ZED

OneDrive file migration tool built because the licensing is expensive. Full WPF GUI that lets admins browse source and destination OneDrive accounts via a tree view, select files and folders, and copy them between users - with version history preserved.

Handles both email-based and URL-based OneDrive resolution through Graph, with lazy-loaded folder expansion, automatic destination folder creation, and parallel file copy operations (10 concurrent) with async progress monitoring. Includes 429 throttle handling with retry-after backoff and a 5-minute timeout per copy operation.

My debut into WPF-based PowerShell applications.

Desktop application for browsing any user's mailbox without needing Outlook or a delegated session. Born out of getting a ticket that said "there's an email somewhere in this mailbox that needs purged" with no subject, no sender, and no folder.

Full folder tree with lazy-loaded children, sorted by the mailbox's native sort order. Messages load in a list view with subject, sender, recipients, date, read status, and attachment indicators. Click a message to preview the body, pull headers and more!.

Supports KQL search across the entire mailbox or scoped to a folder, with date range filtering. Has a "write mode" behind a confirmation dialog that enables email purging via Graph's permanentDelete endpoint. Right-click context menus for exporting messages as .eml files, refreshing folders, and inspecting folder properties.

It even has darkmode!

Bulk permission remediation tool for scrubbing specific admin accounts from every SharePoint and OneDrive site in a tenant. Built for situations like offboarding cleanup where someone's permissions are spread across thousands of sites and there's no clean way to find them all.

Enumerates all sites via Graph, then batches them into groups to processes across 8 parallel threads using ForEach-Object -Parallel with synchronized progress tracking. Each batch authenticates independently with three separate token types: Graph read, Graph write, and PnP/SharePoint. Something about least-privilege.

For each site, checks site collection admins, site owner groups, and M365 group owners. When it finds a target account, it tracks which permission types they hold, then removes each: demoting site collection admin status, removing from owner groups, and deleting M365 group ownership. A full scan ran in about 1 hour 45 minutes across ~111,000 sites without getting throttled.

Two-phase Approach: Scan first, then prompt for confirmation before any deletions begin. Transcript logging for the deletion phase.

Multi-service system for finding deleted users' OneDrive sites - something SharePoint admin center exposes in its UI but has no API for (thanks Microsoft). Rather than making the team manually search a web page every time, I built an API around it.

The core is a PowerShell HTTP listener service running headless Chrome via Selenium to automate the SharePoint admin User Profiles page. It authenticates through the Microsoft login flow, searches for deleted users by name, parses the results with regex, then enhances each result with profile data from PnP and deletion timestamps from a SQL database. A semaphore prevents concurrent scraping sessions, and the driver auto-recovers on crash.

That service sits behind a FastAPI wrapper that handles routing: a search endpoint proxies to the Selenium service, and a separate endpoint triggers a PowerShell script to add an admin to a OneDrive site. The whole thing is wired into a Power App via a custom connector and on-premises data gateway, giving the team a clean interface for adding or removing site collection administrators on deleted user's OneDrives without touching a terminal.