PowerShell Office 365 Groups Tool

I’ve been looking for a tool to easily manage Windows Updates on servers and found the PoshPAIG tool by Boe Prox at https://learn-powershell.net/ which has been created with PowerShell with a nice GUI. A colleague of mine wanted a Office 365 Groups tool to easily restore Office 365 Groups and this GUI is perfect for this kind of functionality. Please let me know in a comment what you think of the tool and if you would like to see some added functionality regarding Office 365 Groups. To be able to use this tool you will need to have the new Azure AD preview module which you can download at https://docs.microsoft.com/en-us/powershell/azure/install-adv2?view=azureadps-2.0.

The code can be downloaded from github at https://github.com/peetersm12/Office365Groups-GUI

[How to] PowerShell Office 365 Groups Tool

Actions
image
Run ‘Start-Office365GUI.ps1’. You will automatically be asked to run as administrator if you ran this as a normal user.

image
First Connect to Office 365 by clicking on the run button

image
Fill in your credentials and press OK.
The tool will now create a remote PowerShell connection to Exchange Online and connect to Azure AD

image
Switch the drop down to ‘Get Office 365 Groups’ and run this action

image
The active Office 365 groups are now listed.

image
Now switch to ‘Get deleted Office 365 Groups’ and run this action

image
The deleted Office 365 groups are now listed

image
You can now select ‘Restore Office365 Groups’ in the drop down.
Then select all the groups you wish to restore and run this action

image
Run Action

image
The tool will restore 2 groups at the same time

image
Rerun the ‘get deleted…’ and ‘get Office 365…’ actions to verify if the group has been restored (It may take some time for it to be visible in the active groups list)
Issue a.t.m.: The run button is active but picture not enabled

image

image

Reports
You can create a .CSV or .HTML file based on the items visible at any time in the view by clicking on the button next to the CSV Report.
The report will be saved to the report folder located in the script root.

The .CSV report will look like:
image

The .HTML report will look like:
image

Error log
Some error information is displayed on the background PowerShell window as other information is only readable using the errorlog.
Please send me this information if you encounter an error.

image

Get Office 365 Admin Roles using PowerShell

Office 365 has a couple of admin roles which can be assigned to different users. With the below PowerShell one-liner you can get the Office 365 Admin Roles in 1 overview.

Get-MsolRole | %{$role = $_.name; Get-MsolRoleMember -RoleObjectId $_.objectid} | select @{Name="Role"; Expression = {$role}}, DisplayName, EmailAddress

You’ll first need to connect to the Office 365 tenant using “Connect-MsolService” and then enter the above one-liner

image

Several useful PowerShell cmdlets for Office 365

On 22-11-2016 I presented a presentation with the title “Manage Office365 quick, painless and safe with PowerShell” at Experts Live 2016. During this presentation I showed several useful PowerShell cmdlets for Office365 and mainly for the Azure Active Directory, Exchange Online, SharePoint Online and Office365 Groups.

EXPERTSLIVE.5011_email-signature_spreker_ENG_630x180

The cmdlets presented can be downloaded as a .zip file using the below download button including the script to retrieve information from Office365 and the presentation in Dutch. A couple of cmdlets are also added below from the .ps1 file.

Start transcript

A best practice is to start a transcript of the cmdlets being entered in PowerShell and the corresponding output. Use the following one-liner to start the transcript to the specific folder

Start-Transcript -Path "C:\Users\mpeeters\OneDrive - Valid\Valid documents\My Transcripts\PS_$((get-date).ToString("ddMMyyyy")).txt" –append

Azure Active Directory cmdlets

The Azure Active Directory module has to be updated if using for example the 1.0.8070.2 version. You can check the version using the below cmdlet and download the newest version at Technet

(Get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

The next cmdlet can be used to get all external users currently in the Office365 tenant.

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Use the following cmdlet to get all the external users which have a mismatch between SignInName and UserPrincipalName

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*" -and $_.UserPrincipalName -notlike "$($_.SignInName.split("@")[0])*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Exchange Online

First connect to Exchange Online using a remote PowerShell session


$UserCredential = Get-Credential
$EOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 
https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PSSession $EOSession -WarningAction:SilentlyContinue 

and use the following cmdlet to grant full control to a user on a certain mailbox where AutoMapping is false

Add-MailboxPermission -Identity "LiveDemo.stark" 
-User mpadmin -AccessRights FullAccess -Automapping $false

and the following for send-as permissions

Add-RecipientPermission -identity "LiveDemo.stark" -Trustee mpadmin -AccessRights SendAs -Confirm:$false

It is also possible to add direct permissions an a users calendar. Keep in mind that this is using the language the user has configured.

Add-MailboxFolderPermission -Identity LiveDemo.stark@spfire.nl:\calendar -user jon.snow@spfire.nl -AccessRights Editor

The following cmdlet will enable archiving for each users mailbox

Get-Mailbox -Filter {ArchiveStatus -Eq "None" -AND RecipientTypeDetails -eq "UserMailbox"} | Enable-Mailbox -Archive

SharePoint Online

We have gotten the external users in the above cmdlet but we can also use the following cmdlet to get the external users on a specific SharePoint site collection

Get-SPOUser https://spfiredev.sharepoint.com | where{$_.loginname -like "*#ext#*"}

Using the next cmdlet will list all available users in the user information list for each available site collection

get-sposite | %{$site = $_.url; Get-SPOUser -Site $site | select @{Name="URL"; Expression = {$site}}, DisplayName, LoginName} | Format-table -AutoSize

image

 

The default storage for OneDrive for Business Online is 1TB but this value can be increased or decreased using PowerShell. It depends on the users license if they can use for example 5TB or more.

Use the following cmdlet to set the OneDrive Storage Quota to 2TB

Set-SPOTenant -OneDriveStorageQuota 2097152

The above cmdlet is for all users but you can also change the value for an individual user with the following cmdlet

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuota 5242880

The quota can also be reset to the specified OneDrive storage quota

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuotaReset

Office365 Groups

Office365 groups can currently only be managed using PowerShell but this will soon change.

Use the following cmdlets to check if the mailbox or the document library has been used in the previous 7 days.

Get-UnifiedGroup | Foreach-Object { Get-MailboxStatistics -Identity $_.Identity } | Where-Object {$_.LastLogonTime  -ge (Get-Date).AddDays(-7)}
Get-UnifiedGroup | Foreach-Object {Get-SPOSite -Identity $_.SharePointDocumentsUrl.replace("/Gedeelde  documenten", "")} | FT Title, Url, LastContentModifiedDate, ResourceUsageCurrent

The document library is bound to the tenant language and keep in mind that there are two spaced if using the dutch language. In English this will be “Shared Documents”

Disable the creation of groups for all users with the following cmdlet

Set-OwaMailboxPolicy -Identity spfire.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false

and the following for just 1 or more users

New-OwaMailboxPolicy -Name "LiveDemoDenyGroupCreation"
Set-OwaMailboxPolicy –Identity "LiveDemoDenyGroupCreation" –GroupCreationEnabled $false 
Set-CASMailbox –Identity LiveDemo.stark -OWAMailboxPolicy "LiveDemoDenyGroupCreation"

Each Office365 group will get its own mailbox and also an entry in the Global Address List (GAL). Use the following cmdlet to prevent the Office365 group to be displayed in the GAL

Set-UnifiedGroup -Identity bouwersgroep -HiddenFromAddressListsEnabled $true

Get Everything

During the presentation I also showed a script where I got a lot of information from Office365 and put this information in an Excel file.

This script is also located in the download and change the transcript and output location before using the script.

image

Download the .ps1 files and presentation

The above cmdlets are just a few which are present in the .ps1 file used during the presentation. Please let me know in a comment if these files were helpful and how you used some cmdlets.