O365 bulk license - powershell

I am using this powershell script below to license bulk users in office365 by .csv file. The script will only work if the .csv file header is:
UserPrincipalName
example#jackson.k12.ms.us
But our .csv is formatted: "Alias","UPN"
"myrobinson","myrobinson#jackson.k12.ms.us"
I want to know how to recode this script so it works with our .csv file?
$path= Import-Csv -Path "\\11.10.38.142\Users\myrobinson\NewUsers.csv"
foreach ($item in $path){
$MSOLUserName= $item.UserPrincipalName
$password = ConvertTo-SecureString "support#Jpsd" -AsPlainText –Force
$credential = New-Object System.Management.Automation.PsCredential("admin#jpsd.onmicrosoft.com",$password)
$cred = Get-Credential -cred $credential
Import-Module MSOnline
Connect-Msolservice -cred $cred
$AccountSkuId = "jpsd:STANDARDWOFFPACK_FACULTY"
$UsageLocation = "US"
$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuId
Set-MsolUser -UserPrincipalName $MSOLUserName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $MSOLUserName -AddLicenses
$AccountSkuId -LicenseOptions $LicenseOptions
}

Just replace $item.UserPrincipalName with $item.UPN.

Related

Having problems getting script to continue using workflow after dcpromo /unattend

Workflow Rename-DC
{
dcpromo /unattend:C:\Payload\AnswerFile.xml
Checkpoint-Workflow
New-ADOrganizationalUnit -Name "Admin" -Path "DC=ProjectX,DC=com"
Add-KdsRootKey EffectiveImmediately
New-ADServiceAccount -Name "Test Account" -DNSHostName "DC1.ProjectX.com" -Enabled $true
New-ADUser -Name "HelpDesk" -GivenName "Helpdesk" -Surname "" -SamAccountName helpdesk -UserprincipalName helpdesk#ProjectX.com -Path "OU=Admin,DC=ProjectX,DC=com"
Unregister-ScheduledJob -Name RenameDCResume
}
$Admin = "Administartor"
$Password = ConvertTo-SecureString -String "Passw0rd" -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PsCredential($Admin, $Password)
$AtStartup = New-JobTrigger -AtStartup
Register-ScheduledJob -Name RenameDCResume `
-Credential $Cred `
-Trigger $AtStartup `
-ScriptBlock {Import-Module PSWorkflow; `
Get-Job -Name RenameDomainController -State Suspended `
| Resume-Job}
Rename-DC -JobName RenameDomainController
Looking for some help with my workflow in PowerShell. the plan is to get the script to continue after the computer reboots for installation of the DC at line 3. However, the script doesn't seem to be continuing as planned at start up. Any ideas what I can do to correct this? Also, is the checkpoint after the dcpromo correct? Will it still take a checkpoint or will it ignore this as the reboot has already begun? would a PSPersist work better? Thanks in anticipation.

Enable O365 MFA with no old phone number via PowerSehll

I have create 2 x PowerShell script for enable and disable the MFA, it works, but when i want to remove the phone number , the disable MFA script do no remove the phone number. so when i enable the MFA again for the user. the old number is still there
Enable MFA
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #($mfa)
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"
Disable MFA
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #()
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"
I found the answer of myself
This code only disable the MFA but do not remove the phone numbers etc
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"
I have to add this as well to remove the phone numbers
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationMethods $auth"
So the code will looks like:
Import-Module MSOnline
$Username = 'o365admin#xxx.onmicrosoft.com'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = #()
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationMethods $auth"
Set-MsolUser -UserPrincipalName user#xxx.onmicrosoft.com -StrongAuthenticationRequirements $auth"

office 365 bulk add shared mailbox members via powershell

I have already created the shared mailbox in o365.
Now I need to bulk import members to these shared mailboxes.
How to do it in powershell ?
I want to do something like this
$users = import-csv -Path "C:\path\members.csv" -Delimiter ";"
Foreach ($user in $users){
Add-mailboxpermission -identity "name of the shared mail box" -user $user -accessrights FullAccess
}
any thoughts ?
Connecting to Office365 would be a good first step:
$AdminUsername = "admin#your-domain.onmicrosoft.com"
$AdminPassword = "YourPassword"
$AdminSecurePassword = ConvertTo-SecureString -String "$AdminPassword" -AsPlainText -Force
$AdminCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AdminUsername,$AdminSecurePassword
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $Admincredential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession
After you have a session you can play with the functions and add some logic:
$access = "FullAccess"
$mailbox = Get-Mailbox -Identity YourMailbox
$identity = $mailbox.UserPrincipalName
$permissions = Get-MailboxPermission -identity $identity
$users = Import-Csv -Path "C:\path\members.csv" -Delimiter ";"
foreach($user in $users){
try{
$setPermissions = Add-MailboxPermission -Identity $identity -User $user -AccessRights $access
Write-Host "Successfully added permissions for $user" -ForegroundColor Green
}catch{
Write-Host "Failed to add permissions for $user" -ForegroundColor Red
}
}
Remember to add users based on UserPrincipalName

Find the exact matched string from the variable

In the below code, $Result variable has the following information. I need to iterate below each line in $Result variable and get the <APPPOOL NAME> that is, "DefaultAppPool","Classic .NET AppPool" & ".NET v2.0 Classic" as an input to the second Invoke-Command saved in $Result2. Please advise how this can be accomplished.
$Result output:
APPPOOL "DefaultAppPool" (MgdVersion:v4.0,MgdMode:Integrated,state:Started)
APPPOOL "Classic .NET AppPool" (MgdVersion:v2.0,MgdMode:Classic,state:Started)
APPPOOL ".NET v2.0 Classic" (MgdVersion:v2.0,MgdMode:Classic,state:Started)
$Username = '<username>'
$Password = '<Password>'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $pass
$input_file_path = "servers.txt"
$output_path = "result.txt"
foreach ($server in Get-Content $input_file_path) {
$Result = Invoke-Command -ComputerName $server -Credential $Cred -ScriptBlock {
C:\Windows\system32\inetsrv\appcmd.exe list apppools
}
$Result | Add-Content $output_path
$Result2 = Invoke-Command -ComputerName #server -Credential $Cred -ScriptBlock {
C:\Windows\system32\inetsrv\appcmd.exe list apppools <APPPOOL NAME> /text:processmodel.username
}
}

PowerShell Script Runs Locally, but Errors on Remote

I have a PowerShell script I am writing to create new users in our domain, as well as email address. The script works when I run it directly on Exchange. However, if I try to do it from my local PC either with Enter-PSSession or Invoke-Command I get the error:
The term 'Get-ADUser' is not recognized as the name of a cmdlet...
Running that same command from the local machine does work. And running that command on the remote machine works, just not if I run the script remotely.
Here is my script:
$cred = Get-Credential
$first_name = Read-Host -Prompt "What is the new user's first name?"
$last_name = Read-Host -Prompt "What is the new user's last name?"
$copy_from = Read-Host -Prompt "Copy from other user (leave blank if not)?"
$password = Read-Host -Prompt "New user's password?"
$ss_password = ConvertTo-SecureString -String $password -AsPlainText -Force
$new_user_name = $last_name.Substring(0,3) + $first_name.Substring(0,2)
$new_user_name = $new_user_name.ToLower()
Write-Host "Creating user $new_user_name..." -ForegroundColor Green
if ([string]::IsNullOrEmpty($copy_from))
{
Write-Host "Setting up new user (not copying...)" -ForegroundColor Yellow
New-ADUser -Name "$first_name $last_name" -AccountPassword $ss_password -SamAccountName $new_user_name -PassThru | Enable-ADAccount
}
else
{
$copy_from_user = Get-ADUser -Identity $copy_from
Write-Host "Copying user from: " $copy_from_user.Name -ForegroundColor Yellow
$ou = $copy_from_user.DistinguishedName -replace '^cn=.+?(?<!\\),'
New-ADUser -Name "$first_name $last_name" -AccountPassword $ss_password -Path $ou -SamAccountName $new_user_name -PassThru | Enable-ADAccount
$new_user = Get-ADUser -Identity $new_user_name
#Time to copy their group memberships
Get-ADUser -Identity $copy_from -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members $new_user_name
}
$pn = $new_user_name + "#INDY"
Set-ADUser -Identity $new_user_name -GivenName $first_name -Surname $last_name -UserPrincipalName $pn
#Now create email
$email_select = Read-Host -Prompt "Select email domain (1. Woodmizer; 2. Lastec; 3. Brightstone)"
if ($email_select -eq 2)
{
$domain = "#lastec.com"
}
elseif ($email_select -eq 3)
{
$domain = "#brightstoneabrasives.com"
}
else
{
$domain = "#woodmizer.com"
}
$email_address1 = $first_name.Substring(0,1) + $last_name + $domain
Write-Host "Creating mailbox $email_address1..." -ForegroundColor Green
Enable-Mailbox -Identity $new_user_name -Database "Mailbox Database 1188513962"
Start-Sleep -s 10
Get-Mailbox -Identity $new_user_name | Set-Mailbox -EmailAddresses #{add="$email_address1"} -EMailAddressPolicyEnabled $false
Get-Mailbox -Identity $new_user_name | Set-Mailbox -PrimarySmtpAddress $email_address1 -EmailAddressPolicyEnabled $false
Write-Host "Finished." -ForegroundColor Green
If you want this script to run on machines that don't have the Active Directory module, you can simply add this to the top of your script to import the cmdlets via session..
$cred = Get-Credential "DOMAIN\adminuser"
$ADsession = New-PSSession -ComputerName DOMAINCONTROLLERNAME -Credential $cred
Import-Module -PSSession $ADsession ActiveDirectory
I also notice you're trying to run Exchange cmdlets..
$exchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://EXCHANGESERVER/PowerShell/" -Authentication Kerberos
Import-PSSession $exchSession
It looks like the ActiveDirectory module is not installed on that machine, you can install the MSFT RSAT tools to get it.
Try the following, It works!! {I tried after giving the Authentication type}
$pass = ConvertTo-SecureString -AsPlainText 'PASSWORD' -Force
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'USERNAME',$pass
$s=New-PSSession SERVERNAME -Credential $MySecureCreds -Authentication Credssp
Invoke-Command -Session $s -scriptblock {
Get-CsUser User
}