Assign licenses for specific services in office 365 using powershell

Question

Is there a way to add a Office 365 license to a user for specific services only via Powershell. Note that this user already has some services enabled.

For example user@test .net user already has Office 365 E3 license with Sharepoint plan service enabled. Now we would like to add the Power Apps service and keep the existing services. Result Office 365 license with Sharepoint and PowerApps only.

Tried this, but no luck:

$disabledplans = (Get-MsolUser -UserPrincipalName user@test .net).Licenses.ServiceStatus | ? {$.ProvisioningStatus -eq 'Disabled' -and $.ServicePlan.ServiceName -ne 'POWERAPPS_O365_P2'}
$disabledplans = $disabledplans.ServicePlan.ServiceName
$disabled = ""

foreach($line in $disabledplans)
{
$disabled+= '"' + $line + '"' + ','
}

$disabled = $disabled.Substring(0,$disabled.Length-1)

$MyServicePlans = New-MsolLicenseOptions -AccountSkuId test:ENTERPRISEPACK -DisabledPlans $disabled

$DevAcctSku = Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPACK'}

Set-MsolUserLicense -UserPrincipalName user@test .net -AddLicenses $DevAcctSku.AccountSkuId -LicenseOptions $MyServicePlans

Set-MsolUserLicense : Unable to assign this license because it is invalid. Use the Get-MsolAccountSku cmdlet to retrieve a list of valid licenses.
At line:16 char:1

• Set-MsolUserLicense -UserPrincipalName janez.kranjski@interblockgamin ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : OperationStopped: (:) [Set-MsolUserLicense], MicrosoftOnlineException
• FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidUserLicenseException,Microsoft.Online.Administration.Automation.SetUserLicense

Any ideas?

Answer 1

Hello @J#T02gv2in , thank you for reaching out. Can you try the following PS Script:

Connect-AzureAD  
  
#Get User details  
$userToSearch = Read-Host "Enter user to search"  
$user = Get-AzureADUser -SearchString $userToSearch   
  
#To assign the usage location to user  
#Set-AzureADUser -ObjectId $user.ObjectId -UsageLocation IN  
  
#Set the service plans with License to enable  
$skuPlansToEnable = @("SHAREPOINTENTERPRISE","TEAMS1","POWERAPPS_O365_P3")  
  
$license = Get-AzureADSubscribedSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPREMIUM'}  
$servicePlans = $license.ServicePlans  
  
$skuPlansToDisable = ForEach-Object {$servicePlans | Where-Object {$_.ServicePlanName -notin $skuPlansToEnable}}  
  
$licenseNew = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense  
$licenseNew.SkuId = $license.SkuId  
$licenseNew.DisabledPlans = $skuPlansToDisable.ServicePlanId  
  
$licensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses  
$licensesToAssign.AddLicenses = $licenseNew  
  
Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $licensesToAssign  
  
  
#To view the assigned service plans  
Get-AzureADUser -ObjectId $user.ObjectId | select -ExpandProperty AssignedPlans   

Note: This script is for users who already have a license assigned and you want to add few more service plans from the already assigned license. If you intend to test this for a new user who doesn't have any license assigned yet, they make sure you enable line 8.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

Answer 2

Hi soumi-MSFT,

Your script works if all users have exactly the same plans assigned in the license. If some users have differents plans assigned in the license, it will not work.

You need for each user to get the assigned plans to the user, add the new assigned plans, and substract from the $license.ServicePlans to get the new "DisabledPlans"

Laurent

Answer 3

Connect-AzureAD  
$ADGroup = Read-host "Group name:"  
$UserUPN = Get-ADGroupMember -Identity $ADGroup -Recursive | Get-ADUser -Properties UserPrincipalName | Select-Object UserPrincipalName  
  
    foreach ($ADUser in $UserUPN) {  
        $userToSearch = $ADUser.UserPrincipalName  
        $user = Get-AzureADUser -All $true | Where-Object -Property UserPrincipalName -EQ $userToSearch  
  
        $EnabledPlans = Get-AzureADUserLicenseDetail -ObjectId $user.objectid | Select-Object -ExpandProperty ServicePlans | Where-Object {$_.ProvisioningStatus -eq "Success" -or $_.ProvisioningStatus -eq "PendingInput"} | Select-Object ServicePlanName  
  
        if($null -eq $userToSearch.UsageLocation) {  
                Set-AzureADUser -ObjectId $user.ObjectId -UsageLocation US  
            }  
             
        $skuPlansToEnable = @("POWERAPPS_O365_P2")  
  
        foreach ($plan in $EnabledPlans) {  
            $skuPlansToEnable += $plan.ServicePlanName  
        }  
  
        $license = Get-AzureADSubscribedSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPACK'}  
        $servicePlans = $license.ServicePlans  
  
        $skuPlansToDisable = ForEach-Object {$servicePlans | Where-Object {$_.ServicePlanName -notin $skuPlansToEnable}}  
      
        $licenseNew = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense  
  
  
        $licenseNew.SkuId = $license.SkuId  
        $licenseNew.DisabledPlans = $skuPlansToDisable.ServicePlanId  
  
      
        $licensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses  
        $licensesToAssign.AddLicenses = $licenseNew  
        Write-Host $ADuser.UserPrincipalName  
      
        Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $licensesToAssign  
  
        Get-AzureADUser -ObjectId $user.ObjectId | Select-Object -ExpandProperty AssignedPlans  
    }  

add specifict service license for all members in AD group