Managing MS Online Users with PowerShell
Managing MS Online Users with PowerShell
Pre-requisites
Operating System
Windows ,7 Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
.Net Framework
.Net 3.51
Microsoft Online Service Assistant
Windows Azure Active Directory Module
Import-Module
| Import-Module -Name MSOnline -Verbose |
Connect-MSOLService: Cmdlet
| Connect-MsolService |
Connect-MSOLService: Script
This is not secure. This is to avoid credential pop up every time.
| $password = ConvertTo-SecureString "YourPassword" -AsPlainText –Force $credential = New-Object System.Management.Automation.PsCredential("Admin@domain.onmicrosoft.com",$password) $cred = Get-Credential -cred $credential Import-Module MSOnline Connect-Msolservice -cred $cred |
Note: If your current logged on credential has permission, just use the below code.
| Connect-MsolService -CurrentCredential |
Exploring Get-MSOLUser/Set-MSOLUser
Syntax
| (help Get-MsolUser).Syntax |
| Get-MsolUser [-City <string>] [-Country <string>] [-Department <string>] [-DomainName <string>] [-EnabledFilter <string>] [-HasErrorsOnly] [-LicenseReconciliationNeededOnly] [-LiveId <string>] [-MaxResults <int>] [-ReturnDeletedUsers] [-SearchString <string>] [-State <string>] [-Synchronized] [-TenantId <Guid>] [-Title <string>] [-UnlicensedUsersOnly] [-UsageLocation <string>] [<CommonParameters>] Get-MsolUser [-All] [-City <string>] [-Country <string>] [-Department <string>] [-DomainName <string>] [-EnabledFilter <string>] [-HasErrorsOnly] [-LicenseReconciliationNeededOnly] [-ReturnDeletedUsers] [-State <string>] [-Synchronized] [-TenantId <Guid>] [-Title <string>] [-UnlicensedUsersOnly] [-UsageLocation <string>] [<CommonParameters>] Get-MsolUser -ObjectId <Guid> [-ReturnDeletedUsers] [-TenantId <Guid>] [<CommonParameters>] Get-MsolUser -UserPrincipalName <string> [-ReturnDeletedUsers] [-TenantId <Guid>] [<CommonParameters>] |
Get All Licensed Users
| #With Pipeline Get-MsolUser -All | ?{$_.Islicensed -eq $true} #Without Pipeline - PS 4.0 + (Get-MsolUser -All).Where({$_.Islicensed -eq $true}) |
Export All Licensed Users to CSV
| Get-MsolUser -All | ?{$_.Islicensed -eq $true} | Export-csv C:\Temp\Licensed_Users.csv -NoTypeInformation ` -Encoding UTF8 |
Get Deleted Users
In MS Online, the deleted users will be removed permanently after 30 days. Before the 30 days have elapsed, we can use the below code to query:
| Get-MsolUser -All -ReturnDeletedUsers |
Retrieve Single User Information
| Get-MsolUser -UserPrincipalName 'User@Domain.onmicrosoft.com' |
Retrieve User Information with selected information
| Get-MsolUser ` -UserPrincipalName 'User@Domain.onmicrosoft.com' | Select DisplayName , UserPrincipalName , City , Country , Department , ValidationStatus |
Query Users where City like ‘Some Place’
| #Slow Measure-Command { Get-MsolUser -All | ? {$_.City -eq 'Amersfoort'} } #Faster by avoiding PIPELINE Measure-Command { Get-MsolUser -All -City 'Amersfoort' } |
Query Un-Licensed users
| #Slow Measure-Command { Get-MsolUser -All | ? {$_.IsLicensed -eq $false} } #Faster – because No Pipeline Measure-Command { Get-MsolUser -All -UnlicensedUsersOnly } |
User Creation without License
| (Help New-MsolUser).Syntax help New-MsolUser -ShowWindow |
Summary: In this section, we will create a user without a license. We will see the license assignment using a different cmdlet.
| New-MsolUser -UserPrincipalName "SharePointAdmin@Domain.onmicrosoft.com" ` -DisplayName "SharePoint Admin" |
Assign License
Note: Before assigning license to users we need to assign Usage Location. That’s mandatory.
| Set-MsolUser -UserPrincipalName SharePointAdmin@Domain.onmicrosoft.com ` -UsageLocation NL Set-MsolUserLicense ` -UserPrincipalName "SharePointAdmin@Domain.onmicrosoft.com" ` -AddLicenses "Domain:ENTERPRISEPACK" -Verbose |
Remove License
| Set-MsolUserLicense -UserPrincipalName SharePointAdmin@Domain.onmicrosoft.com ` -RemoveLicenses "Domain:EnterprisePack" |
Create User with License
Note: Your organization may have multiple plans. So assign the license as required.
| New-MsolUser -DisplayName "SharePoint Admin" ` -UserPrincipalName "SharePointAdmin@Domain.onmicrosoft.com" ` -FirstName "SharePoint" -LastName "Admin" -UsageLocation NL ` -LicenseAssignment "Domain:ENTERPRISEPACK" |
Remove User
| #Removes and will be available in recycle bin for 30 days Remove-MsolUser -UserPrincipalName 'SharePointAdmin@domain.onmicrosoft.com' |
Remove User Permanently Summary: There is no direct command to perform this task. Once the Uuser account is removed it's listed under deleted object container. This method is Hard Delete. So we need to remove from recycle bin:
| Remove-MsolUser ` -UserPrincipalName SharePointAdmin@domain.onmicrosoft.com -RemoveFromRecycleBin |
Restore User
Summary: We can restore users ONLY if available in deleted object container. Once removed from the recycle bin they are gone forever.
| Restore-MsolUser -UserPrincipalName ExchangeAdmin@domain.onmicrosoft.com -Verbose |
Bulk User Creation
In this section, we don’t focus on Hybrid. All the users will be created in the Cloud. No contents related to Dirsync. Scenario: We have a CSV file as shown below with UPN , FirstName , LastName , DisplayName , UsageLocation, Licenseassignment XXX,XXX,XXX,XXX,XX,L1 YYY,YYY,YYY,YYY,YY,L2
| Import-Csv C:\Temp\User.csv | %{ New-MsolUser -UserPrincipalName $_.UPN ` -DisplayName $_.DisplayName -FirstName $_.FirstName ` -LastName $_.LastName -UsageLocation $_.UsageLocation ` -LicenseAssignment $_.LicenseAssignment } |
Manipulate User Properties
In this section, let’s see how to manipulate MS Online user properties. Update basic information like Department, City, Country and Mobile Phone.
| Set-MsolUser -UserPrincipalName Chendrayan@domain.onmicrosoft.com ` -Department "IT" -City "Amersfoort" -Country "The Netherlands" ` -MobilePhone "123-456-789" |