Tag Archives: Powershell

Office 365 – Creating Custom SKUs

If you are working with Office 365, one of the things you may need to do is provision an account with a subset of the Office 365 plans. For example, I have an E3 plan but I don’t want Skype for business or Exchange email, just Office 365 Pro Plus. (Why you would buy E3 when there is a ProPlus SKU, I don’t know but I’ve had to do this twice this month).

Making a custom plan is pretty straight forward.

First you need to get the account SKUs.

Get-MsolAccountSKu | fl

From there you will see all your SKUs. Use this to get its components:

$ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq "{SkuPartNumber}"}

List the components using $ServicePlans.

Finally make your custom SKU by running:


(In case it doesn’t wrap)


Replace company:EnterprisePack with your own SKU and you are off to the races. Final command is to assign it.

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

A great walk through can be found at http://exitcodezero.wordpress.com/2013/03/14/how-to-assign-selective-office-365-license-options/comment-page-1/


Provisioning Users in Office 365 Who are Not Provisioned

One of things when setting up Office 365 is to provision new accounts with licenses. There is a quick and easy way in Office 365 to get a list of these users and then provision these users. Login to your Office 365 account via PowerShell

Get-MSOLUser -Domain "contoso.com" -UnlicensedUsersOnly -All | Select UserPrincipalName | Export-Csv -Path 

Once you have a file full of your unlicensed users you can then set each of the users with an Office 365 License. Using the same filename we created above we can run the following command which will basically loop for each user in the file and set the license.
Import-Csv -Path “c:\temp\filename.csv” |%{Set-MsolUserLicense -userPrincipalName $_.UserPrincipalName -AddLicenses “contso:ENTERPRISEPACK”}

How did I get the license to use? Easy, Just run  Get-MsolAccountSku and it will list off your licenses. For a full page of information check the TechNet blog for more of these.  I am also sure there is a way you can use a variable to pass the values on without creating a file, but I do like having the file for a sanity check if something goes wrong.


Using PowerShell to Set Properties on a List of Groups

In a previous post on Using PowerShell to Get a List of Groups from Active Directory, I showed you how to get a list of groups and export it to a CSV file. Now that we’ve done that, I’ll show you how to use that data to feed another set of commands where you can edit the groups. If you work with Address Book Segregation or new Address Lists in Office 365, you’ll need to do this at some point so that the data populates.

Lets import the file we created in PowerShell in that last post and import it into the routine here.

Import-csv $filename | %{Set-ADGroup -Identity $_.SamAccountName -Replace @{extensionAttribute1="YourTextHere"} }

What we are doing is importing the CSV file and then for each line in the file (the % {} handles that), we are using the Set-ADGroup cmdlet using the SamAccountName column as our identity and replacing extensionAttribute1 with a string of “YourTextHere”. You can change anything you want on the group, name description, etc.

Note that I am using $filename for the filename value. You can also use a string, say “.\filename.csv” as that works fine as well. I often use $filename as I am usually doing this in a routine which runs daily and I am changing the filename based on date. In a future post I’ll share with you my user provisioning PowerShell script for Office 365 which licenses up the users.

Windows Modern Apps not Running Properly

Ever work on windows 8 or 8.1 and find the modern apps won’t start?

Yesterday I tried opening my modern apps and all I’d get is a black screen then bomb back to the start screen.

Piss me off, I wanted to use the music app to drown out the background noise around the office.  So I dug into it and found this handy PowerShell script.

((Get-ChildItem “HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications”) | Get-ItemProperty).Path | Add-AppxPackage -Register -DisableDevelopmentMode

I ran that and I was back in business. Or back into Xbox Music. I found this script on this article:


Saving an Office 365 PowerShell Export with the Current Date in Filename

Powershell Logo

Working with PowerShell for my Office 365 projects, I have created a couple of scripts to provision users and to run through and assign users specific address books.

One of things I do is dump all my new users to a CSV file. However, I want a file created each time its run showing me which users are created.

First thing is to make a variable with the current date in the format you would like.

$CurrentDate = Get-Date -format dd.MMM.yyyy

Next I create the filename in a variable using the combination of the filename I want and the date variable.  (The code is all one line, but might not display that way here.)

$filename1 = "c:\Export\Users\Provision-Student" + $CurrentDate + ".csv"

Finally I then call the file by piping a command to export-csv.

Get-MsolUsers -All Domain "contoso.com"| Select UserPrincipalName | export-csv -path $filename1

I schedule this to run once daily and every day I have a file all my users in the contoso.com domain.

In another post I’ll show you how to clean up these files so you aren’t overrun with them.

Updating Hardware Devices Running Lync Phone Edition

I’ve had a Polycom CX600 sitting on my desk for a few months now. It’s been acting up in that it was unable to connect to the Lync server. I figured it needed an update but wasn’t sure how to update these devices.

Turns out there is a handy feature as part of Lync Server since 2010. Basically you download the updates, then run a powershell command.

Get-CsService -WebServer | ForEach-Object {Import-CsDeviceUpdate -Identity $_.Identity -FileName C:\updates\ucupdates.cab}

This will update all Lync servers running web services which in my case meant two standard edition servers. Which in turn will push the updates down to the devices. Pretty handy.

Generating a CSV file from Office 365

Powershell LogoSometimes you need to run a command against multiple users. Maybe like me, you have 40,000 to run against. Entering each user name manually sucks, using the GUI would be unusable.

To generate a CSV file that lists all users in a particular domain in Office 365:

Get-MsolUser -DomainName "contoso.com" -All | Select UserPrincipalName |Export-Csv -path "C:\Exports\MyNewCSVFile.csv"

Which in turn generates a file with a list of the UPNs in Office365.

From there I can the run a command which sets something against each user in my Office 365 tenant.

Import-Csv -Path "C:\Exports\MyNewCSVFile.csv"  |%{Set-MsolUser -userPrincipalName $_.UserPrincipalName -"Rest of the commands you want here"}

Pretty simple and straight forward. If you want to add say a date to the filename add this to the script.

$CurrentDate = Get-Date -format dd.MMM.yyyy
$filename = "C:\exports\yourfile" + $CurrentDate + ".csv"

This will allow you to create a variable $filename which will contain your file name and a date added to it.

Now for the path variable you can put $filename rather than the full c:\xxxx information. It also allows you to use it in a script that can be automated and you will have files left behind to look it for checks.



Scripting Office 365 Tasks with PowerShell – Auto Logon

I’ve been spending most of my summer in what I like to affectionately call “Email Hell”. We moved 80,000 student mailboxes from Live@Edu to Office 365. We implemented Active Directory Synchronization and implemented a non-standard ADFS deployment to provide better service to BYOD laptops then you would get with a standard ADFS deployment. I’ll post about this on its own post. It’s a deep solution will probably be two posts.

One of my tasks is to automate the creation of new users to Office 365. We use Forefront Identity Manager to provision new AD accounts from our student information system. Once they are in AD and are an active user, DirSync is configured to pick up these new accounts and create a Office 365 accounts. Works slick, but you then have to license up the account before it can be used. This you do not want to have to do manually, especially when you add several thousand students at school start-up. You also don’t want to have to remember everyday to go in and check for new students. We needed a script and it had to be hands off.  Lets look at what we need to do so the script can logon without end user intervention. I gathered this information from various blogs and TechNet articles. I’ll add links to those sites and as I come across them.

Normally one would run this set of commands to start working in Office 365:

$cred = Get-Credential 
Connect-MsolService -Credential $cred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 
https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $session

If it was the first time logging in, you would have to run:

Set-ExecutionPolicy Remote

First thing we need to is to store the password.

read-host -prompt "Enter password to be encrypted in mypassword.txt " 
-assecurestring | convertfrom-securestring | out-file C:\passwd\O365Passwd.txt

This will create a file that is encrypted and contains the password for your Office 365 account you entered the password for above. Please, minimum requirements to do what you need to do on this account! Do not give this  full admin rights. Next as part of the PowerShell script, add these lines to the top:

$mypass = cat C:\passwd\O365Passwd.txt | convertto-securestring
$mycreds = new-object -typename System.Management.Automation.PSCredential 
-argumentlist "PowershellAcct@yourdomain.onmicrosoft.com",$mypass
Import-Module MSOnline
Connect-MsolService -Credential $mycreds
$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange 
-ConnectionUri https://ps.outlook.com/powershell -Authentication Basic 
-AllowRedirection -Credential $mycreds
Import-PSSession $O365Session

Below this, add whatever code you want. Typically you will want to set usage location, set licenses and timezone and language.

We also turn off ActiveSync and Mobile OWA by default so we can enforce our MDM policy.

This gets you on the road to automating your Office 365 scripts.

Powershell Commands to Build a new AD Forest

Powershell LogoLooking to script your AD on Windows Server 2012? Here is the code you will need to create new forest on a new server. This could be useful for setting up some self service scripts for people setting up their own environment. Also, keep this handy when you want to deploy Windows Server 2012 but want to deploy Core instead of GUI.




# Windows PowerShell script for AD DS Deployment

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainMode “Win2012” `
-DomainName “ad.contoso.com” `
-DomainNetbiosName “AD” `
-ForestMode “Win2012” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SysvolPath “C:\Windows\SYSVOL” `


SQL Server DBA Event: Windows PowerShell Night

16th September, 2010 – Microsoft Canada Ottawa Office

Session 1: Windows PowerShell for the SQL Server DBA (6:00PM – 7:00PM)

Presenter: Edwin Sarmiento

Windows PowerShell is becoming the scripting language of choice for managing Microsoft servers and workstations. And while T-SQL is still the scripting language for DBAs to administer and manage SQL Server, there are tons of stuff that can be easily done with Windows PowerShell.

In this session, learn Windows PowerShell from the ground up and how you can use it with SQL Server Management Objects (SMO) to administer and manage a SQL Server instance

Session 2: Your SQL Server DBA PowerShell Scriptbox (7:15PM to 8:15PM)

Presenter: Edwin Sarmiento

Do your day-to-day tasks with Windows PowerShell. And while Windows PowerShell is not intended to replace T-SQL, see how a multi-line T-SQL script can be translated in a one-liner code in Windows PowerShell. In this session, you will see how to use Windows PowerShell to perform tasks such as run SQL Server audits, check for SQL Server Agent job and backup status, generate backups and many more.

Edwin Sarmiento works as a Senior SQL Server DBA/Windows Engineer for Pythian in Ottawa, ON in Canada. Prior to joining Pythian, he was a senior systems engineer/DBA for Fujitsu Asia Pte Ltd in Singapore and is responsible for maintaining 200+ servers and databases for a global client in 10 countries.  He is very passionate about technology but has interests in music, professional and organizational development, leadership and management matters when not working with databases.  He lives up to his primary mission statement – "To help people grow and develop their full potential as God has planned for them"
He wants the whole world to know that the FILIPINO is a world-class citizen and brings JESUS CHRIST to the world.

Register for this event