Enable O365 MFA with no old phone number via PowerSehll - powershell

I have create 2 x PowerShell script for enable and disable the MFA, it works, but when i want to remove the phone number , the disable MFA script do no remove the phone number. so when i enable the MFA again for the user. the old number is still there
Enable MFA
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #($mfa)
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"
Disable MFA
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #()
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"

I found the answer of myself
This code only disable the MFA but do not remove the phone numbers etc
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"
I have to add this as well to remove the phone numbers
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationMethods $auth"
So the code will looks like:
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #()
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationMethods $auth"
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"

Related

PS credential retry

I have this script
$db = import-csv -Path ".\testdb.csv"
$inputID = Read-Host -Prompt "ID"
$entry = $db -match $inputID
Write-Host "IP:" $entry.IP
$User = "user"
$Password = "pass"
$User2 = "user2"
$Password2 = "pass2"
$Command = "C:\test.exe"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
$secpasswd2 = ConvertTo-SecureString $Password2 -AsPlainText -Force
$Credentials2 = New-Object System.Management.Automation.PSCredential($User2, $secpasswd2)
Get-SSHTrustedHost | Remove-SSHTrustedHost
try {
$SessionID = New-SSHSession -ComputerName $entry.IP -Credential $Credentials -AcceptKey:$true
}
catch {
$SessionID = New-SSHSession -ComputerName $entry.IP -Credential $Credentials2 -AcceptKey:$true
}
Is any chance to try connect with 2 different credentials ; if one fail try to other?
So.. first time try user and password ; second time try user2 and password2
Thank you. :)

Remove File on SFTP using Powershell

I'm struggling with the below code. Want to delete a file that is on SFTP. Unable to understand how to accomplish this -
$UserName = 'test'
$SecurePassword = ConvertTo-SecureString -String '3ea5e#9dkdadfsfwC' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
$Session = New-SFTPSession -ComputerName 'sftp.test.com' -Credential $Cred
$result = Remove-Item -LiteralPath "\\?sftp://test#sftp.test.com/export/home/dmsmaster/stms/PF/Working_Titles_Primary.csv" -Force
Used the following code to make it work -
$result = Remove-SFTPItem -path "/export/home/dmsmaster/stms/PF/Working_Titles_Primary.csv" -SFTPSession $Session -Force

Issues passing credentials to a function Azure Powershell

Hi all I'm trying to pass server login credentials to my 'createSQLServer function but keep hitting the error 'Cannot process argument transformation on parameter 'creds'.userName'' I've tried a lot of different, even tried with a 'param block' but stull stuck. A push in the right direction would be appreciated, cheers.
###### SQL SERVER LOGIN CREDENTIALS
$userName = "aaron"
$password = "Password_1234"
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword
### SQL server names with resource group name appeneded
$server1 = "sqlserver1" + $resGroup
$serVerion = "12.0"
function createSQLserver ([string]$server1,[string]$server2, [string]$server3, [System.Management.Automation.PSCredential]$creds,[string]$server1Location, [string]$server2Location, [string]$server3Location, [string]$resGroup, [string]$serVerion, [string]$userName, [string]$password, [SecureString]$securePassword)
{
#Create server 1(Server A)
<#check to see if server exists - It exists, $continue is created and passed to
if statement to append two random characters to name#>
Write-Host "Creating First SQL Server"
$sqlServer = New-AzureRmSqlServer -ServerName $server1 -SqlAdministratorCredentials $creds -Location $server1Location -ResourceGroupName $resGroup -ServerVersion $serVerion -ErrorVariable continue -ErrorAction SilentlyContinue
if ($continue)
{
do {
$server1 = $server1 + (rand)
$sqlServer = New-AzureRmSqlServer -ServerName $server1 `
-SqlAdministratorCredentials $creds -Location $server1Location `
-ResourceGroupName $resGroup -ServerVersion "12.0" -ErrorVariable continue -ErrorAction SilentlyContinue
}
until(!$continue)
Write-Host 'exists creating new' $server1 'Created'
}else{
Write-Host $server1 ' Created'
}
Start-Sleep -s 2
}
createSQLserver $server1 $username $password $securePassword $creds $server1Location $resGroup $serVerion
You need to use your named parameters!
Here's a snippet of your first few parameters:
...
[string]$server1
,
[string]$server2
,
[string]$server3
,
[System.Management.Automation.PSCredential]$creds
...
And then the ones you're passing in to the function call
createSQLserver $server1 $username $password $securePassword ...
So because you're not using the names of your parameters, they are using their relative ordinal position i.e.
param | value
---------+----------------
$server1 | $server1
$server2 | $username
$server3 | $password
$creds | $securePassword
So what have we learned?
Always use named parameters!
createSQLserver -server1 $server1 -username $username -password $password -securePassword $securePassword
That should sort you out :-)

O365 bulk license

I am using this powershell script below to license bulk users in office365 by .csv file. The script will only work if the .csv file header is:
UserPrincipalName
example#jackson.k12.ms.us
But our .csv is formatted: "Alias","UPN"
"myrobinson","myrobinson#jackson.k12.ms.us"
I want to know how to recode this script so it works with our .csv file?
$path= Import-Csv -Path "\\11.10.38.142\Users\myrobinson\NewUsers.csv"
foreach ($item in $path){
$MSOLUserName= $item.UserPrincipalName
$password = ConvertTo-SecureString "support#Jpsd" -AsPlainText –Force
$credential = New-Object System.Management.Automation.PsCredential("admin#jpsd.onmicrosoft.com",$password)
$cred = Get-Credential -cred $credential
Import-Module MSOnline
Connect-Msolservice -cred $cred
$AccountSkuId = "jpsd:STANDARDWOFFPACK_FACULTY"
$UsageLocation = "US"
$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId
Set-MsolUser -UserPrincipalName $MSOLUserName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $MSOLUserName -AddLicenses
$AccountSkuId -LicenseOptions $LicenseOptions
}
Just replace $item.UserPrincipalName with $item.UPN.

How to set new-mailuser as password never expired

In my project, I need Exchange Online Powershell to create an Exchange Service Account.
Here is the code sample:
Set-ExecutionPolicy Unrestricted -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'admin#bdtest.onmicrosoft.com', $(ConvertTo-SecureString -String '123456' -AsPlainText -Force)
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Enable-OrganizationCustomization
$exists=Get-MailUser -Identity 'test1'
if ($exists) {{
remove-mailuser -Identity 'test1' -confirm:$false
}}
New-MailUser -Name 'test1' -DisplayName 'test' -MicrosoftOnlineServicesID 'test1#bdtest.onmicrosoft.com' -Password $(ConvertTo-SecureString -String '123456' -AsPlainText -Force)
New-ManagementRoleAssignment -Role 'ApplicationImpersonation' -User 'test1'
New-ManagementRoleAssignment -Role 'Mailbox Search' -User 'test1'
Remove-PSSession $session
what I want to know is:
when the password is expired ?
How I can set it as never expired?
Setting password to never expire is not possible using Exchange Online cmdlets, you have to use Office365 cmdlets(and therefore MSOnline module, http://technet.microsoft.com/en-us/library/jj151815.aspx).
Add this to the bottom of your script:
Connect-MsolService -Credential $cred
Get-MSOLUser -SearchString test1 | Set-MsolUser -PasswordNeverExpires $true