Welcome to the series “Mastering common challenges in Office 365”. This series will cover the basics for certain services you probably have in use or plan to use. As a result you are able to connect to Office 365 with PowerShell after this article.

The whole series will contain the services PowerShell, OneDriveSharePoint and Teams.

First of all, what is inside this article? Below you find the sections this article contains. You can directly click on the link to jump to the specific part or you just scroll through everything.

Prerequisites to connect to Office 365

First, install the 64-bit version of the Microsoft Online Services Sign-in Assistant and after that install the 64-bit version of Microsoft Azure Active Directory Module for Windows PowerShell with these steps:

  • Open an administrator-level PowerShell command prompt.
  • Run the Install-Module MSOnline command.
  • If prompted to install the NuGet provider, type Y and press ENTER.
  • If prompted to install the module from PSGallery, type Y and press ENTER.
  • After installation, close the PowerShell command window.

You are now ready to use your PowerShell to connect to your Office 365! If you want to connect to your SharePoint, download the SharePoint Online Management Shell you can check in my Part 3 of this series what you can do with that. #HubSites 🙂

Connect to Office 365

Now let’s go.

  1. Open a Windows PowerShell (especially relevant is that you start from the beginning by opening the PowerShell console always as Administrator)
  2. Type “Connect-MsolService”
  3. Login with your administrator account
Connect to Office 365
Connect to Office 365

If the cmdlet is not found you probably have to import the module MsOnline by typing:

In addition you can use the following alternative:

  1. Save your credentials into an variable
  2. Connect to the Microsoft Online Service and pass your credentials variable within

Domain information

As a result of connecting successfully to the Office 365 tenant with Powershell ( again preferred as Administrator) type the command: “Get-MsolDomain”

Get insights in your connected domains
Get insights in your connected domains

There are two different concepts of authentication. Those are “Federated vs. Managed”. To learn more about the different identities and authentication concepts you can also check out my article about Office 365 identity and authentication explained (de).

Managing licenses

The cmdlet “Get-MsolAccountSku” gives you a first insight in your licenses and you active units. Since I have assigned my user the active unit it also shows one consumed unit.

Check your licenses to get started
Check your licenses to get started

To set properties of an user you can check the next part managing users where you find the first steps for that.

It would be good to know what services are in the account SKU included right? So just you the select statement and the expand property value to check on the service status.

Account SKU included services and status
Account SKU included services and status

If you have multiple AccountSkuIds you can specify the id in your cmdlet to check the services for the id of your choice like this:

ENTERPRISEPACK represents the Enterprise E3 Plan of Office 365.

In the next part we see how to get information about users and how to add new user via PowerShell to you tenant, but for licensing perspective it if often required to figure out which users have e.g. the Microsoft Teams service activated. So you can use:

 

User with active service check
User with active service check
  • The license that gives access to the Office 365 services that we’re interested in is the first license that’s assigned to all users (the index number is 0). This is in my scenario quite easy, due to the fact that I have only one SKU available.
  • The Office 365 services that we’re interested in is Microsoft Teams. For the license that is associated with the licensing plan, Microsoft Teams is the 8th service listed (the index number is 7).

If you wondering which account SKU is assigned to a user you can take the following lines, save them in a text file. Then save that text file as e.g. “check user account sku.ps1”. You can then just start this in your PowerShell session and specify the UPN directly in your command.

Then you should get something like this:

Check user account SKU
Check user account SKU

You can go ahead and use the next lines of code to get the assigned services to the user. Please make sure the script is in three lines. So the “select object” need to be after the “|” in the third line. I just formatted it differently to fit in the post.

Check user license services
Check user license services

Managing users

Seems like you are still here! Great! 🙂

You can also create new users from within PowerShell and even assign a license to the user or set a specific property of the user.

To create a new user you have to specify the UPN (User Principal Name) and the display name. That’s all.

First you can check on your current users with the command “Get-MsolUser”

Check you current users in your tenant
Check you current users in your tenant

To create a new user go ahead an type (of course with your domain 🙂 ):

Create a new user via PowerShell
Create a new user via PowerShell

As you see, there is also directly the password shown for the new user which he can use for the first sign.

If you check now your user list the new user should be in there. We use a previous cmdlet which if you followed the series might still be available by using the “up-arrow-key” on your keyboard. We are just extending the properties to get more insights.

Get more details of your users
Get more details of your users

In addition to the properties above you are also able to get all properties of a specific user by using the following command:

Now we a going to set a view things we saw are currently empty.

To do so, type everything in one line:

After that you should find the properties filled with your values.

Set user properties and verify the settings
Set user properties and verify the settings

Due to the fact, that Christmas is over you maybe want to remove santa.claus@afrait.onmicrosoft.com until he needs and account again 🙂

You can easily do that by using the Remove-MsolUser and specification of the UPN.

Remove a user in Office 365
Remove a user in Office 365

As a result you have only the users you had before.

Policies

If you try to run a PowerShell-Script and receive an error with maybe something like “…cannot be loaded. The execution of scripts is disabled on this system.” you should change the execution policy.

There are four different policies:

  • Restricted – No scripts can be run. Windows PowerShell can be used only in interactive mode.
  • AllSigned – Only scripts signed by a trusted publisher can be run.
  • RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.
  • Unrestricted – No restrictions; all Windows PowerShell scripts can be run.

To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name. For example:

This was a little bit of basic information what you can do with PowerShell and Office 365. In conclusion I have to say, that if you start slowly it is way lee complex that it seems. There a way more things you can do, but I think it is a good point to start with the things you saw above. If you want to have more examples let me know and get in touch with my via mail, Twitter or Facebook.

LEAVE A REPLY

Please enter your comment!
Please enter your name here