PowerShell Office 365 Inventory tool

I’ve thought of creating a different tool after creating the PowerShell Office 365 tool a couple of days ago to improve my PowerShell coding and to make my work and that of my colleagues a little bit easier. The PowerShell Office 365 inventory tool lists a lot of information you would like to see when troubleshooting or getting information from a tenant you never connected to.

You can follow and download the PowerShell Office 365 Inventory Tool at GitHub: https://github.com/peetersm12/Office365Inventory-GUI

This PowerShell Office 365 Inventory tool will retrieve the following information:

  • Azure Active Directory Users
  • Azure Active Directory Deleted Users
  • Azure Active Directory External Users
  • Azure Active Directory Contacts
  • Azure Active Directory Groups
  • Azure Active Directory Licenses
  • Azure Active DIrectory Domains
  • Exchange Mailboxes
  • Exchange Archives
  • Exchange Groups
  • SharePoint Sites
  • SharePoint Webs

Please note that you will need a few pre-requisites before fully able to run this tool:

Please let me know which information you would like to see added to this tool and I’ll add this is as soon as possible.

FrontWindow2

[How to] PowerShell Office 365 Inventory Tool

image

Run ‘Start-Office365Inventory.ps1’. You will automatically be asked to run as administrator if you ran this as a normal user.

image

First Connect to Office 365 by clicking on the credential logo, by pressing f4 or via the menu

image
Fill in your credentials and press OK

image

You are connecting successfully when the icons are green.

There are 2 possible actions now:

  • Navigate to a tab and run only this action
  • Press the run all button to run all available actions

image

Only the Azure Active Directory Licenses have been returned. You can verify which actions have been run on the home tab.

image

Now click on the run all actions button. You can see the progress on the Home tab.

Please note that you will need site collections permissions for the SharePoint Webs option as this uses CSOM to connect to the different webs.

You will receive the following message but it will continue looking for more webs

image

After all actions everything should be green

image

Run the action individually if you encounter an error as the exception will be shown in the below message center.

Reports
You can create a .CSV or .HTML file based on the items visible at any time in the view by clicking on the button next to the CSV Report.
The report will be saved to the report folder located in the script root.

The .CSV report will look like:
report1

The .HTML report will look like:
report2

It is also possible to create a .HTML file for all the available tabs in a nice format. Please note that this is still a work in progress but it will lists everything at the moment.

report3

Error log
Some error information is displayed on the background PowerShell window as other information is only readable using the errorlog.
Please send me this information and the message in the below message box if you encounter an error.

image

Several useful PowerShell cmdlets for Office 365

On 22-11-2016 I presented a presentation with the title “Manage Office365 quick, painless and safe with PowerShell” at Experts Live 2016. During this presentation I showed several useful PowerShell cmdlets for Office365 and mainly for the Azure Active Directory, Exchange Online, SharePoint Online and Office365 Groups.

EXPERTSLIVE.5011_email-signature_spreker_ENG_630x180

The cmdlets presented can be downloaded as a .zip file using the below download button including the script to retrieve information from Office365 and the presentation in Dutch. A couple of cmdlets are also added below from the .ps1 file.

Start transcript

A best practice is to start a transcript of the cmdlets being entered in PowerShell and the corresponding output. Use the following one-liner to start the transcript to the specific folder

Start-Transcript -Path "C:\Users\mpeeters\OneDrive - Valid\Valid documents\My Transcripts\PS_$((get-date).ToString("ddMMyyyy")).txt" –append

Azure Active Directory cmdlets

The Azure Active Directory module has to be updated if using for example the 1.0.8070.2 version. You can check the version using the below cmdlet and download the newest version at Technet

(Get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

The next cmdlet can be used to get all external users currently in the Office365 tenant.

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Use the following cmdlet to get all the external users which have a mismatch between SignInName and UserPrincipalName

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*" -and $_.UserPrincipalName -notlike "$($_.SignInName.split("@")[0])*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Exchange Online

First connect to Exchange Online using a remote PowerShell session


$UserCredential = Get-Credential
$EOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 
https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PSSession $EOSession -WarningAction:SilentlyContinue 

and use the following cmdlet to grant full control to a user on a certain mailbox where AutoMapping is false

Add-MailboxPermission -Identity "LiveDemo.stark" 
-User mpadmin -AccessRights FullAccess -Automapping $false

and the following for send-as permissions

Add-RecipientPermission -identity "LiveDemo.stark" -Trustee mpadmin -AccessRights SendAs -Confirm:$false

It is also possible to add direct permissions an a users calendar. Keep in mind that this is using the language the user has configured.

Add-MailboxFolderPermission -Identity LiveDemo.stark@spfire.nl:\calendar -user jon.snow@spfire.nl -AccessRights Editor

The following cmdlet will enable archiving for each users mailbox

Get-Mailbox -Filter {ArchiveStatus -Eq "None" -AND RecipientTypeDetails -eq "UserMailbox"} | Enable-Mailbox -Archive

SharePoint Online

We have gotten the external users in the above cmdlet but we can also use the following cmdlet to get the external users on a specific SharePoint site collection

Get-SPOUser https://spfiredev.sharepoint.com | where{$_.loginname -like "*#ext#*"}

Using the next cmdlet will list all available users in the user information list for each available site collection

get-sposite | %{$site = $_.url; Get-SPOUser -Site $site | select @{Name="URL"; Expression = {$site}}, DisplayName, LoginName} | Format-table -AutoSize

image

 

The default storage for OneDrive for Business Online is 1TB but this value can be increased or decreased using PowerShell. It depends on the users license if they can use for example 5TB or more.

Use the following cmdlet to set the OneDrive Storage Quota to 2TB

Set-SPOTenant -OneDriveStorageQuota 2097152

The above cmdlet is for all users but you can also change the value for an individual user with the following cmdlet

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuota 5242880

The quota can also be reset to the specified OneDrive storage quota

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuotaReset

Office365 Groups

Office365 groups can currently only be managed using PowerShell but this will soon change.

Use the following cmdlets to check if the mailbox or the document library has been used in the previous 7 days.

Get-UnifiedGroup | Foreach-Object { Get-MailboxStatistics -Identity $_.Identity } | Where-Object {$_.LastLogonTime  -ge (Get-Date).AddDays(-7)}
Get-UnifiedGroup | Foreach-Object {Get-SPOSite -Identity $_.SharePointDocumentsUrl.replace("/Gedeelde  documenten", "")} | FT Title, Url, LastContentModifiedDate, ResourceUsageCurrent

The document library is bound to the tenant language and keep in mind that there are two spaced if using the dutch language. In English this will be “Shared Documents”

Disable the creation of groups for all users with the following cmdlet

Set-OwaMailboxPolicy -Identity spfire.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false

and the following for just 1 or more users

New-OwaMailboxPolicy -Name "LiveDemoDenyGroupCreation"
Set-OwaMailboxPolicy –Identity "LiveDemoDenyGroupCreation" –GroupCreationEnabled $false 
Set-CASMailbox –Identity LiveDemo.stark -OWAMailboxPolicy "LiveDemoDenyGroupCreation"

Each Office365 group will get its own mailbox and also an entry in the Global Address List (GAL). Use the following cmdlet to prevent the Office365 group to be displayed in the GAL

Set-UnifiedGroup -Identity bouwersgroep -HiddenFromAddressListsEnabled $true

Get Everything

During the presentation I also showed a script where I got a lot of information from Office365 and put this information in an Excel file.

This script is also located in the download and change the transcript and output location before using the script.

image

Download the .ps1 files and presentation

The above cmdlets are just a few which are present in the .ps1 file used during the presentation. Please let me know in a comment if these files were helpful and how you used some cmdlets.

Mails aren’t being moved to the archive mailbox using Exchange Online

A customer migrated all mailboxes to Office 365 using a cut-over migration. We decided to enable archiving for all users because of the large archive folder Microsoft gives us in Exchange Online. During the archive process some users reported that their archive mailbox isn’t being updated using the retention policy. We first tried to manually run the archive process using start-managedfolderassistant in PowerShell but this didn’t work.

Solution

The solution in this scenario was quite simple. The users that reported that mail weren’t being archived had litigation hold enabled on their previous on-premise environment. This setting has been synchronized with the cloud and therefore disabled the archive functionality. Using the following PowerShell command you can get a list of all the users that have litigation hold enabled.

get-mailbox | %{if ($_.retentionholdenabled -eq $true){write-host $_.displayname}}

image

First verify if there has been a good reason to enable litigation hold on their on-premise environment before you disable this setting for all users. You can disable litigation hold using the following command:

Set-Mailbox <MailAdress> -RetentionHoldEnabled $false