On 22-11-2016 I presented a presentation with the title “Manage Office365 quick, painless and safe with PowerShell” at Experts Live 2016. During this presentation I showed several useful PowerShell cmdlets for Office365 and mainly for the Azure Active Directory, Exchange Online, SharePoint Online and Office365 Groups.
The cmdlets presented can be downloaded as a .zip file using the below download button including the script to retrieve information from Office365 and the presentation in Dutch. A couple of cmdlets are also added below from the .ps1 file.
Start transcript
A best practice is to start a transcript of the cmdlets being entered in PowerShell and the corresponding output. Use the following one-liner to start the transcript to the specific folder
Start-Transcript -Path "C:\Users\mpeeters\OneDrive - Valid\Valid documents\My Transcripts\PS_$((get-date).ToString("ddMMyyyy")).txt" –append
Azure Active Directory cmdlets
The Azure Active Directory module has to be updated if using for example the 1.0.8070.2 version. You can check the version using the below cmdlet and download the newest version at Technet
(Get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
The next cmdlet can be used to get all external users currently in the Office365 tenant.
Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated
Use the following cmdlet to get all the external users which have a mismatch between SignInName and UserPrincipalName
Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*" -and $_.UserPrincipalName -notlike "$($_.SignInName.split("@")[0])*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated
Exchange Online
First connect to Exchange Online using a remote PowerShell session
$UserCredential = Get-Credential $EOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection Import-PSSession $EOSession -WarningAction:SilentlyContinue
and use the following cmdlet to grant full control to a user on a certain mailbox where AutoMapping is false
Add-MailboxPermission -Identity "LiveDemo.stark" -User mpadmin -AccessRights FullAccess -Automapping $false
and the following for send-as permissions
Add-RecipientPermission -identity "LiveDemo.stark" -Trustee mpadmin -AccessRights SendAs -Confirm:$false
It is also possible to add direct permissions an a users calendar. Keep in mind that this is using the language the user has configured.
Add-MailboxFolderPermission -Identity LiveDemo.stark@spfire.nl:\calendar -user jon.snow@spfire.nl -AccessRights Editor
The following cmdlet will enable archiving for each users mailbox
Get-Mailbox -Filter {ArchiveStatus -Eq "None" -AND RecipientTypeDetails -eq "UserMailbox"} | Enable-Mailbox -Archive
SharePoint Online
We have gotten the external users in the above cmdlet but we can also use the following cmdlet to get the external users on a specific SharePoint site collection
Get-SPOUser https://spfiredev.sharepoint.com | where{$_.loginname -like "*#ext#*"}
Using the next cmdlet will list all available users in the user information list for each available site collection
get-sposite | %{$site = $_.url; Get-SPOUser -Site $site | select @{Name="URL"; Expression = {$site}}, DisplayName, LoginName} | Format-table -AutoSize
The default storage for OneDrive for Business Online is 1TB but this value can be increased or decreased using PowerShell. It depends on the users license if they can use for example 5TB or more.
Use the following cmdlet to set the OneDrive Storage Quota to 2TB
Set-SPOTenant -OneDriveStorageQuota 2097152
The above cmdlet is for all users but you can also change the value for an individual user with the following cmdlet
Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuota 5242880
The quota can also be reset to the specified OneDrive storage quota
Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuotaReset
Office365 Groups
Office365 groups can currently only be managed using PowerShell but this will soon change.
Use the following cmdlets to check if the mailbox or the document library has been used in the previous 7 days.
Get-UnifiedGroup | Foreach-Object { Get-MailboxStatistics -Identity $_.Identity } | Where-Object {$_.LastLogonTime  -ge (Get-Date).AddDays(-7)}
Get-UnifiedGroup | Foreach-Object {Get-SPOSite -Identity $_.SharePointDocumentsUrl.replace("/Gedeelde  documenten", "")} | FT Title, Url, LastContentModifiedDate, ResourceUsageCurrent
The document library is bound to the tenant language and keep in mind that there are two spaced if using the dutch language. In English this will be “Shared Documents”
Disable the creation of groups for all users with the following cmdlet
Set-OwaMailboxPolicy -Identity spfire.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false
and the following for just 1 or more users
New-OwaMailboxPolicy -Name "LiveDemoDenyGroupCreation" Set-OwaMailboxPolicy –Identity "LiveDemoDenyGroupCreation" –GroupCreationEnabled $false Set-CASMailbox –Identity LiveDemo.stark -OWAMailboxPolicy "LiveDemoDenyGroupCreation"
Each Office365 group will get its own mailbox and also an entry in the Global Address List (GAL). Use the following cmdlet to prevent the Office365 group to be displayed in the GAL
Set-UnifiedGroup -Identity bouwersgroep -HiddenFromAddressListsEnabled $true
Get Everything
During the presentation I also showed a script where I got a lot of information from Office365 and put this information in an Excel file.
This script is also located in the download and change the transcript and output location before using the script.
Download the .ps1 files and presentation
The above cmdlets are just a few which are present in the .ps1 file used during the presentation. Please let me know in a comment if these files were helpful and how you used some cmdlets.
