Overview

The PowerShell connector enables your AI Colleagues to integrate with your organization's Microsoft 365 and Exchange environments, facilitating automated IT administration tasks, script execution, and mailbox management workflows.

PowerShell is a cross-platform task automation solution comprising a command-line shell and a configuration management framework. This connector can configure Microsoft Exchange use cases such as creating Distribution Lists, managing Shared Mailboxes, managing user access permissions, and executing custom automation scripts.

API Details

Leena AI integrates with PowerShell via Microsoft Graph REST APIs and remote PowerShell script execution.

Documentation link: https://learn.microsoft.com/en-us/graph/overview

Setup

The PowerShell connector uses OAuth 2.0 authentication with the Client Credentials grant type for server-to-server interactions.

Prerequisites

Before setting up the PowerShell connector, ensure you have:

• Administrator access to Microsoft Entra admin center (formerly Azure Active Directory)
• Access to create App Registrations in Microsoft Entra ID
• Permission to grant admin consent for API permissions
• Access to your Leena AI workspace with connector management permissions

Get credentials

Here is how to create an OAuth application in Microsoft Entra admin center:

1. Sign in to the Microsoft Entra admin center (https://entra.microsoft.com)
2. Navigate to App Registrations:
   1. Browse to Identity > Applications > App registrations
   2. Select New registration
3. Register the Application:
   1. Enter a display Name for your application (e.g., "Leena AI PowerShell Connector")
   2. Select Accounts in this organizational directory only for supported account types
   3. Leave Redirect URI empty (not required for client credentials flow)
   4. Click Register
4. Note the Application Credentials:
   1. Record the Application (client) ID from the Overview page
   2. Record the Directory (tenant) ID from the Overview page
5. Create Client Secret:
   1. Navigate to Certificates & secrets
   2. Click New client secret
   3. Enter a description (e.g., "Leena AI Integration")
   4. Select an expiration period (recommended: 12 months or less)
   5. Click Add
   6. Copy the Value immediately (this is only shown once)
6. Configure API Permissions:
   1. Navigate to API permissions
   2. Click Add a permission
   3. Select Microsoft Graph
   4. Select Application permissions
   5. Add the following permissions based on your use case:
      • User.Read.All (for user management)
      • Group.ReadWrite.All (for group and distribution list management)
      • Mail.ReadWrite (for mailbox operations)
      • Directory.Read.All (for directory queries)
   6. Click Add permissions
7. Grant Admin Consent:
   1. Click Grant admin consent for [Your Tenant Name]
   2. Confirm by clicking Yes
   3. Verify all permissions show "Granted" status

Add connection

Here is how to add a connection on Leena AI:

1. Log in to your Leena AI workspace
2. Navigate to Settings > Integrations
3. Search for "PowerShell" and select it from the list to add its new connector
4. Start configuring the connector
   1. Auth Type: Select "Powershell" from the dropdown
   2. Settings: Add the following key-value pairs:
      • clientId: Your Application (client) ID from Azure
      • clientSecret: Your client secret value
      • tenantId: Your Directory (tenant) ID
5. Save the connection configuration
6. Test the connection to verify credentials are working correctly

Actions

The following actions are supported for the PowerShell connector:

Execute PowerShell Script

Executes a predefined PowerShell script from the template library. The Agent can leverage the skill (workflow), which has been designed to run automation scripts for various Microsoft 365 and Exchange management tasks.

Note: This action uses a dynamic form system. When you select a PowerShell Script, the form fields change dynamically based on the selected script's configuration. Each script type has its own set of required and optional parameters.

Input Parameters

Here are the input parameters required to set up this action:

Step 1: Select Script (Mandatory)

Step 2: Script-Specific Fields (Dynamic)

Once a script is selected, additional fields appear based on the script's configuration. Below are common script types and their respective fields:

Add User to Shared Mailbox

Grants a user access to a shared mailbox with specified permissions.

{
  "scriptType": "add_user_to_shared_mailbox",
  "sharedMailboxEmail": "[email protected]",
  "users": ["[email protected]", "[email protected]"],
  "accessRights": "FullAccess"
}

Remove User from Shared Mailbox

Revokes a user's access from a shared mailbox.

{
  "scriptType": "remove_user_from_shared_mailbox",
  "sharedMailboxEmail": "[email protected]",
  "users": ["[email protected]"],
  "accessRights": "FullAccess"
}

List Shared Mailbox Members

Retrieves all members of a shared mailbox with their access levels.

{
  "scriptType": "list_shared_mailbox_members",
  "sharedMailboxEmail": "[email protected]",
  "accessRights": "FullAccess"
}

Create Shared Mailbox

Creates a new shared mailbox in the tenant.

{
  "scriptType": "create_shared_mailbox",
  "sharedMailboxName": "Customer Support",
  "sharedMailboxAlias": "support"
}

Delete Shared Mailbox

Removes an existing shared mailbox from the tenant.

{
  "scriptType": "delete_shared_mailbox",
  "sharedMailboxEmail": "[email protected]"
}

Add User to Distribution Group

Adds users as members to a distribution group.

{
  "scriptType": "add_user_to_group",
  "groupId": "[email protected]",
  "users": ["[email protected]"]
}

Remove User from Distribution Group

Removes users from a distribution group.

{
  "scriptType": "remove_user_from_group",
  "groupId": "[email protected]",
  "users": ["[email protected]"]
}

List Mailbox

Retrieves all shared mailboxes in the tenant.

{
  "scriptType": "list_mailbox",
  "searchString": "support"
}

Response

Upon successful execution, the action returns:

• Execution status (success or failure)
• Script output data (formatted as JSON if post-processing is configured)
• Error details (if execution failed)

Dynamic Data Sources (Async Hooks)

The PowerShell connector provides dynamic dropdowns that fetch real-time data from your Microsoft 365 tenant:

Script Template Configuration

Administrators can create and manage custom PowerShell script templates through the Template Scripts platform. Each template defines its own form fields, making the connector highly extensible.

Template Schema

Sample Script Template

{
  "name": "Add User to Shared Mailbox",
  "type": "add_user_to_shared_mailbox",
  "script": "Add-MailboxPermission -Identity '<%= sharedMailboxEmail %>' -User '<%= users[0] %>' -AccessRights '<%= accessRights %>'",
  "form": [
    {
      "name": "sharedMailboxEmail",
      "type": "SELECT",
      "label": "Shared Mailbox",
      "required": true,
      "asyncHook": "shared-mailbox-all"
    },
    {
      "name": "users",
      "type": "MULTI_SELECT",
      "label": "Users to Add",
      "required": true,
      "asyncHook": "users-not-in-shared-mailbox-basis-access"
    },
    {
      "name": "accessRights",
      "type": "SELECT",
      "label": "Access Rights",
      "required": true,
      "props": {
        "options": [
          {"label": "Full Access", "value": "FullAccess"},
          {"label": "Send As", "value": "SendAs"},
          {"label": "Send on Behalf", "value": "SendOnBehalf"}
        ]
      }
    }
  ],
  "postExecutionScript": "commandOutput = JSON.parse(commandOutput); commandOutput;"
}

Template Variables

Script templates support Lodash template syntax for dynamic value injection:

Form Field Types