Monday, 25 August 2014

Office 365 PowerShell Commands Administration...


Load PowerShell Commands

To connect to Office365 via PowerShell:

 $Cred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection

Import-PSSession $Session

Import-Module MSOnline

Connect-MsolService –Credential $Cred

 ------------------------------------------------------------------------------------------------------

Disconnect PowerShell Session

Remove-PSSession $Session

[Alternative] rsn $Session

-------------------------------------------------------------------------------------------------------------------

Configure Mailbox Permissions

 To view Mailbox Permissions:

Get-MailboxPermission –Identity <MailboxID>

To Add Mailbox Permissions (Full Access):

Add-MailboxPermission -Identity <Mailbox ID 1> -User <Mailbox ID 2> -AccessRights  FullAccess -InheritanceType All

In this command line, <Mailbox ID 1> represents the target mailbox; <Mailbox ID 2> is the user who will be granted Full Access permission.

If an administrator wants to grant a user access to a room mailbox, the administrator may want to specify that user as the Owner. To do this, use the following command line:

Add-MailboxPermission -Identity <Mailbox ID 1> -Owner <Mailbox ID 2>

Note Only users who have Exchange mailboxes can be granted access to other mailboxes. Users who do not have mailboxes receive a permissions error when they try to access the other mailboxes.

To verify that the permissions are applied to Mailbox ID 1, use the following command:

Get-MailboxPermission -Identity <Mailbox ID 1> | Select User, AccessRights, Deny

Get-MailboxPermission -Identity “charterdg” | Select User, AccessRights, Deny

In the results, you should be able to confirm that <Mailbox ID 2> has been granted Full Access permission.

To remove the Full Access configuration on a mailbox, use the following command:

Remove-MailboxPermission -Identity <Mailbox ID 1> -User <Mailbox ID 2> -AccessRights FullAccess

-------------------------------------------------------------------------------------------------------


To grant Receive As access, use the steps that are described in the Grant full mailbox access section. Granting full mailbox access in Office 365 Exchange Online covers both the same permissions that are required for Receive As access.

-------------------------------------------------------------------------------------------------------


To view Send as Permissions:

Get-RecipientPermission -Identity <Mailbox ID 1>

To use PowerShell to configure a mailbox so that a user other than the mailbox owner can use that mailbox to send messages, use the following command:

Add-RecipientPermission -Identity <Mailbox ID 1> -Trustee <Mailbox ID 2> -AccessRights SendAs

In this command line, <Mailbox ID 1> represents the target contact/mailbox/distribution group; <Mailbox ID 2> is the user who you want to grant Send As permission.

To verify that the permissions are applied to Mailbox ID 1, using the following command:

Get-RecipientPermission -Identity <Mailbox ID 1> | Select Trustee, AccessControlType, AccessRights

In the results, you should be able to confirm that <Mailbox ID 2> has been granted Send As permission.

Note These permissions can be assigned to a user mailbox or Active Directory group objects.

To remove Send As settings from a mailbox, use the following command:

Remove-RecipientPermission -Identity <Mailbox ID 1> -AccessRights SendAs -Trustee <Mailbox ID 2>

-------------------------------------------------------------------------------------------------------

 

Configure "Send on behalf" permissions

To use PowerShell to grant a user the ability to send mail on behalf of another user, use the following command:

Set-Mailbox -Identity <Mailbox ID 1> -GrantSendOnBehalfTo <Mailbox ID 2>

Set-Mailbox -Identity mservices -GrantSendOnBehalfTo mservicesdg

Set-Mailbox -Identity support -GrantSendOnBehalfTo supportdg

In this command line, <Mailbox ID 1> represents the mailbox that you want to grant permissions to and <Mailbox ID 2> is the mailbox of the user who you want to grant access.

To verify that the permissions are applied to Mailbox ID 1, use the following command:

Get-Mailbox -Identity <Mailbox ID 1> | Select GrantSendOnBehalfTo

In the results, you should be able to confirm that <Mailbox ID 2> has been granted Send On Behalf permission.

Note These permissions can be assigned to a user mailbox or mail-enabled Active Directory security group objects.

To remove Send On Behalf permission from a mailbox, use the following command:

Set-Mailbox -Identity <Mailbox ID 1> -GrantSendOnBehalfTo $NULL

------------------------------------------------------------------------------------------------------ 

Calendar Permissions

To view permissions:

Add-mailboxpermission –identity <MailboxID:\calendar>

 Note: do not use the @domain for this first MailboxID

 Add-mailboxpermission –identity <MailboxID:\calendar> -user <MailboxID2> -AccessRights< attribute>

 Note: Most used attributes are Owner, Editor, Publishing Editor, Reviewer

 To Change Permissions:

Set-mailboxpermission –identity <MailboxID:\calendar> -user <MailboxID2> -AccessRights< attribute>

 

To Remove Permissions:

Remove-mailboxpermission –identity <MailboxID:\calendar> -user <MailboxID2> -AccessRights< attribute>

-------------------------------------------------------------------------------------------------------

 

Configure email forwarding

To configure mail forwarding for a mailbox by using PowerShell, use the following command:

Set-Mailbox -Identity "<Mailbox ID>" -ForwardingSmtpAddress "<Target SMTP Address>"

In this command line, <Target SMTP Address> can be either internal or external to Exchange Online.

Additionally, IT Gens should use the -DeliverToMailboxAndForward parameter to save a copy of the message to the local mailbox before the message is forwarded to another SMTP address. The following is an example:

Set-Mailbox -Identity "<Mailbox ID>" -ForwardingSmtpAddress "<Target SMTP Address>" –DeliverToMailboxAndForward $true

To verify that the permissions are applied to Mailbox ID 1, use the following command:

Get-Mailbox -Identity <Mailbox ID 1> | Select ForwardingSmtpAddress

To remove email forwarding that is configured on a mailbox, use the following command:

Set-Mailbox -Identity "<Mailbox ID>" -ForwardingSmtpAddress $NULL

-------------------------------------------------------------------------------------------------------


Set-MailboxRegionalConfiguration -Identity <mailboxID> -Language en-us -Timezone "Eastern Standard Time"

-------------------------------------------------------------------------------------------------------


get-user |export-csv  c:\users\extoluserlist.csv




Create new conference room:

New-Mailbox -Name "Test Room Mailbox" -Alias rm2 –Room

 Ex: New-Mailbox -Name "Conference Room - 1st floor - Lobby" -Alias "lobby_conf" –Room

-------------------------------------------------------------------------------------------------


Add-MailboxPermission -Identity <Mailbox ID 1> -Owner <Mailbox ID 2>

Ex: Add-MailboxPermission -Identity lobby_conf@XYZ.COM -Owner lconrads@XYZ.COM

 ------------------------------------------------------------------------------------------------

Change the Office 365 user Principle Name in Bulk

Script:

-------------------------------------------

$csv = import-csv "C:\temp\UPN.csv"

$csv  | Foreach {

$UserPrincipalName = $_.UserID

$NewUserPrincipalName = $_.newuserID

Set-MsolUserPrincipalName -UserPrincipalName $_.UserID -NewUserPrincipalName $_.newuserID

}

----------------------------------------------

.CSV format:

UserID,NewuserID

POC.Abc114@xyz.com,POC.Abc114@xyz.onmicrosoft.com

-------------------------------------------------------------------------------------------------

DIRECTORY SYNC command to get sync On-Premises AD to O365 Azure AD.

 Open a PowerShell command with Administration credential and run the below two commands:

 add-pssnapin Coexistence-Configuration
Start-OnlineCoexistenceSync


-------------------------------------------------------------------------------------------------



---------------------------------------------

$csv = Import-Csv “C:\temp\Contacts.csv”

foreach($line in $csv)

{

New-MailContact -Name $line.DisplayName -ExternalEmailAddress $line.EmailAddress -Alias $line.Alias

}

-----------------------------------------

.CSV format:

DisplayName,EmailAddress,Alias

Test.siemens(Lotus),Test.siemens@abc.com,Test.siemens

 

Deletion:

-----------------------------------------

$csv = Import-Csv “C:\temp\Remove-Contacts\Contacts.csv”

foreach($line in $csv)

{

Remove-MailContact -Identity $line.Alias -confirm:$false

}

-----------------------------------------

 .CSV format:

Alias

Test.siemens

Test.siemens1

Test.siemens2

-------------------------------------------------------------------------------------------------


 

Note: AD Quest PowerShell already installed in AD (PLSIE-DC2)

 

Get-QADUser -OrganizationalUnit "cg.corp/Service Accounts/O365" | ft FirstName,LastName,name,primarySMTPaddress,Initials

 ---------------------------------------------------------------------------------------

Set Password to Not Expire:
To set password never to expire for only one user please run below commands:
        Set-MsolUser -UserPrincipalName <Microsoft Online Services ID> -PasswordNeverExpires $true
        Get-MSOLUser -UserPrincipalName <Microsoft Online Services ID> | Select PasswordNeverExpires (verify if it was successful)
---Example---
Set-MsolUser -UserPrincipalName john@contoso.onmicrosoft.com -PasswordNeverExpires $true
To set password never to expire for all users please run below commands:
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
 
(To verify if it was successful)
 Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
-------------------------------------------------------------------------------------------------
CHANGE USER PRINCIPLE NAME
To update a non-federated user's UPN while they have a license, follow these steps:
 
Connect to Microsoft Online Services by using the Microsoft Online Services Module for Windows PowerShell
Run the following PowerShell cmdlet:
Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]
 ---------------------------------------------------------------------------------------------------
 
Thank You...
Avishek