AFRAIT

Mastering common challenges in Office 365 – Part 1: PowerShell (en)

Mastering common challenges in Office Powershell

Patrick

, , ,
, ,

Welcome to the series Mastering common challenges in Office 365. This series will cover the basics for certain services you probably have in use or plan to use. This article will make you ready connect to Office 365 with PowerShell.

The whole series contains several services like PowerShell, OneDriveSharePoint, Teams, Microsoft Forms, Microsoft Planner and soon an article about Microsoft Stream. There are already two special articles – SharePoint HubSites and Teams Reloaded.

You find the whole series and all my other article series on my new dedicated page for it. Go check it out. There is soon a new series coming 😉 and check back every Wednesday for a new or updated article! Now with MICROSOFT STREAM

First of all, what is inside this article? Below you find the sections of this article. You can directly click on the link to jump to the specific part or you just scroll through the article.

Prerequisites to connect to Office 365

First, install the 64-bit version of the Microsoft Online Services Sign-in Assistant and after that install the 64-bit version of Microsoft Azure Active Directory Module for Windows PowerShell with these steps:

  • Open an administrator-level PowerShell command prompt.
  • Run the Install-Module MSOnline command.
  • If prompted to install the NuGet provider, type Y and press ENTER.
  • If prompted to install the module from PSGallery, type Y and press ENTER.
  • After installation, close the PowerShell command window.

You are now ready to use your PowerShell to connect to your Office 365! If you want to connect to your SharePoint environment, download the SharePoint Online Management Shell you can check in my Part 3 of this series what you can do with that. #HubSites 🙂

Yeah :)
Yeah 🙂

Connect to Office 365

Now let’s go.

  1. Open a Windows PowerShell (by opening the PowerShell console always as Administrator)
  2. Type Connect-MsolService
  3. Login with your administrator account
Connect to Office 365
Connect to Office 365

If the cmdlet is not found you probably have to import the module MsOnline by typing: 

Import-Module MsOnline

In addition you can use the following alternative:

  1. Save your credentials into an variable
  2. Connect to the Microsoft Online Service and pass your credentials variable within
$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential

Domain information

As a result of connecting successfully to the Office 365 tenant with PowerShell type the command: Get-MsolDomain

Get insights in your connected domains
Get insights in your connected domains

There are two different concepts of authentication. Those are Federated vs. Managed. To learn more about the different identities and authentication concepts you can also check out my article about Office 365 identity and authentication explained (de). If you want to see an English version of the article, let me know in the comments below or on Twitter.

Managing licenses

The cmdlet Get-MsolAccountSku gives you a first insight in your licenses and your active units. Since I have assigned my user the active unit it also shows one consumed unit.

Check your licenses to get started
Check your licenses to get started

It would be good to know what services are in the account SKU included right? So just use the select statement and the expand property value to check the service status.

Get-MsolAccountSku | Select -ExpandProperty ServiceStatus
Account SKU included services and status
Account SKU included services and status

If you have multiple AccountSkuIds you can specify the id in your cmdlet to check the services for the id of your choice like this:

(Get-MsolAccountSku | where {$_.AccountSkuId -eq "afrait:ENTERPRISEPACK"}).ServiceStatus

ENTERPRISEPACK represents the Enterprise E3 Plan of Office 365.

In the next part we see how to get information about users and how to add a new user via PowerShell to you tenant, but for licensing perspective it if often required to figure out which users have e.g. the Microsoft Teams service activated. So you can use:

Get-MsolUser -All | where {$_.isLicensed -eq $true -and 
$_.Licenses[0].ServiceStatus[7].ProvisioningStatus -ne "Disabled"}
User with active service check
User with active service check
  • The license that gives access to the Office 365 services that we’re interested in is the first license that’s assigned to all users (the index number is 0). This is in my scenario quite easy, due to the fact that I have only one SKU available.
  • The Office 365 services that we’re interested in is Microsoft Teams. For the license that is associated with the licensing plan, Microsoft Teams is the 8th service listed (the index number is 7).

Examples for everyday use

If you wondering which account SKU is assigned to a user you can take the following lines, save them in a text file. Then save that text file as e.g. check user account sku.ps1 –  You can then just start this in your PowerShell session and specify the UPN directly in your command.

$UPN = Read-Host 'Please enter the UPN of the user'
Write-Host 'You entered the following UPN:' $UPN
Get-MsolUser -UserPrincipalName $UPN | Format-List DisplayName,Licenses

Then you should get something like this:

Check user account SKU
Check user account SKU

You can go ahead and use the next lines of code to get the assigned services to the user. Please make sure the script is in three lines. So the “select object” need to be after the “|” in the third line. I just formatted it differently to fit in the post.

$UPN = Read-Host 'Please enter the UPN of the user'
Write-Host 'You entered the following UPN:' $UPN
Get-MsolUser -UserPrincipalName $UPN | Select-Object -ExpandProperty Licenses | 
Select-Object -ExpandProperty ServiceStatus
Check user license services
Check user license services

Try the above scripts, they really help me in my daily work. It is just easy if you can run a script and don’t need to check all the details. Also if someone asks, you are happy you came prepared.

Be prepared and be happy if you need it
Be prepared and be happy if you need it

To set properties of an user you can check the next part managing users where you find the first steps for that.

Managing users

Seems like you are still here! Great! 🙂

You can also create new users from within PowerShell and even assign a license to the user or set a specific property of the user.

To create a new user you have to specify the UPN (User Principal Name) and the display name. That’s all.

First you can check on your current users with the command Get-MsolUser

Check you current users in your tenant
Check you current users in your tenant

To create a new user go ahead an type (of course with your domain 🙂 ):

New-MsolUser -UserPrincipalName santa.claus@afrait.onmicrosoft.com -DisplayName "Claus Santa"
Create a new user via PowerShell
Create a new user via PowerShell

As you see, there is also directly the password shown for the new user which he can use for the first sign.

Check your users

If you check now your user list the new user should be in there. We use a previous cmdlet which if you followed the series might still be available by using the up-arrow-key on your keyboard. We are just extending the properties to get more insights.

Get-MsolUser | Select DisplayName, Country, State, StreetAddress, Title
Get more details of your users
Get more details of your users

In addition to the properties above you are also able to get all properties of a specific user by using the following command:

Get-MsolUser -UserPrincipalName patrick@afrait.com | Select *

Now we a going to set a view things we saw are currently empty.

To do so, type everything in one line:

Set-MsolUser -UserPrincipalName santa.claus@afrait.onmicrosoft.com -Country "" 
-State "North Pole" -StreetAddress "25th Santa Park" -Title "CEO"

After that you should find the properties filled with your values.

Set user properties and verify the settings
Set user properties and verify the settings

Due to the fact, that Christmas is over you maybe want to remove santa.claus@afrait.onmicrosoft.com until he needs and account again 🙂

You can easily do that by using the Remove-MsolUser and specification of the UPN.

Remove a user in Office 365
Remove a user in Office 365

As a result you have only the users you had before.

Policies

If you try to run a PowerShell-Script and receive an error with maybe something like “…cannot be loaded. The execution of scripts is disabled on this system.” you should change the execution policy.

There are four different policies:

  • Restricted – No scripts can be run. Windows PowerShell can be used only in interactive mode.
  • AllSigned – Only scripts signed by a trusted publisher can be run.
  • RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.
  • Unrestricted – No restrictions; all Windows PowerShell scripts can be run.

To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name. For example:

Set-ExecutionPolicy RemoteSigned

This was a little bit of basic information what you can do with PowerShell and Office 365.

In conclusion I have to say, that if you start slowly it is less complex that it seems. There are way more things you can do, but I think it is a good point to start with the things you saw above. Also it is cool if you understand the IT-Guys talking “PowerShell”. 😉

If you want to have more examples let me know and get in touch with my via mail, Twitter or Facebook.

You can also check out my whole series on my new dedicated page for it. Until the next time, don’t be AFRAIT

2 responses to “Mastering common challenges in Office 365 – Part 1: PowerShell (en)”

Leave a Reply

Your email address will not be published. Required fields are marked *