In this post, I will try to add some of the commands you need for managing Office 365, and some code snipets to do pre-migration checks and so on.<\/p>\n
I will edit this post and keep adding things to keep them in one place.<\/p>\n
Connecting to MSOL\/Exchange Online<\/strong><\/p>\n To connect to MSOL you simple run: To connect to Exchange Online: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https:\/\/ps.outlook.com\/powershell\/ -Credential $UserCredential -Authentication Basic -Allow<\/p>\n Import-PSSession $Session If you you are behind a proxy-server, you might need to add some session options. Like this (if you configured proxy in IE): To save your credentials to be used in an automated script, you can do this: # Convert the password to an encrypted string and save to file # To load the credential…<\/p>\n # Set your username # Get the password from the file # Build the credential [\/PowerShell]<\/p>\n That credential can now be used togheter with the Connect-MsolService\/New-PSSession cmdlets.<\/p>\n List all users and their AccountSkuId\/License<\/strong> But if you use the Select-Object-cmdlet togheter with an expression you will get the job done!<\/p>\n You could to something like this to expand the AccountSkuId for all your users:<\/p>\n [PowerShell] Just pipe that to for example Export-Csv to save the information on disk.<\/p>\n Duplicates in forwarding address<\/strong><\/p>\n If you have multiple smtp-domains, you might run into a problem with duplicates if you only have one *.onmicrosoft.com domain (simpler than creating multiple ones). Want to see if this is a problem in your domain?<\/p>\n This is one way of doing it: $Duplicates now contains all of the users that will be a problem if you only have one “forwarding domain”. There are many options to solve this, forward to something else (AccountName or similiar), add a part of the maildomain left of the @-sign etc…<\/p>\n Managing Mobile Devices<\/strong><\/p>\n To add a device for a user: To get all device id’s associated with a user: Clear all allowed devices: Setting a license<\/strong><\/p>\n To give a user a license you could do something like this:<\/p>\n [PowerShell] # Set the country (two letter “code”) # Set the license # If you don’t need to disable anything just use this instead of the above: [\/PowerShell]<\/p>\n Creating Shared Mailboxes<\/strong> If the mailbox has a license you could do something like this:<\/p>\n [PowerShell] # Set full access permissions # Set ‘SendAs’ permission if needed # Remove the license [\/PowerShell]<\/p>\n Change UPN of a licensed user<\/strong> The overall process is to change it in the On-Prem AD, change it in Azure to your “*.onmicrosoft.com”-domain, and then change it to the new domain.<\/p>\n Example, we need to change John Doe’s smtp domain from “contoso.com” to “contoso2.com”:<\/p>\n [PowerShell]<\/p>\n # Set the new UPN in Active Directory # Change the UPN in Azure to a temporary one # Change it to the new one [\/PowerShell]<\/p>\n Run a DirSync and you are done!<\/p>\n Add a Room<\/strong> [PowerShell]<\/p>\n # Create the room (with seats for 20 people) # Make it accept invitations if the time slot is free, [\/PowerShell]<\/p>\n If you run Outlook 2010 or newer (or the OWA) you most certainly want to create a roomlist. The users can then pick that list and see all available rooms right away. You might want to name it after the Office location or similar.<\/p>\n To add a room list and add a room to that list you do the following:<\/p>\n [PowerShell]<\/p>\n # Add the room list # Add a room to it [\/PowerShell]<\/p>\n You might need to update your offline address book before this works properly in Outlook, it should work pretty much instantly in the OWA.<\/p>\n","protected":false},"excerpt":{"rendered":" In this post, I will try to add some of the commands you need for managing Office 365, and some code snipets to do pre-migration checks and so on. I will edit this post and keep adding things to keep them in one place. Connecting to MSOL\/Exchange Online To connect to MSOL you simple run: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[111,21],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3Zj0A-jn","_links":{"self":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/1201"}],"collection":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1201"}],"version-history":[{"count":0,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/1201\/revisions"}],"wp:attachment":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n[PowerShell]
\nConnect-MsolService
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\n$UserCredential = Get-Credential<\/p>\n
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\n$proxysettings = New-PSSessionOption -ProxyAccessType IEConfig
\n$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https:\/\/ps.outlook.com\/powershell -Credential $UserCredential -Authentication Basic -Allow -SessionOption $proxysettings
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\n# Get the credential into a variable
\n$MyCredential = Get-Credential<\/p>\n
\n$MyCredential.Password | ConvertFrom-SecureString | Out-File .\\Password.txt<\/p>\n
\n$User = “john.doe@contoso.com”<\/p>\n
\n$Password = Get-Content .\\Password.txt | ConvertTo-SecureString<\/p>\n
\n$O365Credential = New-Object System.Management.Automation.PsCredential($User,$Password)<\/p>\n
\nThis might sound easy, but the “Get-MsolUser”-cmdlet is returning an advanced object which makes it a bit difficult to export to for example a csv-file.<\/p>\n
\nGet-MsolUser -All | Select-Object UserPrincipalName, @{Name=”License” ; Expression={ ($_ | select -ExpandProperty Licenses | select -ExpandProperty AccountSkuId ) } }
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\n$Duplicates=Get-ADUser -Filter * | Group-Object { ($_.UserPrincipalName -split “@”)[0] } | Where-Object Count -gt 1
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\nSet-CASMailbox -Identity ‘john.doe@contoso.com’ -ActiveSyncAllowedDeviceIDs ($MyArrayWithDeviceIDs)
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\nGet-CASMailbox -Identity ‘john.doe@contoso.com’ | select -ExpandProperty ActiveSyncAllowedDeviceIDs
\n[\/PowerShell]<\/p>\n
\n[PowerShell]
\nSet-CASMailbox -Identity ‘john.doe@contoso.com’ -ActiveSyncAllowedDeviceIDs $null
\n[\/PowerShell]<\/p>\n
\n# Create the license options (if you need to disable some plans)
\n$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId -DisabledPlans $DisabledPlans<\/p>\n
\nSet-MsolUser -UserPrincipalName $UserAccount -UsageLocation $UsageLocation<\/p>\n
\nSet-MsolUserLicense -UserPrincipalName $UserAccount -AddLicenses $AccountSkuId -LicenseOptions $LicenseOptions<\/p>\n
\nSet-MsolUserLicense -UserPrincipalName $UserAccount -AddLicenses $AccountSkuId<\/p>\n
\nTo create a shared mailbox, you first have to give it a temporary license to create the mailbox (see above), then set it to shared, remove the license and add the permissions that are needed.<\/p>\n
\n# Set it to shared (mailbox need to exist first, so set a license, wait, and then try this)
\nSet-Mailbox ‘john.doe@contoso.com’ -Type Shared -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB<\/p>\n
\nAdd-MailboxPermission ‘john.doe@contoso.com’ -User ‘GroupOrUserName’ -AccessRights FullAccess -Confirm:$false<\/p>\n
\nAdd-RecipientPermission ‘john.doe@contoso.com’ -Trustee ‘GroupOrUserName’ -AccessRights SendAs -Confirm:$false<\/p>\n
\nSet-MsolUserLicense -UserPrincipalName ‘john.doe@contoso.com’ -RemoveLicenses $AccountSkuId<\/p>\n
\nIf the user UPN prefix (left of @) changes, DirSync will fix it automatically, if the domain part change, you need to run a few commands to change it.<\/p>\n
\nSet-Aduser -identity JohnDoe -UserPrincipalName ‘john.doe@contoso2.com’<\/p>\n
\nSet-MsolUserPrincipalName -UserPrincipalName ‘john.doe@contoso.com’ -NewUserPrincipalName ‘john.doe@contoso.onmicrosoft.com’<\/p>\n
\nSet-MsolUserPrincipalName -UserPrincipalName ‘john.doe@contoso.onmicrosoft.com’ -NewUserPrincipalName ‘john.doe@contoso2.com’<\/p>\n
\nTo add a room mailbox and set it to auto-accept a booking (if the time slot is free), and make it possible for your users to book it a year ahead (for example) you do the following:<\/p>\n
\nNew-Mailbox -Name “ConferenceRoom1” -DisplayName “Conference Room 1” -PrimarySmtpAddress “ConferenceRoom1@contoso.com” -Office “Contoso HQ” -ResourceCapacity 20 -Room<\/p>\n
\nSet-CalendarProcessing “ConferenceRoom1” -AutomateProcessing AutoAccept -BookingWindowInDays 365<\/p>\n
\nNew-DistributionGroup -Name “ContosoHQ-Rooms” -DisplayName “Contoso HQ” \u2013PrimarySmtpAddress “contosoHQ-rooms@contoso.com” \u2013RoomList<\/p>\n
\nAdd-DistributionGroupMember \u2013Identity “ContosoHQ-Rooms” -Member “ConferenceRoom1”<\/p>\n