30. 4 Use it
• Notepad ++, or Visual Studio
#SPSLONDON
31. 4 Use it -> MSDN
https://msdn.microsoft.com/en-us/powershell/mt173057.aspx
32. 4 Use it -> SP Command Builder
https://www.microsoft.com/resources/TechNet/en-
us/Office/media/WindowsPowerShell/WindowsPowerShellCommandBuilder.html #SPSLONDON
33. 4 Use it ->Script Center
#SPSLONDON
https://gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Val
ue=Office365
34. 4 Use it ->Disclaimer
#SPSLONDON
No Animals was harmed during the making of these scipts!
Feel free to Copy with Pride any script you might find usefull,
but it’s all at your own risk!
I encourage you to test thoroughly on a test/dev O365 tenant.
@vaerpn
35. 4 steps to setup O365 PS Environment
• Step 1 - Install some binaries
• Step 2 - Load some modules
• Step 3 - Connect to something in Office 365
• Step 4 - Use [aka Copy with Pride]
#SPSLONDON
50. Advanced O365 Useradmin
#SPSLONDON
No Animals was harmed during the making of these scipts!
Feel free to Copy with Pride any script you might find usefull,
but it’s all at your own risk!
I encourage you to test thoroughly on a test/dev O365 tenant.
@vaerpn
>DISCLAIMER
51. Advanced O365 Useradmin
>License O365 w ADUC Groups
#SPSLONDON
Scenario:
You have a new Employee, the IT-Dep add Him/Her to Active Directory Users, include
Security Groups and mail enables Him/Her.
Then AAD Connect synchronize all new user objects evry 30 minutes. Then, after the
sync the IT-Dept log on to the O365 tenant and assign the new users a license
E5/E37E1.
Challenge with this:
It’s manuel steps
Two repositories for license assignment, lack of reporting
Free up licenses
52. Advanced O365 Useradmin
>License O365 w ADUC Groups
#SPSLONDON
Sollution:
Create a PowerShell script that adds/modifies user licenses based upon lokal AD
Group membership.
Automate the script by the use of Scheduled Tasks, or create a service.
All reporting are done in ADUC
The User that runs this script is a Domain Admin in AD and Global Admin in O365
58. Advanced O365 Useradmin
>Get-MSoluser
#SPSLONDON
Get-MsolUser Cmdlet and Properties
Get-MsolUser cmdlet supports a number of user properties. Properties that I use in my daily operational
tasks are explained in the table below. The below table does not list all the properties supported by the Get-
MsolUser cmdlet, but the common user properties that you might find useful.
59. Advanced O365 Useradmin
>Get-MSoluser
#SPSLONDON
Get-MsolUser Cmdlet and Properties
Property When to use Property
AlternateEmailAddresses Displays the alternate email address assigned to an Office 365 user.
Department As the property name suggests.
DisplayName Display Name of the user. This property is required when creating a new user in Office 365.
IsLicensed Returns TRUE if user is licensed for any Office 365 Plans and FALSE if not licensed.
LastDirSyncTime If you have users synced from On-premises Active Directory, use this property to get the last date and time of the synchronization. In other words, use this property if
you are using “Synchronized Identity” deployment approach and you want to know the last synchronization status of a user.
LastPasswordChangeTimestamp Use this property to get date and time of the last password changed for Office 365 users.
LicenseReconciliationNeeded Whether or not the user currently has a mailbox without an Office 365 license. I will explain more about this property in next part of this article series.
Licenses This is a multi-valued property. It contains the Office 365 licenses assigned to the user. I will explain more about Licenses property later in this article series.
LiveId This is the user’s unique ID to log on to Office 365.
MobilePhone As the name suggests.
OverallProvisioningStatus Whether or not the user has been provisioned for Office 365 services.
PasswordNeverExpires Use this property to see if the user is forced to change password every 90 days
StrongPasswordRequired Returns True or False. True indicates that the user is required to set the strong password when they change their password next time.
UsageLocation This is a two letter Country code and must be set in order to assign Office 365 Licenses. So it is fairly simple to understand that an Office 365 user must be assigned
with a UsageLocation before the user can use the Office 365 services.
UserPrincipalName As the name suggests.
WhenCreated The creation date of the user.
60. Advanced O365 Useradmin
>Get-MSoluser
#SPSLONDON
Get-MsolUser cmdlet Parameters
Get-MsolUser cmdlet supports various parameters that you can use to get a specific type of information for
Office 365 users. For example, by using “–EnabledFilter” parameter you can return users that are enabled
or disabled. Similarly, you can use “-HasErrorsOnly” parameter to return users that have validation errors. I
have compiled a list of Get-MsolUser parameters with examples in the table below:
61. Advanced O365 Useradmin
>Get-MSoluser
#SPSLONDON
Get-MsolUser cmdlet Parameters
Parameter When to use Example
-EnabledFilter Use –EnabledFilter parameter to get a list of users that are enabled or disabled. You can
use EnabledOnly or DisabledOnly values with –EnabledFilter parameter.
Get-MsolUser –All –EnabledFilter DisabledOnly
Get-MsolUser –All –EnabledFilter EnabledOnly
-DomainName Use –DomainName parameter to get results for a specific Office 365 domain. Get-MsolUser –All –DomainName <DomainName>
-
ReturnDeletedUs
ers
Use –ReturnDeletedUsers parameter to get a list of users that were deleted from Office
365, but are still present in the Ofice 365 Recycle bin.
Get-MsolUser –ReturnDeletedUsers
-SearchString Use –SearchString parameter to search users across Office 365 Tenant. Get-MsolUser –All –SearchString Dean
Above command returns only users with an email address or
display name staring with the “Dean” string.
-Synchronized Use –Synchronized parameter if you need to return a list of users that are synchronized
from On-Premises Active Directory.
Get-MsolUser –All –Synchronized
-
UnlicensedUsers
Only
Use –UnlicensedUsersOnly if you wish to see a list of users that are associated with an
Office 365 license.
Get-MsolUser –All –UnlicensedUsersOnly
-MaxResults OR -
All
By default Get-MsolUser returns 500 results in a command. Use –All parameter to return all
results. You can use either –MaxResults or –All parameter.
Get-MsolUser –All –UnlicensedUsersOnly
Get-MsolUser –MaxResults 2000 –UnlicensedUsersOnly
63. Advanced O365 Useradmin
>More
#SPSLONDON
Get-LastLogonStats.ps1 by Alan Byrne:
https://gallery.technet.microsoft.com/scriptcenter/E
xport-Office-365-User-7fc0b73f
Disable-ClutterOnByDefault.ps1 by Matt mc Nabb:
https://gallery.technet.microsoft.com/scriptcenter/D
isable-Clutters-For-All-41834444
This is version 7 X from 2014, It’s the newest one as far as I know. Search MS Download and sort by date.
How can I determine what version of AAD PowerShell I have?
You can run the get-item cmdlet to check the version of the DLL files of the module that you have currently installed: (get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
Create the ISE profile
if (!(test-path $profile )) {new-item -type file -path $profile -force}
Import modules
Set-ExecutionPolicy unrestricted (or remote signed)