|
----------------------------------------------------------------------------------------------------------
|
|
First Time in Office 365 PowerShell per Machine
Set-ExecutionPolicy RemoteSigned |
|
Close PowerShell Session
Remove-PSSession $session |
|
Full
Microsoft List of Office 365 Commandlets
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx |
|
Thomas
Ashworth's PowerShell Resources on Technet
http://blogs.technet.com/b/thomas_ashworth/ |
|
Import
Contacts by CSV
$csv = Import-Csv “C:\Contacts.csv”
foreach($line in $csv) {New-MailContact -Name $line.DisplayName
-ExternalEmailAddress $line.EmailAddress -OrganizationalUnit “users”
-Alias $line.Alias} |
|
|
----------------------------------------------------------------------------------------------------------
|
|
Connect to Office 365 PowerShell
$o365cred=get-credential |
|
| $Session =
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell/ -Credential $o365cred
-Authentication Basic -AllowRedirection |
|
| Import-PSSession
$session |
|
Grant Access to One Mailbox
After you are connected, you must run the following
command to give Alan full access to Bob’s mailbox:
Add-MailboxPermission -identity Bob@domain.com -user
Alan@domain.com -AccessRights FullAccess -InheritanceType All |
|
Grant Access to All Mailboxes
If
you wanted to give Alan full access to all mailboxes in your
environment you would run:
Get-Mailbox | Add-mailboxpermission -user
Alan@domain.com -AccessRights FullAccess |
|
Set
Send-as Permissions for Users on Groups
This grants Alan SendAs permission for Bob's mailbox:
Add-RecipientPermission
Bob@domain.com -AccessRights SendAs -Trustee
Alan@domain.com
or
Set-Mailbox -Identity mailbox -GrantSendOnBehalfTo user
|
|
For
Example:
Add-RecipientPermission "grouptoaccess@domain.com"
-AccessRights SendAs -Trustee "usertoaccess@domain.com" |
|
| (Credit
How to Grant Full Access to an Office
365Mailbox) |
|
|
---------------------------------------------------------------------------------------------------------- |
|
Assign
Licenses via CSV Import
Connect-MsolService
Get-MsolAccountSku |
|
That
will output your sku's. Once you have that you would run a script like
this:
Connect-MSOLService -Credential $adminCredential
$AccountSkuId = "sku:ENTERPRISEPACK"
$UsageLocation = "US"
$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId
$Users = Import-Csv c:\Users.csv
$Users | ForEach-Object {
Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation
$UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName
-AddLicenses $AccountSkuId -LicenseOptions $LicenseOptions
} |
|
If
you wanted to do this for everyone you would change the line:
$users | Import-Csv c:\Users.csv
|
|
to:
$users | get-msoluser -resultsize unlimited |
|
| (Credit
Can I assign a license to a group of usersby
PowerShell?) |
|
|
---------------------------------------------------------------------------------------------------------- |
|
Assign
Licenses Granularly via PowerShell
Open Microsoft Online Services
Module for
Windows
PowerShell and
connect to the service:
Get-MsolAccountSku | Format-Table AccountSkuId,
SkuPartNumber |
|
The
second column in this list is referenced in the next command as
[SkuPartNumber] :
$ServicePlans = Get-MsolAccountSku | Where
{$_.SkuPartNumber -eq "[SkuPartNumber]"}
$ServicePlans.ServiceStatus |
|
| This
returns all the service plans |
|
Secondly
you need to assign the licence to the user(s):
Set-MsolUser -UserPrincipalName
user@domain.com
-UsageLocation GB
Set-MsolUserLicense -UserPrincipalName user@domain.com
-AddLicenses [tenantname:AccountSkuId] -LicenseOptions $MyO365Sku |
|
| Repeat
for any other licences you want to apply for other users or other
licence options you want to apply to this user. |
|
| (Credit
Granular license assignment from PowerShell) |
|
|
---------------------------------------------------------------------------------------------------------- |
|
| Change
Licenses from One SKU to Another via PowerShell |
|
This script will identify all users with one
SKU assigned and replace that SKU with a different one. To
test, change the "$Users = " variable assignment.
Be careful - removing licenses rather than replacing them correctly
will de-provision user services and delete data.
- Connect to Microsoft Online Service
PowerShell
- Set the variables for the SKU you want to
replace and the one you want to add
- Change your UseageLocation and MaxResults if
necessary
- Run the script
Connect-MSOLService -Credential $adminCredential
$AccountSkuRemove = "STANDARDPACK"
$AccountSkuId = ":ENTERPRISEPACK"
$UsageLocation = "US"
$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId
$Users = Get-MsolUser -MaxResults 50000 | Where-Object
{$_.licenses[0].AccountSku.SkuPartNumber -eq $AccountSkuRemove -and
$_.IsLicensed -eq $True}
$Users | ForEach-Object {Set-MsolUser -UserPrincipalName
$_.UserPrincipalName -UsageLocation $UsageLocation Set-MsolUserLicense
-UserPrincipalName $_.UserPrincipalName -RemoveLicenses
$AccountSkuRemove -AddLicenses $AccountSkuId -LicenseOptions
$LicenseOptions} |
|
| ---------------------------------------------------------------------------------------------------------- |
|
| Convert
Mailboxes to Shared Mailboxes - For Single Mailboxes |
|
| 1. Start by checking your mailbox to see if it
is under
the 5 GB shared mailbox limit: |
| Get-MailboxStatisics | FL Total* |
|
| 2. Change the mailbox type to shared: |
| Set-Mailbox -Identity -Type
“Shared” -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB
-IssueWarningQuota 4.5GB |
|
| 3. Add Full Access permissions to
the mailbox
- gives access to the contents of the mailbox: |
| Add-MailboxPermission -Identity -User
-AccessRights
FullAccess -InheritanceType All |
|
| 4. Add Send As permissions to the mailbox -
allows a
user to send as if they were the mailbox itself: |
| Add-RecipientPermission -Identity -Trustee
-AccessRights SendAs -Confirm:$false |
|
| 5. Remove the user license from the mailbox |
$MSOLSKU = (Get-MSOLUser -UserPrincipalName ).Licenses[0].AccountSkuId
Set-MsolUserLicense -UserPrincipalName
-RemoveLicenses $MSOLSKU |
|
| Convert
Mailboxes to Shared Mailboxes in Bulk |
| 1. Ensure that all mailboxes are under the 5
GB limit. |
|
| 2. Create an input.csv file in c:\temp with
the
following format: |
|
| userPrincipalName |
| User1@domain.com |
| User2@domain.com |
| User3@domain.com |
|
| 3. Run the following script in PowerShell: |
Import-csv C:\temp\input.csv | foreach {
$UPN = $_.userPrincipalName
Set-Mailbox $UPN -Type “Shared” -ProhibitSendReceiveQuota 5GB
-ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB
$MSOLSKU = (Get-MSOLUser -UserPrincipalName
$UPN).Licenses[0].AccountSkuId
Set-MsolUserLicense -UserPrincipalName $UPN -RemoveLicenses
$MSOLSKU
} |
|
| (Credit
Office 365 – Converting mailboxes to shared
mailboxes) |
|
| ---------------------------------------------------------------------------------------------------------- |
|
| Both of
these scripts Alter the UPN Suffix for users. They will both
require you to open PowerShell and run the following command first: |
| import-module activedirectory |
|
| Change
the UPN Suffix for a Single User, Search by SAM Account Name |
| Get-ADUser -Filter {SamAccountName -eq
""} | ForEach-Object ($_.SamAccountName)
{$CompleteUPN = $_.SamAccountName + "@";
Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName
$CompleteUPN} |
|
| How to use it: replace with the
user's SAM account name from Active Directory Users and Computers on
the Account page and replace with the desired
UPN suffix in the format of domain.com. |
|
| Change the UPN Suffix for All Users in an OU |
| Get-ADUser -SearchBase
"ou=,dc=,dc="
-SearchScope OneLevel -filter * | ForEach-Object ($_.SamAccountName)
{$CompleteUPN = $_.SamAccountName + "@";
Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName
$CompleteUPN} |
|
How to use it: replace and with the OU path that
contains the user accounts you wish to modify and replace with the desired UPN suffix in the format of
domain.com.
Test Before You Run Your Scripts! |
|
| If you wish to test your scripts before running them
(you should!) you can replace the final "$CompleteUPN}" with "$CompleteUPN -whatif}"
and then run the script. If the script doesn't work you will
get no return output. If it does, you'll be presented with
something like this for all affected users: |
What if: Performing operation "Set" on Target
"CN=,OU=,DC=,DC=".
You can also test that you are affecting the correct user accounts by changing the end of the script. Replace everything from the pipe | to the end with the following:
| FT -property name,userprincipalname
You'll be presented a table with the affected users' full names and UPNs.
|
|
And now for something completely different: Microsoft. It has been a
career goal for me to work at Microsoft for almost 15 years and that goal has
finally been realized... last week I started at Microsoft as an Account Technology
Strategist working in the Kansas City Microsoft office.
