Tuesday, February 23, 2016

Office 365 and Azure Powershell Automation for Education or Business

Deploying Office 365 in a large scale environment will almost always require you to leverage Powershell. For a deployment I recently worked on there were two areas that Powershell could be leveraged which saved a lot of time. Setting the default User Principal Name and licensing and activation. If you are syncing your entire Active Directory, running a script as a scheduled task can save you a lot of time instead of manually assigning licenses. This works especially well for education customers where many Microsoft features are given away for free. Your UPN is what Office 365 uses to identify your login name. If you are defaulting to an onmicrosoft account instead of your domain, leveraging Powershell commandlets will save you a lot of time. To set the default UPN was as simple task using the following commands:
Set-MsolUserPrincipalName -UserPrincipalName $upn -NewUserPrincipalName $email 
Setting licenses was more complex. To assign licenses and disable certain plans, the following commandlets were used.
Set-MsolUser -UserPrincipalName $upn -UsageLocation US
$lic = New-MsolLicenseOptions -AccountSkuId isd622org:STANDARDWOFFPACK_IW_FACULTY -DisabledPlans EXCHANGE_S_STANDARD
Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses isd622org:STANDARDWOFFPACK_IW_FACULTY
Set-MsolUserLicense -UserPrincipalName $upn -LicenseOptions $lic
These commands set the user location to the United States, applied a faculty license to the user, and disabled Exchange ( email and calendaring functionality ). To see what licenses are available in your Office 365 environment you can use Get-MsolAccountSku. To see what services are available to a particular user after a license is assigned you can use Get-MsolUser as show below.
#Show Licenses
Get-MsolAccountSku
#Show provisioning status
(Get-MsolUser -UserPrincipalName "user@contoso.com").Licenses.ServiceStatus
In order to run the completed Powershell script as a scheduled task the username and password was passed to the Connect-MsolService commandlet as shown.
$User = "user@user.com"
$Pass = "password"
$Cred = New-Object System.Management.Automation.PsCredential($User,(ConvertTo-SecureString $Pass -AsPlainText -Force))
Import-Module MSOnline
Connect-MsolService -Credential $Cred
A completed script may look something like this. You would obviously want to make tweaks based on your environment.
$User = "user@contoso.com"
$Pass = "password"
$Cred = New-Object System.Management.Automation.PsCredential($User,(ConvertTo-SecureString $Pass -AsPlainText -Force))
Import-Module MSOnline
Connect-MsolService -Credential $Cred

$users=Get-MsolUser -All
foreach ($user in $users){

$upn = $user.UserPrincipalName

$email=$upn.Replace(".onmicrosoft.com","")
$email=$email.Replace("@contosocom","@contoso.com")

#Get rid of *.onmicrosoft.com
if ($user.UserPrincipalName -like "*.onmicrosoft.com"){
    Set-MsolUserPrincipalName -UserPrincipalName $upn -NewUserPrincipalName $email
}

if (-Not $user.isLicensed ){
    Set-MsolUser -UserPrincipalName $upn -UsageLocation US
    $lic = New-MsolLicenseOptions -AccountSkuId contosocom:STANDARDWOFFPACK_IW_FACULTY -DisabledPlans EXCHANGE_S_STANDARD
    Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses contosocom:STANDARDWOFFPACK_IW_FACULTY
    Set-MsolUserLicense -UserPrincipalName $upn -LicenseOptions $lic
}
  
}
You may consider changing the line $users=Get-MsolUser -All to $users=Get-MsolUser --UnlicensedUsersOnly to speed up the execution in future iterations.

3 comments:

  1. I do not consider that in this case the equipment is appropriate! it seems to me better than manual techniques there is nothing

    ReplyDelete
  2. I believe that the right equipment can greatly facilitate the production process.

    ReplyDelete
  3. The users can use the certain commands to get the necessary functions after installing the program. This will make the work more productive.

    ReplyDelete