Common Office 365 PowerShell Scripts

I have compiled a list of useful PowerShell Scripts for use with Office 365.  I will continue to update the list over time.  I'll list the source for any scripts that aren't directly from Microsoft or that I've written from scratch.

I hope you find these useful!

* Update 5/10/13 - added scripts for changing user principal names (UPNs) singly or in bulk in Active Directory.*
* Update 5/6/13 - added scripts for changing mailboxes to shared singly or in bulk.*
* Update 5/1/13 - added script for changing from one SKU to another.*

----------------------------------------------------------------------------------------------------------

First Time in Office 365 PowerShell per Machine Set-ExecutionPolicy RemoteSigned

Close PowerShell Session Remove-PSSession $session

Full Microsoft List of Office 365 Commandlets http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx

Thomas Ashworth's PowerShell Resources on Technet http://blogs.technet.com/b/thomas_ashworth/

Import Contacts by CSV $csv = Import-Csv “C:\Contacts.csv” foreach($line in $csv) {New-MailContact -Name $line.DisplayName -ExternalEmailAddress $line.EmailAddress -OrganizationalUnit “users” -Alias $line.Alias}

----------------------------------------------------------------------------------------------------------

Connect to Office 365 PowerShell $o365cred=get-credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Grant Access to One Mailbox After you are connected, you must run the following command to give Alan full access to Bob’s mailbox: Add-MailboxPermission -identity Bob@domain.com -user Alan@domain.com -AccessRights FullAccess -InheritanceType All

Grant Access to All Mailboxes If you wanted to give Alan full access to all mailboxes in your environment you would run: Get-Mailbox | Add-mailboxpermission -user Alan@domain.com -AccessRights FullAccess

Set Send-as Permissions for Users on Groups This grants Alan SendAs permission for Bob's mailbox: Add-RecipientPermission Bob@domain.com -AccessRights SendAs -Trustee Alan@domain.com or Set-Mailbox -Identity mailbox -GrantSendOnBehalfTo user

For Example: Add-RecipientPermission "grouptoaccess@domain.com" -AccessRights SendAs -Trustee "usertoaccess@domain.com"

(Credit How to Grant Full Access to an Office 365Mailbox)

----------------------------------------------------------------------------------------------------------

Assign Licenses via CSV Import Connect-MsolService Get-MsolAccountSku

That will output your sku's. Once you have that you would run a script like this: Connect-MSOLService -Credential $adminCredential $AccountSkuId = "sku:ENTERPRISEPACK" $UsageLocation = "US" $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId $Users = Import-Csv c:\Users.csv $Users | ForEach-Object { Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $AccountSkuId -LicenseOptions $LicenseOptions }

If you wanted to do this for everyone you would change the line: $users | Import-Csv c:\Users.csv

to: $users | get-msoluser -resultsize unlimited

(Credit Can I assign a license to a group of usersby PowerShell?)

----------------------------------------------------------------------------------------------------------

Assign Licenses Granularly via PowerShell Open Microsoft Online Services Module for Windows PowerShell and connect to the service: Get-MsolAccountSku | Format-Table AccountSkuId, SkuPartNumber

The second column in this list is referenced in the next command as [SkuPartNumber] : $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq "[SkuPartNumber]"} $ServicePlans.ServiceStatus

This returns all the service plans

Secondly you need to assign the licence to the user(s): Set-MsolUser -UserPrincipalName user@domain.com -UsageLocation GB Set-MsolUserLicense -UserPrincipalName user@domain.com -AddLicenses [tenantname:AccountSkuId] -LicenseOptions $MyO365Sku

Repeat for any other licences you want to apply for other users or other licence options you want to apply to this user.

(Credit Granular license assignment from PowerShell)

----------------------------------------------------------------------------------------------------------

Change Licenses from One SKU to Another via PowerShell

This script will identify all users with one SKU assigned and replace that SKU with a different one.  To test, change the "$Users = " variable assignment. Be careful - removing licenses rather than replacing them correctly will de-provision user services and delete data. Connect to Microsoft Online Service PowerShell Set the variables for the SKU you want to replace and the one you want to add Change your UseageLocation and MaxResults if necessary Run the script Connect-MSOLService -Credential $adminCredential $AccountSkuRemove = "STANDARDPACK" $AccountSkuId = ":ENTERPRISEPACK" $UsageLocation = "US" $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId $Users = Get-MsolUser -MaxResults 50000 | Where-Object {$_.licenses[0].AccountSku.SkuPartNumber -eq $AccountSkuRemove -and $_.IsLicensed -eq $True} $Users | ForEach-Object {Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses $AccountSkuRemove -AddLicenses $AccountSkuId -LicenseOptions $LicenseOptions}

----------------------------------------------------------------------------------------------------------

Convert Mailboxes to Shared Mailboxes - For Single Mailboxes

1. Start by checking your mailbox to see if it is under the 5 GB shared mailbox limit:

Get-MailboxStatisics | FL Total*

2. Change the mailbox type to shared:

Set-Mailbox -Identity -Type “Shared” -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB

3. Add Full Access permissions to the mailbox - gives access to the contents of the mailbox:

Add-MailboxPermission -Identity -User -AccessRights FullAccess -InheritanceType All

4. Add Send As permissions to the mailbox - allows a user to send as if they were the mailbox itself:

Add-RecipientPermission -Identity -Trustee -AccessRights SendAs -Confirm:$false

5. Remove the user license from the mailbox

$MSOLSKU = (Get-MSOLUser -UserPrincipalName ).Licenses[0].AccountSkuId  Set-MsolUserLicense -UserPrincipalName -RemoveLicenses $MSOLSKU

Convert Mailboxes to Shared Mailboxes in Bulk

1. Ensure that all mailboxes are under the 5 GB limit.

2. Create an input.csv file in c:\temp with the following format:

userPrincipalName

User1@domain.com

User2@domain.com

User3@domain.com

3. Run the following script in PowerShell:

Import-csv C:\temp\input.csv | foreach {  $UPN = $_.userPrincipalName  Set-Mailbox $UPN -Type “Shared” -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB  $MSOLSKU = (Get-MSOLUser -UserPrincipalName $UPN).Licenses[0].AccountSkuId  Set-MsolUserLicense -UserPrincipalName $UPN -RemoveLicenses $MSOLSKU  }

(Credit Office 365 – Converting mailboxes to shared mailboxes)

----------------------------------------------------------------------------------------------------------

Both of these scripts Alter the UPN Suffix for users.  They will both require you to open PowerShell and run the following command first:

import-module activedirectory

Change the UPN Suffix for a Single User, Search by SAM Account Name

Get-ADUser -Filter {SamAccountName -eq ""} | ForEach-Object ($_.SamAccountName) {$CompleteUPN = $_.SamAccountName + "@"; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}

How to use it: replace with the user's SAM account name from Active Directory Users and Computers on the Account page and replace with the desired UPN suffix in the format of domain.com.

Change the UPN Suffix for All Users in an OU

Get-ADUser -SearchBase "ou=,dc=,dc=" -SearchScope OneLevel -filter * | ForEach-Object ($_.SamAccountName) {$CompleteUPN = $_.SamAccountName + "@"; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}

How to use it: replace and with the OU path that contains the user accounts you wish to modify and replace with the desired UPN suffix in the format of domain.com. Test Before You Run Your Scripts!

If you wish to test your scripts before running them (you should!) you can replace the final "$CompleteUPN}" with "$CompleteUPN -whatif}" and then run the script.  If the script doesn't work you will get no return output.  If it does, you'll be presented with something like this for all affected users:

What if: Performing operation "Set" on Target "CN=,OU=,DC=,DC=". You can also test that you are affecting the correct user accounts by changing the end of the script.  Replace everything from the pipe | to the end with the following: | FT -property name,userprincipalname You'll be presented a table with the affected users' full names and UPNs.

Related articles

• E-mail Tip #1 from my Time at Microsoft - Notifying Your Coworkers about Vacation
• 4 Shocking Microsoft Products You Need to Know About
• Forum Post: RE: Outlook 2016 not synchronizing with Office 365 Exchange
• Office 365 Security Updates - Encryption, DKIM, DLP, and More!
• The Future of Productivity and HoloLens