Set-OrganizationConfing not recognised, even though I can Get-OrganizationConfig - powershell

I'm trying to set the 'Focused Inbox' to disabled for the whole organisation. I've found lots of scripts and tutorials online, most of which point toward using the Exchange Online Session in PowerShell.
e.g.:
https://learn.microsoft.com/en-us/office365/admin/setup/configure-focused-inbox?view=o365-worldwide
https://learn.microsoft.com/en-au/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
My PS script is as follows:
# Set up Credential
$UserCredential = Get-Credential
# Create the Exchange Online session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
# Import the cmdlets into this session
Import-PSSession $Session -DisableNameChecking
# Get a list of the organisation's current settings
Get-OrganizationConfig
# Now set the 'Focused Inbox' option to 'off' for everyone
Set-OrganizationConfig -FocusedInboxOn $false
# Must remove the session to avoid clogging and clutter
Remove-PSSession $Session
The 'Get-OrganizationConfig' command returns a full list of the current config:
However, when I execute the 'Set-OrganizationConfig' command, it fails with the following message:
Set-OrganizationConfig : The term 'Set-OrganizationConfig' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a
path was included, verify that the path is correct and try again.
My presumption is that it's a permissions issue, however, I can see all the organisation's config, and it's the cmdlet that's missing.
What is the problem?
I am:
Running PS as 'Adminstrator'
Using the 'SharePointAdmin' administrator account for the credentials

This was a permissions issue.
Create the $Session using an account that has Global Admin privileges in your O365 Tenant and you'll see that the 'Set-...' cmdlets automatically get downloaded and inserted into your session.

Related

Office 364 Audit logs: Search-UnifiedAuditLog is not recognized as the name of a cmdlet

I was trying to get read the AuditLogs from Office 365 via PowerShell, so we can analyse usage and have the data automatically be updated:
# Create/Import remote session (no errors, no warnings)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking -AllowClobber
Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 # <- Fails here
Error:
Search-UnifiedAuditLog : The term 'Search-UnifiedAuditLog' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Was that cmdlet removed or did I miss something?
If this no longer works is there another way to get the audit logs automatically?
I appearently was missing some access rights to Exchange, which meant certain commands were hidden for me.

Remote powershell sessions can only be established with interactively entered credentials?

I'm trying to automate a powershell script which gathers data from O365. I've got a special limited user setup with the privileges required on O365 and also with local logon allowed on the server so that I can "run-as" that user (which I do for all the scripts below. I have verified different, expected errors when running as other users).
The script works fine interactively when credentials are set like this and the session opened:
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
However, if I create the credentials file for automation with:
Get-Credential | Export-Clixml -Path C:\batch\${env:USERNAME}_cred.xml
And then access from the script via:
$cred = Import-Clixml -Path C:\batch\${env:USERNAME}_cred.xml
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
The credential file load appears to succeed. I then get "Access Denied" on the session open, and then of course the rest of the script fails due to the session being null. I'm cutting and pasting the password in all cases (plus have tried many, MANY times including hand typing) so I don't think it's a simple typo issue. Seems more like something I'm fundamentally misunderstanding about powershell. Ultimately I'd like to not just have the credentials automated, but also have it run from task scheduler if there's any special settings above and beyond that I also need.
I don't see anything wrong from your code from PowerShell perspective. I have tested the way you are creating credentials within a company domain and I was able to create new session by importing credential XML file that was created by exporting the credentials the way you did. I then assume it might be MS Exchange related.
I can suggest alternatives for you to try:
# First we need to get the encrypted password:
$TempCred = Get-Credential
# provide credentials to the prompt
# now the encryption to be saved in a file
$TempCred.Password | ConvertFrom-SecureString | Set-Content C:\mypass.txt
This was the encrypted version of your password is saved as a text.
In your automation script you can now do this:
$username = "yourusername"
$password = Get-Content C:\mypass.txt | ConvertTo-SecureString
$cred = New-Object System.Management.Automation.PsCredential($username, $password)
$session = New-PSSession -Credential $cred .....
I am not sure if this works in your case, it worked in my company domain. Once again it worked for me the XML version too. I am just providing alternatives to try if you are not keen to find out as to why the XML way did not work.
I was able to get this working, in my environment at least, by including a call to Import-PSSession:
$Credential = Import-Clixml -Path D:\Modules\O365Credentials.xml
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get-Mailbox
Does the account in question have MFA enabled? If so, you might try this.
This script:
Downloads Exchange Online Remote PowerShell Module
Installs Exchange Online PowerShell Module
Connects Exchange Online PowerShell using MFA
Or, you can perform these manually. More information, including a detailed walk-through, is available here:
https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/

Using invoke-command scriptblock with exchange management shell

I've written some scripts to automate some user add and user modifications functions. But there is one last piece to the puzzle I can't figure out.
I need to run some commands in exchange management shell on the exchange server from a local powershell session, like an invoke-command scriptblock.
Is this possible?
Will adding Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
to the beginning of my script block accomplish this?
As for this...
Will adding Add-PSSnapin
Microsoft.Exchange.Management.PowerShell.SnapIn
You can't do this natively, without installing the EMC directly on your host.
Secondly, there is no real reason to. You can use PSRemoting to proxy the Exchange cmdlets to your host. The cmdlets are only available during the session
This process is the same whether you are using Exchange on-prem or Exchange online, though Exchange Online points to the O365 URI.
This has been documented in several places via the MS provided docs as noted here:
Connect to Exchange servers using remote PowerShell
Connect to a remote Exchange server
1.On your local computer, open Windows PowerShell, and run the following command:
$UserCredential = Get-Credential
In the Windows PowerShell Credential Request dialog box that opens, enter your user principal name (UPN) (for example, chris#contoso.com) and password, and then click OK.
2.Replace with the fully qualified domain name of your Exchange server (for example, mailbox01.contoso.com) and run the following command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<ServerFQDN>/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Note: The ConnectionUri value is http, not https.
3.Run the following command:
Import-PSSession $Session -DisableNameChecking
https://learn.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
Remote PowerShell in Exchange 2013
1.On your local computer, open Windows PowerShell and execute the following command:
$UserCredential = Get-Credential
2.After entering the credentials prompted when you executed the above command, execute the following:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2013 Client Access server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential
3.Finally, import the session established above with the following:
Import-PSSession $Session
https://blogs.technet.microsoft.com/nathanscott/2015/06/14/remote-powershell-in-exchange-2013/
Yes you can, some commands have to be run locally, below is an example. You can do the same with Exchange.
Invoke-Command -ComputerName $srv -ScriptBlock{Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell;
Get-EngineUpdateInformation}

Import-PSSession fails in script, works in shell

I'm new to Powershell scripting and I'm working on a user management Powershell script, but I have run into a strange error.
The following code works when I run it from the shell, but not when it is run from a script:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI http://servername/Powershell/ -Authentication Kerberos -Credential $UserCredential -AllowRedirection
Import-PSSession $Session
When I run it in a script with a Param() block on the first line, it fails with the following error:
Import-PSSession: Cannot bind argument to parameter 'Path' becuase it is an empty string.
I can get the Import-PSSession to work if I remove my Param() block, but I'm not sure how to accept command-line arguments for my script otherwise. How can I keep the Param() block (or more generally, accept command-line arguments) and still be able to import the PS session?
I'm using Powershell v2 on a Windows 2008 R2 server trying to connect to a 2010 Exchange server.
Update:
I have a script named ManageUser.ps1 that I run from a Powershell prompt like
.\ManageUser.ps1 -disableUser -username someuser
The script starts like this:
Param(
[switch]$disableUser,
[string]$username
)
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI http://servername/Powershell/ -Authentication Kerberos -Credential $UserCredential -AllowRedirection
Import-PSSession $Session
#more stuff past here...
It is failing on the Import-PSSession command. But, if I remove the whole Param(...), the session import works. I hope this is enough for you to understand it!
Your script works fine on it's own and also when called from within another script:
& 'C:\Scripts\ManageUser.ps1' -disableUser -username "foo"
Get-Mailbox -resultsize 5 | ConvertTo-Csv -NoTypeInformation | Out-File C:\Scripts\mytest.csv
Subsequent runs will get the import error/warning due to not having -allowclobber as mentioned by #SamuelWarren...
In your case (at least when initially writing the question long ago) the error was due to another variable that you haven't mentioned here. It's likely you fixed that after the first run, and then subsequent tests were showing the AllowClobber error.
Also worth noting (for anybody who comes across this in the future) to check the path of the file you are calling. Just because you try to use a relative path .\myfile.ps1 doesn't mean that PowerShell is currently looking in the right directory.
Check: $psscriptroot
Or Split-Path -Path $($global:MyInvocation.MyCommand.Path)

Restart IIS on remote machine using Powershell

I have a TFSserver and a QAserver. I am using autodeployment using TFS and have a powershell script that do the requirement.
But I have a issue in restarting the QA server IIS from the same power shell script.
i am doing the following set of commands for restarting the IIS.
/*struser is in the administrator group of the QAserver
$cred = New-Object System.Management.Automation.PSCredential ("$QAserver$struser", $password )
$session = new-pssession $oceane_server -Auth Negotiate -Credential $cred
/* Some deployment script */
invoke-command -session $session -ScriptBlock {iisreset /stop}
Following error appears :
Access denied, you must be an administrator of the remote computer to use this
command. Either have your account added to the administrator local group of
the remote computer or to the domain administrator global group.
I could not find the solution for this. Any help would be appreciable.
The quick work around is to open all the ports of your server and run iisreset [MACHINENAME] /stop.
For powershell remoting, I use credssp because it allows the double-hop. Also, did you set your execution policy to bypass?
Set-ExecutionPolicy Bypass