Post

Several useful PowerShell cmdlets for Office 365
On 22-11-2016 I presented a presentation with the title “Manage Office365 quick, painless and safe with PowerShell” at Experts Live 2016. During this presentation I showed several useful PowerShell cmdlets for Office365 and mainly for the Azure Active Directory, Exchange Online, SharePoint Online and Office365 Groups. The cmdlets presented can be downloaded as a .zip […]

On 22-11-2016 I presented a presentation with the title “Manage Office365 quick, painless and safe with PowerShell” at Experts Live 2016. During this presentation I showed several useful PowerShell cmdlets for Office365 and mainly for the Azure Active Directory, Exchange Online, SharePoint Online and Office365 Groups.

EXPERTSLIVE.5011_email-signature_spreker_ENG_630x180

The cmdlets presented can be downloaded as a .zip file using the below download button including the script to retrieve information from Office365 and the presentation in Dutch. A couple of cmdlets are also added below from the .ps1 file.

Start transcript

A best practice is to start a transcript of the cmdlets being entered in PowerShell and the corresponding output. Use the following one-liner to start the transcript to the specific folder

Start-Transcript -Path "C:\Users\mpeeters\OneDrive - Valid\Valid documents\My Transcripts\PS_$((get-date).ToString("ddMMyyyy")).txt" –append

Azure Active Directory cmdlets

The Azure Active Directory module has to be updated if using for example the 1.0.8070.2 version. You can check the version using the below cmdlet and download the newest version at Technet

(Get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

The next cmdlet can be used to get all external users currently in the Office365 tenant.

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Use the following cmdlet to get all the external users which have a mismatch between SignInName and UserPrincipalName

Get-MsolUser -all | Sort -Property SignInName | where{$_.UserPrincipalName -like "*#ext#*" -and $_.UserPrincipalName -notlike "$($_.SignInName.split("@")[0])*"} | select SignInName, UserPrincipalName, DisplayName, WhenCreated

image

Exchange Online

First connect to Exchange Online using a remote PowerShell session


$UserCredential = Get-Credential
$EOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 
https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PSSession $EOSession -WarningAction:SilentlyContinue 

and use the following cmdlet to grant full control to a user on a certain mailbox where AutoMapping is false

Add-MailboxPermission -Identity "LiveDemo.stark" 
-User mpadmin -AccessRights FullAccess -Automapping $false

and the following for send-as permissions

Add-RecipientPermission -identity "LiveDemo.stark" -Trustee mpadmin -AccessRights SendAs -Confirm:$false

It is also possible to add direct permissions an a users calendar. Keep in mind that this is using the language the user has configured.

Add-MailboxFolderPermission -Identity LiveDemo.stark@spfire.nl:\calendar -user jon.snow@spfire.nl -AccessRights Editor

The following cmdlet will enable archiving for each users mailbox

Get-Mailbox -Filter {ArchiveStatus -Eq "None" -AND RecipientTypeDetails -eq "UserMailbox"} | Enable-Mailbox -Archive

SharePoint Online

We have gotten the external users in the above cmdlet but we can also use the following cmdlet to get the external users on a specific SharePoint site collection

Get-SPOUser https://spfiredev.sharepoint.com | where{$_.loginname -like "*#ext#*"}

Using the next cmdlet will list all available users in the user information list for each available site collection

get-sposite | %{$site = $_.url; Get-SPOUser -Site $site | select @{Name="URL"; Expression = {$site}}, DisplayName, LoginName} | Format-table -AutoSize

image

 

The default storage for OneDrive for Business Online is 1TB but this value can be increased or decreased using PowerShell. It depends on the users license if they can use for example 5TB or more.

Use the following cmdlet to set the OneDrive Storage Quota to 2TB

Set-SPOTenant -OneDriveStorageQuota 2097152

The above cmdlet is for all users but you can also change the value for an individual user with the following cmdlet

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuota 5242880

The quota can also be reset to the specified OneDrive storage quota

Set-SPOSite -Identity https://spfiredev-my.sharepoint.com/personal/mpadmin_spfire_nl -StorageQuotaReset

Office365 Groups

Office365 groups can currently only be managed using PowerShell but this will soon change.

Use the following cmdlets to check if the mailbox or the document library has been used in the previous 7 days.

Get-UnifiedGroup | Foreach-Object { Get-MailboxStatistics -Identity $_.Identity } | Where-Object {$_.LastLogonTime  -ge (Get-Date).AddDays(-7)}
Get-UnifiedGroup | Foreach-Object {Get-SPOSite -Identity $_.SharePointDocumentsUrl.replace("/Gedeelde  documenten", "")} | FT Title, Url, LastContentModifiedDate, ResourceUsageCurrent

The document library is bound to the tenant language and keep in mind that there are two spaced if using the dutch language. In English this will be “Shared Documents”

Disable the creation of groups for all users with the following cmdlet

Set-OwaMailboxPolicy -Identity spfire.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false

and the following for just 1 or more users

New-OwaMailboxPolicy -Name "LiveDemoDenyGroupCreation"
Set-OwaMailboxPolicy –Identity "LiveDemoDenyGroupCreation" –GroupCreationEnabled $false 
Set-CASMailbox –Identity LiveDemo.stark -OWAMailboxPolicy "LiveDemoDenyGroupCreation"

Each Office365 group will get its own mailbox and also an entry in the Global Address List (GAL). Use the following cmdlet to prevent the Office365 group to be displayed in the GAL

Set-UnifiedGroup -Identity bouwersgroep -HiddenFromAddressListsEnabled $true

Get Everything

During the presentation I also showed a script where I got a lot of information from Office365 and put this information in an Excel file.

This script is also located in the download and change the transcript and output location before using the script.

image

Download the .ps1 files and presentation

The above cmdlets are just a few which are present in the .ps1 file used during the presentation. Please let me know in a comment if these files were helpful and how you used some cmdlets.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Archive