like these, and they work:
PS> get-anchororg -top | Get-AnchorOrgChildren | where name -match "little" | get-anchororgshares | where name -match "Sync" | Get-AnchorOrgShareSubscribers -IncludeFromGroup -Raw
PS> Get-AnchorOrg -Top | Get-AnchorOrgChildren | ? name -Match "International" | Get-AnchorOrgRoots | ? name -EQ 'IGC Common Files' | Get-AnchorRootFilesModifiedSince -Since (Get-Date('2020-01-24 00:00')).ToUniversalTime()