I’ve been spending most of my summer in what I like to affectionately call “Email Hell”. We moved 80,000 student mailboxes from Live@Edu to Office 365. We implemented Active Directory Synchronization and implemented a non-standard ADFS deployment to provide better service to BYOD laptops then you would get with a standard ADFS deployment. I’ll post about this on its own post. It’s a deep solution will probably be two posts.
One of my tasks is to automate the creation of new users to Office 365. We use Forefront Identity Manager to provision new AD accounts from our student information system. Once they are in AD and are an active user, DirSync is configured to pick up these new accounts and create a Office 365 accounts. Works slick, but you then have to license up the account before it can be used. This you do not want to have to do manually, especially when you add several thousand students at school start-up. You also don’t want to have to remember everyday to go in and check for new students. We needed a script and it had to be hands off. Lets look at what we need to do so the script can logon without end user intervention. I gathered this information from various blogs and TechNet articles. I’ll add links to those sites and as I come across them.
Normally one would run this set of commands to start working in Office 365:
$cred = Get-Credential Connect-MsolService -Credential $cred $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection Import-PSSession $session
If it was the first time logging in, you would have to run:
Set-ExecutionPolicy Remote
First thing we need to is to store the password.
read-host -prompt "Enter password to be encrypted in mypassword.txt " -assecurestring | convertfrom-securestring | out-file C:\passwd\O365Passwd.txt
This will create a file that is encrypted and contains the password for your Office 365 account you entered the password for above. Please, minimum requirements to do what you need to do on this account! Do not give this full admin rights. Next as part of the PowerShell script, add these lines to the top:
$mypass = cat C:\passwd\O365Passwd.txt | convertto-securestring $mycreds = new-object -typename System.Management.Automation.PSCredential -argumentlist "[email protected]",$mypass Import-Module MSOnline Connect-MsolService -Credential $mycreds $O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection -Credential $mycreds Import-PSSession $O365Session
Below this, add whatever code you want. Typically you will want to set usage location, set licenses and timezone and language.
We also turn off ActiveSync and Mobile OWA by default so we can enforce our MDM policy.
This gets you on the road to automating your Office 365 scripts.