https://janikvonrotz.ch/tags/office365/ Recent content in Office365 on Janik von Rotz Hugo en Fri, 18 Oct 2013 13:04:41 +0000 https://janikvonrotz.ch/2013/10/18/adfs-login-customization/ Fri, 18 Oct 2013 13:04:41 +0000 https://janikvonrotz.ch/2013/10/18/adfs-login-customization/ <p>The purpose of this article is to show the intention and implemention of the most common modifications for the ADFS login page.</p> <p>Out of the box the login form should look like this:</p> <p><a href="https://janikvonrotz.ch/wp-content/uploads/2013/10/ADFS-Login-page.png"><img src="https://janikvonrotz.ch/wp-content/uploads/2013/10/ADFS-Login-page.png" alt="ADFS Login page"></a>The f.e. is by default the page url, this can confuse the user, due they expect something like &ldquo;your login&rdquo; or &ldquo;Office365 Login&rdquo;.</p> <!-- raw HTML omitted --> <p>To add a logo you simply edit the <!-- raw HTML omitted -->web.config<!-- raw HTML omitted --> file.</p> <!-- raw HTML omitted --> <pre tabindex="0"><code> &lt;!-- &lt;add key=”logo” value=”logo.png” /&gt; --&gt; </code></pre><!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>This label is part of the page&rsquo;s localization, that means you have to edit the language resource file.</p> <p>The localization files are stored under <!-- raw HTML omitted -->App_GlobalResources<!-- raw HTML omitted --> there you&rsquo;ll find one file for every language CommonResources.<!-- raw HTML omitted -->en<!-- raw HTML omitted -->.resx.</p> <p>Edit the file of your language an replace the &ldquo;hint&rdquo; with you definition.</p> <!-- raw HTML omitted --> <p>In the root folder of the login page in the folder  <!-- raw HTML omitted -->MasterPages<!-- raw HTML omitted --> is a file named <!-- raw HTML omitted -->MasterPage.master<!-- raw HTML omitted -->. This file defines the look of the login page. To hide the title just comment this part out.</p> <pre tabindex="0"><code>&lt;!-- &lt;div class=&#34;GroupLargeMargin&#34;&gt; &lt;div class=&#34;TextSizeXLarge&#34;&gt; &lt;asp:Label ID=&#34;STSLabel&#34; runat&#34;server&#34;&gt;&lt;/asp:Label&gt; &lt;/div&gt; &lt;/div&gt; --&gt; </code></pre><!-- raw HTML omitted --> <p>With Office365 and ADFS it&rsquo;s possible to login from the <!-- raw HTML omitted -->microsoft Office365 login page<!-- raw HTML omitted --> or via a<!-- raw HTML omitted --> smart link<!-- raw HTML omitted --> to get directly redirected to the ADFS login page.</p> <p>The Office365 login page will process the username you enter and if it&rsquo;s a on premise user you&rsquo;ll get redirected to the ADFS login page. By default the ADFS login page doesn&rsquo;t care about the username you&rsquo;ve provided at the Office365 login page. To populate the username into the login field the ADFS page has be modified like this:</p> <!-- raw HTML omitted --> <p>Process username from the url parameter.</p> <!-- raw HTML omitted --> <pre tabindex="0"><code> public void Application_BeginRequest() { </code></pre><!-- raw HTML omitted --> <pre tabindex="0"><code> HttpRequest request = HttpContext.Current.Request; HttpResponse response = HttpContext.Current.Response; if ( !String.IsNullOrEmpty( request.Params[&#34;username&#34;] ) ) {     HttpCookie cookie = new HttpCookie( &#34;Office365Username&#34;, request.Params[&#34;username&#34;] );     cookie.Expires = DateTime.UtcNow.AddMinutes( 10 );     Response.Cookies.Add( cookie ); } </code></pre><!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Add the username parameter to the username box.</p> <!-- raw HTML omitted --> <pre tabindex="0"><code> using System; </code></pre><p>Paste the following code:</p> <pre tabindex="0"><code> using System.Web; </code></pre><p>Find the following and set your cursor to the next line down:</p> <pre tabindex="0"><code> protected void Page_Load( object sender, EventArgs e ) { </code></pre><p>Paste the following code:</p> <pre tabindex="0"><code> HttpCookie cookie = Context.Request.Cookies.Get( &#34;Office365Username&#34; ); if ( null != cookie &amp;&amp; !String.IsNullOrEmpty( cookie.Value ) ) {     UsernameTextBox.Text = cookie.Value;     cookie.Expires = DateTime.UtcNow.AddDays( -1 );     cookie.Value = &#34;&#34;;     Context.Response.Cookies.Add( cookie ); } </code></pre><p>Save and Close FormsSignIn.aspx.cs</p> https://janikvonrotz.ch/2013/09/30/manage-the-access-rights-to-the-office365-portal/ Mon, 30 Sep 2013 14:24:08 +0000 https://janikvonrotz.ch/2013/09/30/manage-the-access-rights-to-the-office365-portal/ <p>In addition to my last script showing how to manage the user licenses in Office365 I&rsquo;ve written a new script for assign, remove or replace the access rights in the office365 portal.</p> <p>The script has the same structure as the license management script, feel free as always to copy and alter this script or asking me questions about it.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e">&lt;# </span></span></span><span style="display:flex;"><span><span style="color:#75715e">$Metadata = @{ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Title = &#34;Set Office365 User Rights&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Filename = &#34;Set-O365UserRights.ps1&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Description = @&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">Manage Office365 portal access rights with ActiveDirectory groups. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">Assign Administration roles to the members of specified AD groups or by a users userprincipalname. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#34;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Tags = &#34;powershell, activedirectory, office365, user, rights&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Project = &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Author = &#34;Janik von Rotz&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> AuthorContact = &#34;https://janikvonrotz.ch&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> CreateDate = &#34;2013-08-13&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> LastEditDate = &#34;2013-09-26&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Url = &#34;https://gist.github.com/janikvonrotz/6218401&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Version = &#34;3.0.0&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> License = @&#39; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/3.0/ch/ or </span></span></span><span style="display:flex;"><span><span style="color:#75715e">send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#39;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e">} </span></span></span><span style="display:flex;"><span><span style="color:#75715e">#&gt;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">try</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># settings</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $MsolRoleConfig = @{ </span></span><span style="display:flex;"><span> ADGroup = <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-37011&#34;</span> <span style="color:#75715e"># O365F_Billing Administrator</span> </span></span><span style="display:flex;"><span> MsolRoleName = <span style="color:#e6db74">&#34;Billing Administrator&#34;</span> <span style="color:#75715e"># Get-MsolRole</span> </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> User = <span style="color:#e6db74">&#34;admin@vbluzern.onmicrosoft.com&#34;</span> <span style="color:#75715e"># O365F_Billing Administrator</span> </span></span><span style="display:flex;"><span> MsolRoleName = <span style="color:#e6db74">&#34;Company Administrator&#34;</span> <span style="color:#75715e"># Get-MsolRole</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># modules</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> Import-Module MSOnline </span></span><span style="display:flex;"><span> Import-Module MSOnlineExtended </span></span><span style="display:flex;"><span> Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># main</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># import credentials</span> </span></span><span style="display:flex;"><span> $Credential = Import-PSCredential $(Get-ChildItem -Path $PSconfigs.Path -Filter <span style="color:#e6db74">&#34;Office365.credentials.config.xml&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># connect to office365</span> </span></span><span style="display:flex;"><span> Connect-MsolService -Credential $Credential </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $UserAndMsolRole = @( </span></span><span style="display:flex;"><span> ($MsolRoleConfig | where{$_.ADGroup <span style="color:#f92672">-ne</span> $null} | %{$MsolRole = $_.MsolRoleName; $MsolRole = (Get-MsolRole | where{$_.Name <span style="color:#f92672">-eq</span> $MsolRole}); Get-ADGroupMember $_.ADGroup -Recursive |Get-ADUser | select UserPrincipalName, @{Name = <span style="color:#e6db74">&#34;MsolRole&#34;</span>; Expression={$MsolRole}}}), </span></span><span style="display:flex;"><span> ($MsolRoleConfig | where{$_.User <span style="color:#f92672">-ne</span> $null}| %{$MsolRole = $_.MsolRoleName; $_ | select @{L = <span style="color:#e6db74">&#34;UserPrincipalName&#34;</span>; E = {$_.User}},@{L = <span style="color:#e6db74">&#34;MsolRole&#34;</span>; E = {Get-MsolRole | where{$_.Name <span style="color:#f92672">-eq</span> $MsolRole}}}}) </span></span><span style="display:flex;"><span> ) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $MsolRoleMembers = Get-MsolRole | %{$MsolRole = $_; Get-MsolRoleMember -RoleObjectId $_.ObjectID -MemberObjectTypes User | where{$_.isLicensed} | select @{L = <span style="color:#e6db74">&#34;UserPrincipalName&#34;</span>; E = {$_.EmailAddress}},@{L = <span style="color:#e6db74">&#34;MsolRole&#34;</span>; E = {$MsolRole}}} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> (Get-MsolUser -All) | %{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $MsolUser = $_ </span></span><span style="display:flex;"><span> $AlreadyAssigned = $MsolRoleMembers | where{$_.UserPrincipalName <span style="color:#f92672">-eq</span> $MsolUser.UserPrincipalName} </span></span><span style="display:flex;"><span> $ToAssign = $UserAndMsolRole | where{$_.UserPrincipalName <span style="color:#f92672">-eq</span> $MsolUser.UserPrincipalName} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($AlreadyAssigned){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>(($ToAssign) <span style="color:#f92672">-and</span> ($AlreadyAssigned.MsolRole.ObjectId <span style="color:#f92672">-ne</span> $ToAssign.MsolRole.ObjectId)){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Replace role: </span>$($AlreadyAssigned.MsolRole.Name)<span style="color:#e6db74"> with: </span>$($ToAssign.MsolRole.Name)<span style="color:#e6db74"> for: </span>$($MsolUser.UserPrincipalName)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> Remove-MsolRoleMember -RoleMemberEmailAddress $MsolUser.UserPrincipalName -RoleMemberType User -RoleName $AlreadyAssigned.MsolRole.Name </span></span><span style="display:flex;"><span> Add-MsolRoleMember -RoleMemberEmailAddress $MsolUser.UserPrincipalName -RoleMemberType User -RoleName $ToAssign.MsolRole.Name </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">elseif</span>($ToAssign <span style="color:#f92672">-eq</span> $null){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Remove role: </span>$($AlreadyAssigned.MsolRole.Name)<span style="color:#e6db74"> for: </span>$($MsolUser.UserPrincipalName)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> Remove-MsolRoleMember -RoleMemberEmailAddress $MsolUser.UserPrincipalName -RoleMemberType User -RoleName $AlreadyAssigned.MsolRole.Name </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Role: </span>$($AlreadyAssigned.MsolRole.Name)<span style="color:#e6db74"> for: </span>$($MsolUser.UserPrincipalName)<span style="color:#e6db74"> is already assigned.&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">elseif</span>($ToAssign <span style="color:#f92672">-and</span> $MsolUser.IsLicensed){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Assign role: </span>$($ToAssign.MsolRole.Name)<span style="color:#e6db74"> for: </span>$($MsolUser.UserPrincipalName)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> Add-MsolRoleMember -RoleMemberEmailAddress $MsolUser.UserPrincipalName -RoleMemberType User -RoleName $ToAssign.MsolRole.Name </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">elseif</span>($ToAssign){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">throw</span> <span style="color:#e6db74">&#34;Not possible to assign role: </span>$($ToAssign.MsolRole.Name)<span style="color:#e6db74"> user: </span>$($MsolUser.UserPrincipalName)<span style="color:#e6db74"> has to be licensed.&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>}<span style="color:#66d9ef">catch</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Send-PPErrorReport -FileName <span style="color:#e6db74">&#34;DirSync.mail.config.xml&#34;</span> -ScriptName $MyInvocation.InvocationName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>}``` </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>[https<span style="color:#960050;background-color:#1e0010">:</span>//gist.github.com/janikvonrotz/<span style="color:#ae81ff">6763616</span>](https<span style="color:#960050;background-color:#1e0010">:</span>//gist.github.com/janikvonrotz/<span style="color:#ae81ff">6763616</span>) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;h1&gt;Requirements&lt;/h1&gt; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;ul&gt; </span></span><span style="display:flex;"><span> &lt;li&gt;&lt;a href=<span style="color:#e6db74">&#34;https://codeberg.org/janikvonrotz/Powershell-Profile&#34;</span>&gt;Powershell-Profile&lt;/a&gt;&lt;/li&gt; </span></span><span style="display:flex;"><span> &lt;li&gt;Office365 with ADFS and DirSync&lt;/li&gt; </span></span><span style="display:flex;"><span>&lt;/ul&gt; </span></span></code></pre></div> https://janikvonrotz.ch/2013/09/23/handling-user-password-change-and-expiration-issues-withoffice365-and-adfs-part-2/ Mon, 23 Sep 2013 08:50:49 +0000 https://janikvonrotz.ch/2013/09/23/handling-user-password-change-and-expiration-issues-withoffice365-and-adfs-part-2/ <p><a href="https://janikvonrotz.ch/2013/08/08/handling-user-password-change-and-expiration-issues-with-office365-and-adfs-part-1/">https://janikvonrotz.ch/2013/08/08/handling-user-password-change-and-expiration-issues-with-office365-and-adfs-part-1/</a></p> <p>This is part two of my experience in handling the password change office365 architecture issue.</p> <p>Last time I&rsquo;ve built a simple script  to notificate the users about the status of their passwords. In the mean time we (me and another employ of the &ldquo;<!-- raw HTML omitted -->vbl <!-- raw HTML omitted -->Informatik&rdquo;) built a simple website for the office365 users to change their password.</p> <p>The whole project is now available on <!-- raw HTML omitted --><a href="https://codeberg.org/janikvonrotz/ActiveDirectory-Password-Change">https://codeberg.org/janikvonrotz/ActiveDirectory-Password-Change</a><!-- raw HTML omitted --></p> <p>Checkout the instructions in the readme fileto set up the password change website.</p> <p>If you have setup the website already I recommend you to include the site with a sharepoint webpart here&rsquo;s an example:</p> <p><img src="https://janikvonrotz.ch/wp-content/uploads/2013/09/Passwortwechsel.png" alt="Passwortwechsel"></p> <!-- raw HTML omitted --> <!-- raw HTML omitted --> https://janikvonrotz.ch/2013/09/10/office365-adfs-chrome-login-fails/ Tue, 10 Sep 2013 13:49:40 +0000 https://janikvonrotz.ch/2013/09/10/office365-adfs-chrome-login-fails/ <p>Today I experienced an exotic behaviour, a client couldn&rsquo;t access his Office365 page due he wasn&rsquo;t able to login on the ADFS authentication prompt.</p> <p>After googling and binging (just kidding, <!-- raw HTML omitted -->NERD<!-- raw HTML omitted -->) I found a simple <!-- raw HTML omitted -->solution<!-- raw HTML omitted -->.</p> <p>[caption id=&ldquo;attachment_498&rdquo; align=&ldquo;aligncenter&rdquo; width=&ldquo;714&rdquo;]<!-- raw HTML omitted --><img src="https://janikvonrotz.ch/wp-content/uploads/2013/09/2013-09-10-13_24_09-Default-vblw2k12adfs1-Remotedesktopverbindung.png" alt="adfs disable extended protection"><!-- raw HTML omitted --> To turn Extended Protection off, on the AD FS server, launch IIS Manager, then, on the left side tree view, access Sites -&gt; Default Web Site -&gt; adfs -&gt; ls. Once you’ve selected the &ldquo;/adfs/ls&rdquo; folder, double-click the Authentication icon, then right-click Windows Authentication and select Advanced Settings… On the Advanced Settings dialog, choose Off for Extended Protection.[/caption]</p> <p> </p> <p>Disabling the extended windows authentication protection solved this issue, but I have to admit I&rsquo;m not quite sure about services depending on this settings, maybe you&rsquo;ll experience some other errors related to the ADFS service.</p> https://janikvonrotz.ch/2013/09/09/exchangeonline-owa-policies-disable-owa-light/ Mon, 09 Sep 2013 09:11:32 +0000 https://janikvonrotz.ch/2013/09/09/exchangeonline-owa-policies-disable-owa-light/ <p>To alter the Exchange owa policies you can access them Using the Office365 administration site and navigate to the Exchange section. In the default policy editor are only limited options available.</p> <!-- raw HTML omitted --> <p>In case you would like f.e. disable the outlook wep app light (which is not available in the web editor), you have to use the almighty PowerShell console.</p> <!-- raw HTML omitted --> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Get-OwaMailboxPolicy -Identity <span style="color:#e6db74">&#34;OwaMailboxPolicy-Default&#34;</span> | Set-OwaMailboxPolicy -OWALightEnabled $false </span></span></code></pre></div><p> </p> https://janikvonrotz.ch/2013/09/04/managed-metadata-in-sharepoint-2013office365/ Wed, 04 Sep 2013 09:33:48 +0000 https://janikvonrotz.ch/2013/09/04/managed-metadata-in-sharepoint-2013office365/ <p>The Managed Metadata feature in SharePoint 2010/2013/Office365 enables a new way to manage your documents and other company related informations.</p> <p>Yet most file systems store their files in an hierarchical structure, with SharePoint and the Managed Metadata Service you can setup a <!-- raw HTML omitted -->document management system<!-- raw HTML omitted -->.</p> <p>To get into this Managed Metadata Service thing, I&rsquo;ve found a great video.</p> <div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/j4psvjLtlno?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe> </div> https://janikvonrotz.ch/2013/08/27/manage-activedirectory-distribution-groups/ Tue, 27 Aug 2013 12:39:11 +0000 https://janikvonrotz.ch/2013/08/27/manage-activedirectory-distribution-groups/ <p>With Office365 connected with an ADFS you have to redesgin your Exchange distribution groups. ADFS only syncs distribution groups that have these definitions:</p> <!-- raw HTML omitted --> <p>My idea was simple, I&rsquo;m developing a script that creates for every OU and child OU I&rsquo;m chosing in the ActiveDirectory structure a distribution list containing the users of the chosen OU recursively.</p> <p>While developing this I&rsquo;ve added some cool features, in addition you can:</p> <!-- raw HTML omitted --> <p>By default the script will only add enabled users with an email address.</p> <p>This script makes use of the <!-- raw HTML omitted -->PowerShell Profile<!-- raw HTML omitted --> environment, f.e. the function <code>Send-PPErrorReport</code> sends an error report per email when the script fails or produces problems.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e">&lt;# </span></span></span><span style="display:flex;"><span><span style="color:#75715e">$Metadata = @{ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Title = &#34;New ActiveDirectory Distribution Groups&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Filename = &#34;New-ADDistributionGroups.ps1&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Description = &#34;Create or update ActiveDirectory distribution groups&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Tags = &#34;powershell, activedirectory, distribution, groups, create, update&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Project = &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Author = &#34;Janik von Rotz&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> AuthorContact = &#34;https://janikvonrotz.ch&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> CreateDate = &#34;2013-08-27&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> LastEditDate = &#34;2013-09-30&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Url = &#34;https://gist.github.com/6352037&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Version = &#34;1.1.0&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> License = @&#39; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/3.0/ch/ or </span></span></span><span style="display:flex;"><span><span style="color:#75715e">send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#39;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e">} </span></span></span><span style="display:flex;"><span><span style="color:#75715e">#&gt;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># modules</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span>Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># set OUs where the distributions groups should be enabled</span> </span></span><span style="display:flex;"><span>$OUs = @( </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;OU=Betrieb,OU=vblusers2,DC=vbl,DC=ch&#34;</span>}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;OU=Direktion,OU=vblusers2,DC=vbl,DC=ch&#34;</span>}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;OU=Finanzen,OU=vblusers2,DC=vbl,DC=ch&#34;</span>}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;OU=Personal,OU=vblusers2,DC=vbl,DC=ch&#34;</span>}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;OU=Technik,OU=vblusers2,DC=vbl,DC=ch&#34;</span>} </span></span><span style="display:flex;"><span>) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># list of users to exclude in distribution groups</span> </span></span><span style="display:flex;"><span>$ExcludeUsers = <span style="color:#e6db74">&#34;abascan&#34;</span>,<span style="color:#e6db74">&#34;ba test&#34;</span>,<span style="color:#e6db74">&#34;ba-service&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># list of distribution groups to exclude</span> </span></span><span style="display:flex;"><span>$ExcludeOUs = <span style="color:#e6db74">&#34;Verwaltungsrat&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># special configuration to handle special</span> </span></span><span style="display:flex;"><span>$Configs = @( </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;GL&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Geschäftsleitung Gruppe&#34;</span>) </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;GL erw&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Erweiterte Geschäftsleitung Gruppe&#34;</span>) </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Alle&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Technik&#34;</span>,<span style="color:#e6db74">&#34;Betrieb&#34;</span>,<span style="color:#e6db74">&#34;Personal&#34;</span>,<span style="color:#e6db74">&#34;Finanzen&#34;</span>,<span style="color:#e6db74">&#34;GL&#34;</span>,<span style="color:#e6db74">&#34;Kommunikation&#34;</span>,<span style="color:#e6db74">&#34;Sekretariat&#34;</span>) </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Alle mit Arbeitsplatz&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>,<span style="color:#e6db74">&#34;RemoveGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Alle&#34;</span>); </span></span><span style="display:flex;"><span> RemoveGroups = @(<span style="color:#e6db74">&#34;SPO_365E1License&#34;</span>) </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Alle ohne Arbeitsplatz&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;SPO_365E1License&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst A - Hermann M&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst A - Hermann M Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst A - Segui M&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst A - Segui M Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst B - Nietlispach M&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst B - Nietlispach M Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst B - Zaugg D&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst B - Zaugg D Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst C - Habegger R&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst C - Habegger R Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst C - Malbasic N&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst C - Malbasic N Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst D - Küchler P&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst D - Küchler P Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst D - Zimmermann L&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst D - Zimmermann L Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst E - Bechter K&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst E - Bechter K Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst E - Brunner R&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst E - Brunner R Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst F - Bieri René&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst F - Bieri René Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Fahrdienst F - Bieri Urs&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Fahrdienst F - Bieri Urs Gruppe&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Verkehrsdisponnenten&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;F_Verkehrsdisponnenten&#34;</span>); </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Personalkommission&#34;</span>; </span></span><span style="display:flex;"><span> Options = @(<span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>); </span></span><span style="display:flex;"><span> AddGroups = @(<span style="color:#e6db74">&#34;Personalkommission Abteilung&#34;</span>); </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># get all OUs recursive</span> </span></span><span style="display:flex;"><span>$OUs = $OUs | %{Get-ADOrganizationalUnit -Filter <span style="color:#e6db74">&#34;*&#34;</span> -SearchBase $_.Name} | where {<span style="color:#f92672">-not</span> ($ExcludeOUs <span style="color:#f92672">-contains</span> $_.Name)} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># check in every OU if a distribution group with the same name as the OU exist</span> </span></span><span style="display:flex;"><span>$OUs | %{$OU = $_.DistinguishedName; </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>(Get-ADGroup -Filter {SamAccountName <span style="color:#f92672">-eq</span> $_.Name <span style="color:#f92672">-and</span> GroupCategory <span style="color:#f92672">-eq</span> <span style="color:#e6db74">&#34;Distribution&#34;</span>} | Where-Object{$_.DistinguishedName <span style="color:#f92672">-like</span> <span style="color:#e6db74">&#34;*</span>$OU<span style="color:#e6db74">&#34;</span>}){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Update users in distribution group </span>$($_.Name)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> $ADGroup = Get-ADGroup -Filter {SamAccountName <span style="color:#f92672">-eq</span> $_.Name <span style="color:#f92672">-and</span> GroupCategory <span style="color:#f92672">-eq</span> <span style="color:#e6db74">&#34;Distribution&#34;</span>} </span></span><span style="display:flex;"><span> Get-ADGroupMember -Identity $ADGroup | %{Remove-ADGroupMember -Identity $ADGroup -Members $_ -Confirm:$false} </span></span><span style="display:flex;"><span> Get-ADUser -Filter {EmailAddress <span style="color:#f92672">-like</span> <span style="color:#e6db74">&#34;*&#34;</span>} -SearchBase $OU | where {$_.enabled <span style="color:#f92672">-eq</span> $true <span style="color:#f92672">-and</span> <span style="color:#f92672">-not</span> ($ExcludeUsers <span style="color:#f92672">-contains</span> $_.Name)} | where{$_ <span style="color:#f92672">-ne</span> $null} | %{Add-ADGroupMember -Identity $ADGroup -Members $_} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Create distribution group </span>$($_.Name)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> New-ADGroup -Name $_.Name -SamAccountName $_.Name -GroupCategory Distribution -GroupScope Universal -DisplayName $_.Name -Path $($_.DistinguishedName) -Description <span style="color:#e6db74">&#34;Distribution group for </span>$($_.Name)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> $ADGroup = Get-ADGroup $_.Name </span></span><span style="display:flex;"><span> Get-ADUser -Filter {EmailAddress <span style="color:#f92672">-like</span> <span style="color:#e6db74">&#34;*&#34;</span>} -SearchBase $_.DistinguishedName | where {$_.enabled <span style="color:#f92672">-eq</span> $true <span style="color:#f92672">-and</span> <span style="color:#f92672">-not</span> ($ExcludeUsers <span style="color:#f92672">-contains</span> $_.Name)} | where{$_ <span style="color:#f92672">-ne</span> $null} | %{Add-ADGroupMember -Identity $ADGroup -Members $_} </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># custom configuration</span> </span></span><span style="display:flex;"><span>$Configs | %{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $ADGroup = Get-ADGroup -Identity $_.Name </span></span><span style="display:flex;"><span> $Config = $_ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($_.Options <span style="color:#f92672">-match</span> <span style="color:#e6db74">&#34;UpdateFromGroups&#34;</span>){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Add users from </span>$($Config.AddGroups)<span style="color:#e6db74"> to </span>$($ADGroup.Name)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> Get-ADGroupMember -Identity $ADGroup | %{Remove-ADGroupMember -Identity $ADGroup -Members $_ -Confirm:$false} </span></span><span style="display:flex;"><span> $Config.AddGroups | %{Get-ADGroupMember -Identity $_ -Recursive | Get-ADUser | where {($_.enabled <span style="color:#f92672">-eq</span> $true) <span style="color:#f92672">-and</span> <span style="color:#f92672">-not</span> ($ExcludeUsers <span style="color:#f92672">-contains</span> $_.Name)}} | select -Unique | %{Add-ADGroupMember -Identity $ADGroup -Members $_} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($_.Options <span style="color:#f92672">-match</span> <span style="color:#e6db74">&#34;RemoveGroups&#34;</span>){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Remove users from </span>$($Config.RemoveGroups)<span style="color:#e6db74"> in </span>$($ADGroup.Name)<span style="color:#e6db74">.&#34;</span> </span></span><span style="display:flex;"><span> $ADGroupMembers = Get-ADGroupMember -Identity $ADGroup </span></span><span style="display:flex;"><span> $Config.RemoveGroups | %{Get-ADGroupMember -Identity $_ -Recursive | Get-ADUser | where {($ADGroupMembers <span style="color:#f92672">-match</span> $_) <span style="color:#f92672">-and</span> ($_.enabled <span style="color:#f92672">-eq</span> $true) <span style="color:#f92672">-and</span> <span style="color:#f92672">-not</span> ($ExcludeUsers <span style="color:#f92672">-contains</span> $_.Name)}} | select -Unique | %{Remove-ADGroupMember -Identity $ADGroup -Members $_ -Confirm:$false} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span>($error){ </span></span><span style="display:flex;"><span> Send-PPErrorReport -FileName <span style="color:#e6db74">&#34;activedirectory.mail.config.xml&#34;</span> -ScriptName $MyInvocation.InvocationName </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Latest version of this script: <!-- raw HTML omitted --><a href="https://gist.github.com/6352037">https://gist.github.com/6352037</a><!-- raw HTML omitted --></p> https://janikvonrotz.ch/2013/08/23/create-a-office365-user-license-report/ Fri, 23 Aug 2013 12:14:46 +0000 https://janikvonrotz.ch/2013/08/23/create-a-office365-user-license-report/ <p>With over 350 users in the Office365 cloud as in my case it&rsquo;s difficult being aware of which licenses I really need.</p> <p>To help my out I&rsquo;ve made an ActiveDirectory group which holds the allowed Office365 users. And with this PowerShell script I look up every Office365 user and his licenses and check if this users is allowed to use Office365.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># modules</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Import-Module MSOnline </span></span><span style="display:flex;"><span>Import-Module MSOnlineExtended </span></span><span style="display:flex;"><span>Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># main</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># declaration</span> </span></span><span style="display:flex;"><span>$Licenses = @() </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># import credentials</span> </span></span><span style="display:flex;"><span>$Credential = Import-PSCredential $(Get-ChildItem -Path $PSconfigs.Path -Filter <span style="color:#e6db74">&#34;Office365.credentials.config.xml&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># SID is SPO_365Users</span> </span></span><span style="display:flex;"><span>Write-Host <span style="color:#e6db74">&#34;Get allowed ActiveDirectory users&#34;</span> </span></span><span style="display:flex;"><span>$AllowADUsers = Get-ADGroupMember <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-36655&#34;</span> -Recursive | Get-ADUser | where {$_.enabled <span style="color:#f92672">-eq</span> $true} | select userprincipalname <span style="color:#75715e"># SPO_365Users</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># connect to office365</span> </span></span><span style="display:flex;"><span>Connect-MsolService -Credential $Credential </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Write-Host <span style="color:#e6db74">&#34;Get Office365 users&#34;</span> </span></span><span style="display:flex;"><span>$MSOUsers = Get-MsolUser -All </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Write-Host <span style="color:#e6db74">&#34;Get ExchangeOnline mailboxes&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># import session</span> </span></span><span style="display:flex;"><span>$s = New-PSSession -ConfigurationName Microsoft.Exchange ` </span></span><span style="display:flex;"><span> -ConnectionUri https<span style="color:#960050;background-color:#1e0010">:</span>//ps.outlook.com/powershell ` </span></span><span style="display:flex;"><span> -Credential $(Get-Credential -Credential $Credential) ` </span></span><span style="display:flex;"><span> -Authentication Basic ` </span></span><span style="display:flex;"><span> -AllowRedirection </span></span><span style="display:flex;"><span>Import-PSSession $s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># get upn of every mailbox</span> </span></span><span style="display:flex;"><span>$MSOMailboxes = Get-Mailbox | select UserPrincipalName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$MSOUsers | <span style="color:#66d9ef">foreach</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Progress -Activity <span style="color:#e6db74">&#34;Report licenses&#34;</span> -status $_.UserPrincipalName -percentComplete ([<span style="color:#66d9ef">int</span>]([<span style="color:#66d9ef">array</span>]::IndexOf(([<span style="color:#66d9ef">array</span>]$MSOUsers), $_)/([<span style="color:#66d9ef">array</span>]$MSOUsers).count*<span style="color:#ae81ff">100</span>)) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $UserPrincipleName = $_.UserPrincipalName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $License = $_ | Select-Object -Property UserPrincipalName, </span></span><span style="display:flex;"><span> @{ Name = <span style="color:#e6db74">&#34;Package&#34;</span>; </span></span><span style="display:flex;"><span> Expression = { </span></span><span style="display:flex;"><span> $_.Licenses | ForEach-Object{$_.AccountSkuId} </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ Name = <span style="color:#e6db74">&#34;Licenses&#34;</span>; </span></span><span style="display:flex;"><span> Expression = { </span></span><span style="display:flex;"><span> $_.Licenses | ForEach-Object{ </span></span><span style="display:flex;"><span> $_.ServiceStatus | Where-Object{$_.ProvisioningStatus <span style="color:#f92672">-ne</span> <span style="color:#e6db74">&#34;Disabled&#34;</span>} </span></span><span style="display:flex;"><span> } | ForEach-Object{ </span></span><span style="display:flex;"><span> $_.ServicePlan.ServiceName </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ Name = <span style="color:#e6db74">&#34;IsAllowedOffice365User&#34;</span>; </span></span><span style="display:flex;"><span> Expression = { </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($AllowADUsers <span style="color:#f92672">-match</span> $UserPrincipleName){$true}<span style="color:#66d9ef">else</span>{$false} </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> @{ Name = <span style="color:#e6db74">&#34;HasMailboxInCloud&#34;</span>; </span></span><span style="display:flex;"><span> Expression = { </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($MSOMailboxes <span style="color:#f92672">-match</span> $UserPrincipleName){$true}<span style="color:#66d9ef">else</span>{$false} </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Licenses += $License </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$Licenses | Out-GridView </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span>($error){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Send-PPErrorReport -FileName <span style="color:#e6db74">&#34;DirSync.mail.config.xml&#34;</span> -ScriptName $MyInvocation.InvocationName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Latest version of this snippet: <!-- raw HTML omitted --><a href="https://gist.github.com/6317367">https://gist.github.com/6317367</a><!-- raw HTML omitted --></p> <!-- raw HTML omitted --> <!-- raw HTML omitted --> https://janikvonrotz.ch/2013/08/21/exchangeonline-region-presettings/ Wed, 21 Aug 2013 15:37:23 +0000 https://janikvonrotz.ch/2013/08/21/exchangeonline-region-presettings/ <p>This post is part of my Office365 experience. Today I&rsquo;ve made a script to get startet with the ExchangeOnline PowerShell console.</p> <p>Every time a user logged in for the first time into the Office365 Outlook webapp, he had to set his regional configuration.</p> <!-- raw HTML omitted --> <p>Despite it&rsquo;s not a lot of effort to change that, the timezone settings can be very confusing.</p> <p>Running this script on random windows machine will open a ExchangeOnline PowerShell remote session and import them in your local session.</p> <p>After the import it&rsquo;s the local session pretends to be live on the ExchangeOnline server, your able to run every PowerShell Exchange CMDlet. Yeapeeee :)</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#66d9ef">try</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># settings</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Language = <span style="color:#e6db74">&#34;de-CH&#34;</span> </span></span><span style="display:flex;"><span> $TimeZone = <span style="color:#e6db74">&#34;W. Europe Standard Time&#34;</span> </span></span><span style="display:flex;"><span> $DateFormat = <span style="color:#e6db74">&#34;dd.MM.yyyy&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># main</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Credential = Import-PSCredential $(Get-ChildItem -Path $PSconfigs.Path -Filter <span style="color:#e6db74">&#34;Office365.credentials.config.xml&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $s = New-PSSession -ConfigurationName Microsoft.Exchange ` </span></span><span style="display:flex;"><span> -ConnectionUri https<span style="color:#960050;background-color:#1e0010">:</span>//ps.outlook.com/powershell ` </span></span><span style="display:flex;"><span> -Credential $(Get-Credential -Credential $Credential) ` </span></span><span style="display:flex;"><span> -Authentication Basic ` </span></span><span style="display:flex;"><span> -AllowRedirection </span></span><span style="display:flex;"><span> Import-PSSession $s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $ADUsers = Get-ADUser -Filter {Mail <span style="color:#f92672">-like</span> <span style="color:#e6db74">&#34;*&#34;</span>} -Properties sn, telephoneNumber, title </span></span><span style="display:flex;"><span> $Mailboxes = $(Get-Mailbox) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">foreach</span>($Mailbox <span style="color:#66d9ef">in</span> $Mailboxes){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Progress -Activity <span style="color:#e6db74">&#34;Update settings&#34;</span> -status $($Mailbox.Name) -percentComplete ([<span style="color:#66d9ef">Int32</span>](([<span style="color:#66d9ef">Array</span>]::IndexOf($Mailboxes, $Mailbox)/($Mailboxes.count))*<span style="color:#ae81ff">100</span>)) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Set mailbox language settings for </span>$($Mailbox.Name)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Set-MailboxRegionalConfiguration $Mailbox.Alias -Language $Language -TimeZone $TimeZone -LocalizeDefaultFolderName -DateFormat $DateFormat </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Set signature for </span>$($Mailbox.Name)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $ADUser = $ADUsers | where{$_.UserPrincipalName <span style="color:#f92672">-eq</span> $Mailbox.UserPrincipalName} | select -First <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># get phone number</span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($ADuser.telephoneNumber <span style="color:#f92672">-eq</span> $null){ </span></span><span style="display:flex;"><span> $telephoneNumber = <span style="color:#e6db74">&#34;+41 41 369 65 65&#34;</span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> $telephoneNumber = $ADuser.telephoneNumber </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Html = get-Content -Path $(Get-ChildItem -Path $PStemplates.Path -Filter <span style="color:#e6db74">&#34;vbl signature.html&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> $Text = get-Content -Path $(Get-ChildItem -Path $PStemplates.Path -Filter <span style="color:#e6db74">&#34;vbl signature.txt&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Html = $Html <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Firstname%%&#34;</span>,$ADUser.givenname ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Lastname%%&#34;</span>,$Aduser.sn ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Title%%&#34;</span>,$Aduser.title ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%PhoneNumber%%&#34;</span>,$telephoneNumber ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%FaxNumber%%&#34;</span>,<span style="color:#e6db74">&#34;041 369 65 00&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $Text = $Text <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Firstname%%&#34;</span>,$ADUser.givenname ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Lastname%%&#34;</span>,$Aduser.sn ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%Title%%&#34;</span>,$Aduser.title ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%PhoneNumber%%&#34;</span>,$telephoneNumber ` </span></span><span style="display:flex;"><span> <span style="color:#f92672">-replace</span> <span style="color:#e6db74">&#34;%%FaxNumber%%&#34;</span>,<span style="color:#e6db74">&#34;041 369 65 00&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Set-MailboxMessageConfiguration -Identity $Mailbox.Alias -SignatureHtml $HTML -AutoAddSignature $true -SignatureText $TEXT </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># delete pssession</span> </span></span><span style="display:flex;"><span> Remove-PSSession $s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>}<span style="color:#66d9ef">catch</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Send-PPErrorReport -FileName <span style="color:#e6db74">&#34;DirSync.mail.config.xml&#34;</span> -ScriptName $MyInvocation.InvocationName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p><!-- raw HTML omitted --><a href="https://gist.github.com/6294947">https://gist.github.com/6294947</a><!-- raw HTML omitted --></p> https://janikvonrotz.ch/2013/08/13/office365-and-adfs-activate-licenses-for-users-depending-on-ad-group-membership/ Tue, 13 Aug 2013 07:48:44 +0000 https://janikvonrotz.ch/2013/08/13/office365-and-adfs-activate-licenses-for-users-depending-on-ad-group-membership/ <p>On Office365 the users have to be licensed in order to get access to the Office365 application. I&rsquo;ve developed a PowerShell script which add a license depending on the group membership in the ActiveDirectory.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e">&lt;# </span></span></span><span style="display:flex;"><span><span style="color:#75715e">$Metadata = @{ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Title = &#34;Set Office365 Licenses by ActiveDirectory Group Membership&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Filename = &#34;Set-O365UserLicensesByADGroup.ps1&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Description = @&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">Adding license to a Office365 user as long the user is in the correct ActiveDirectory group </span></span></span><span style="display:flex;"><span><span style="color:#75715e">or in the white list, the users is active, the user has a mailbox. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">The script will remove inactive licenses or if necessary replace them. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#34;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Tags = &#34;powershell, activedirectory, office365, user, license, activation&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Project = &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Author = &#34;Janik von Rotz&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> AuthorContact = &#34;https://janikvonrotz.ch&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> CreateDate = &#34;2013-08-13&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> LastEditDate = &#34;2013-09-30&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Url = &#34;https://gist.github.com/janikvonrotz/6218401&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Version = &#34;3.0.0&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> License = @&#39; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/3.0/ch/ or </span></span></span><span style="display:flex;"><span><span style="color:#75715e">send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#39;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e">} </span></span></span><span style="display:flex;"><span><span style="color:#75715e">#&gt;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># settings</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$UsageLocation = <span style="color:#e6db74">&#34;CH&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$WhiteList = @{ </span></span><span style="display:flex;"><span> UserPrincipalName = <span style="color:#e6db74">&#34;admin@vbluzern.onmicrosoft.com&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span>}, </span></span><span style="display:flex;"><span>@{ </span></span><span style="display:flex;"><span> UserPrincipalName = <span style="color:#e6db74">&#34;bison.testoff368@vbl.ch&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span>}, </span></span><span style="display:flex;"><span>@{ </span></span><span style="display:flex;"><span> UserPrincipalName = <span style="color:#e6db74">&#34;bison.test07@vbl.ch&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span>}, </span></span><span style="display:flex;"><span>@{ </span></span><span style="display:flex;"><span> UserPrincipalName = <span style="color:#e6db74">&#34;bison.test@vbl.ch&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span>}, </span></span><span style="display:flex;"><span>@{ </span></span><span style="display:flex;"><span> UserPrincipalName = <span style="color:#e6db74">&#34;bison.testoff367@vbl.ch&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$LicenseConfig = @{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;SharePoint Online Plan 1&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:SHAREPOINTSTANDARD&#34;</span> </span></span><span style="display:flex;"><span> ADGroupSID = <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-37562&#34;</span> <span style="color:#75715e"># SPO_SharePointOnlinePlan1License</span> </span></span><span style="display:flex;"><span> Rule = <span style="color:#e6db74">&#34;&#34;</span> </span></span><span style="display:flex;"><span>}, </span></span><span style="display:flex;"><span>@{ </span></span><span style="display:flex;"><span> Name = <span style="color:#e6db74">&#34;Enterprise Plan 1&#34;</span> </span></span><span style="display:flex;"><span> License = <span style="color:#e6db74">&#34;vbluzern:STANDARDPACK&#34;</span> </span></span><span style="display:flex;"><span> ADGroupSID = <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-36657&#34;</span> <span style="color:#75715e"># SPO_365E1License</span> </span></span><span style="display:flex;"><span> Rule = <span style="color:#e6db74">&#34;MailBoxExistOnline&#34;</span> </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># modules</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span>Import-Module MSOnline </span></span><span style="display:flex;"><span>Import-Module MSOnlineExtended </span></span><span style="display:flex;"><span>Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># main</span> </span></span><span style="display:flex;"><span><span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># import credentials</span> </span></span><span style="display:flex;"><span>$Credential = Import-PSCredential $(Get-ChildItem -Path $PSconfigs.Path -Filter <span style="color:#e6db74">&#34;Office365.credentials.config.xml&#34;</span> -Recurse).FullName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Write-Host <span style="color:#e6db74">&#34;Get Office365 users&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># connect to office365</span> </span></span><span style="display:flex;"><span>Connect-MsolService -Credential $Credential </span></span><span style="display:flex;"><span>$MsolUsers = Get-MsolUser -All </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Write-Host <span style="color:#e6db74">&#34;Get ExchangeOnline mailboxes&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># import session</span> </span></span><span style="display:flex;"><span>$s = New-PSSession -ConfigurationName Microsoft.Exchange ` </span></span><span style="display:flex;"><span> -ConnectionUri https<span style="color:#960050;background-color:#1e0010">:</span>//ps.outlook.com/powershell ` </span></span><span style="display:flex;"><span> -Credential $(Get-Credential -Credential $Credential) ` </span></span><span style="display:flex;"><span> -Authentication Basic ` </span></span><span style="display:flex;"><span> -AllowRedirection </span></span><span style="display:flex;"><span>$EOMailboxes = Invoke-Command -Session $s -ScriptBlock{Get-MailBox} | select UserPrincipalName | %{<span style="color:#e6db74">&#34;</span>$($_.UserPrincipalName)<span style="color:#e6db74">&#34;</span>} </span></span><span style="display:flex;"><span><span style="color:#75715e"># remove session&#34;</span> </span></span><span style="display:flex;"><span>Remove-PSSession $s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># combine users and their license</span> </span></span><span style="display:flex;"><span>$LicenseAndUser = ($LicenseConfig | </span></span><span style="display:flex;"><span> %{$License = $_ ; Get-ADGroupMember $_.ADGroupSID -Recursive | Get-ADUser | where{$_.Enabled <span style="color:#f92672">-eq</span> $true} | </span></span><span style="display:flex;"><span> %{$_ | select UserPrincipalName, @{Name = <span style="color:#e6db74">&#34;License&#34;</span>; Expression = {$License.License}}, @{Name = <span style="color:#e6db74">&#34;Rule&#34;</span>; Expression = {$License.Rule}}} </span></span><span style="display:flex;"><span> }) + ($WhiteList | select @{Name = <span style="color:#e6db74">&#34;UserPrincipalName&#34;</span>; Expression = {$_.UserPrincipalName}}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;License&#34;</span>; Expression = {$_.License}}, </span></span><span style="display:flex;"><span> @{Name = <span style="color:#e6db74">&#34;Rule&#34;</span>; Expression = {<span style="color:#e6db74">&#34;&#34;</span>}}) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">foreach</span>($User <span style="color:#66d9ef">in</span> $MsolUsers){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># first check whitelist</span> </span></span><span style="display:flex;"><span> $Config = $LicenseAndUser | where{$_.UserPrincipalName <span style="color:#f92672">-eq</span> $User.UserPrincipalName} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>(($Config) <span style="color:#f92672">-and</span> ((($Config.Rule <span style="color:#f92672">-eq</span> <span style="color:#e6db74">&#34;MailBoxExistOnline&#34;</span>) <span style="color:#f92672">-and</span> ($EOMailboxes <span style="color:#f92672">-contains</span> $User.UserPrincipalName)) <span style="color:#f92672">-or</span> ($Config.Rule <span style="color:#f92672">-eq</span> <span style="color:#e6db74">&#34;&#34;</span>))){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($User.IsLicensed <span style="color:#f92672">-and</span> ($User.Licenses.AccountSkuId <span style="color:#f92672">-ne</span> $Config.License)){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Replace Office365 license: </span>$($User.Licenses.AccountSkuId)<span style="color:#e6db74"> with: </span>$($Config.License)<span style="color:#e6db74"> for user: </span>$($User.UserPrincipalName)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> $User.Licenses | %{Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -RemoveLicenses $_.AccountSkuId} </span></span><span style="display:flex;"><span> Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $Config.License </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">elseif</span>($User.IsLicensed){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;User: </span>$($User.UserPrincipalName)<span style="color:#e6db74"> is already licensed with: </span>$($Config.License)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Set Office365 license: </span>$($Config.License)<span style="color:#e6db74"> for user: </span>$($User.UserPrincipalName)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> Set-MsolUser -UserPrincipalName $User.UserPrincipalName -UsageLocation $UsageLocation </span></span><span style="display:flex;"><span> Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $Config.License </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($User.IsLicensed){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;Remove Office365 license: </span>$($User.Licenses.AccountSkuId)<span style="color:#e6db74"> from user: </span>$($User.UserPrincipalName)<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> $User.Licenses | %{Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -RemoveLicenses $_.AccountSkuId} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-Host <span style="color:#e6db74">&#34;User: </span>$($User.UserPrincipalName)<span style="color:#e6db74"> is not allowed&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span>($error){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Send-PPErrorReport -FileName <span style="color:#e6db74">&#34;DirSync.mail.config.xml&#34;</span> -ScriptName $MyInvocation.InvocationName </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>You&rsquo;ll get your <code>Office365AccountName</code> with this Office365 command <code>Get-MsolAccountSku</code></p> <p>Link to the newest version of this script: <!-- raw HTML omitted --><a href="https://gist.github.com/janikvonrotz/6218401">https://gist.github.com/janikvonrotz/6218401</a><!-- raw HTML omitted --></p> https://janikvonrotz.ch/2013/08/12/office365-sharepoint-backup-und-restore-facts-by-ioz-ag/ Mon, 12 Aug 2013 13:33:30 +0000 https://janikvonrotz.ch/2013/08/12/office365-sharepoint-backup-und-restore-facts-by-ioz-ag/ <p>In diesem Blogbeitrag schildern wir Ihnen die Fakten der Datensicherung Ihrer SharePoint Online Plattform:</p> <p><!-- raw HTML omitted -->SiteCollection<!-- raw HTML omitted --></p> <!-- raw HTML omitted --> <p><!-- raw HTML omitted -->Papierkorb<!-- raw HTML omitted --></p> <!-- raw HTML omitted --> <p>via <!-- raw HTML omitted -->IOZ AG Blog<!-- raw HTML omitted -->.</p> https://janikvonrotz.ch/2013/08/08/handling-user-password-change-and-expiration-issues-with-office365-and-adfs-part-1/ Thu, 08 Aug 2013 14:41:37 +0000 https://janikvonrotz.ch/2013/08/08/handling-user-password-change-and-expiration-issues-with-office365-and-adfs-part-1/ <p>Recently I&rsquo;ve setup a Office365 Service with ADFS (Active Directory Federation Service) and a DirSync Server.</p> <p>Sadly I forgot about a huge disadvantage in this architecture, due to using ADFS as an authentication provider, it&rsquo;s not possible to change a users password. The communication form the local ActiveDirectory environment to the cloud based Office365 services is only one directional.</p> <p>That&rsquo;s why there are only 2 options yet to handle the user password change and expiration:</p> <!-- raw HTML omitted --> <p>At this time option 1 is active in my environment and option 2 is my goal.</p> <p>In this post series want to show you the solution I&rsquo;ve developed.</p> <p>Let&rsquo;s start with password expiration. Because Office365 doesn&rsquo;t handle password expiration, that&rsquo;s why I have to use another channel to show the users on which date their passwords expire:  Let&rsquo;s do it with an bulk e-mail job.</p> <!-- raw HTML omitted --> <p>This part isn&rsquo;t a lot of effort. There are 2 requirements, one is a must and the other is optional:</p> <!-- raw HTML omitted --> <p>Now the script:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e">&lt;# </span></span></span><span style="display:flex;"><span><span style="color:#75715e">$Metadata = @{ </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Title = &#34;Send Password Expiration Reminder&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Filename = &#34;Send-PasswordExpirationReminder.ps1&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Description = &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Tags = &#34;powershell, script, jobs&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Project = &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Author = &#34;Janik von Rotz&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> AuthorContact = &#34;http://.janikvonrotz.ch&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> CreateDate = &#34;2013-08-08&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> LastEditDate = &#34;2013-11-25&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> Version = &#34;2.1.0&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"> License = @&#39; </span></span></span><span style="display:flex;"><span><span style="color:#75715e">This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or </span></span></span><span style="display:flex;"><span><span style="color:#75715e">send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. </span></span></span><span style="display:flex;"><span><span style="color:#75715e">&#39;@ </span></span></span><span style="display:flex;"><span><span style="color:#75715e">} </span></span></span><span style="display:flex;"><span><span style="color:#75715e">#&gt;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">try</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># modules</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------# </span> </span></span><span style="display:flex;"><span> Import-Module ActiveDirectory </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># settings</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------# </span> </span></span><span style="display:flex;"><span> $TriggerDays = <span style="color:#ae81ff">25</span>, <span style="color:#ae81ff">10</span>, <span style="color:#ae81ff">5</span>, <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> $SendLinkOnDays = <span style="color:#ae81ff">25</span>,<span style="color:#ae81ff">10</span>, <span style="color:#ae81ff">5</span>, <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> $DaysBeforeDisablingUsersWithPasswordNeverExpires = <span style="color:#ae81ff">180</span> </span></span><span style="display:flex;"><span> $ADGroup = <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-36648&#34;</span> <span style="color:#75715e"># Memberof GroupName should be &#34;SPO_PasswordNotification&#34; </span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># main</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">#--------------------------------------------------#</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># get mail config </span> </span></span><span style="display:flex;"><span> $Mail = Get-PPConfiguration $PSconfigs.Mail.<span style="color:#66d9ef">Filter</span> | %{$_.Content.Mail | where{$_.Name <span style="color:#f92672">-eq</span> <span style="color:#e6db74">&#34;PasswordReminder&#34;</span>}} | select -first <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># get days until password expires</span> </span></span><span style="display:flex;"><span> $MaxDays = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($MaxDays <span style="color:#f92672">-le</span> <span style="color:#ae81ff">0</span>){<span style="color:#66d9ef">throw</span> <span style="color:#e6db74">&#34;Domain &#39;MaximumPasswordAge&#39; password policy is not configured.&#34;</span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Set days when an email should be sent to inform the users</span> </span></span><span style="display:flex;"><span> $TriggerDays = <span style="color:#ae81ff">25</span>, <span style="color:#ae81ff">10</span>, <span style="color:#ae81ff">5</span>, <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> $SendLinkOnDays = <span style="color:#ae81ff">25</span>,<span style="color:#ae81ff">10</span>, <span style="color:#ae81ff">5</span>, <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">foreach</span>($TriggerDay <span style="color:#66d9ef">in</span> $TriggerDays){ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Memberof GroupName should be &#34;SPO_PasswordNotification&#34; </span> </span></span><span style="display:flex;"><span> Get-ADGroupMember $ADGroup -Recursive | </span></span><span style="display:flex;"><span> Get-ADUser -Properties Enabled, lastLogonTimestamp, PasswordNeverExpires, PasswordLastSet, Mail, DisplayName | </span></span><span style="display:flex;"><span> Select *, @{L = <span style="color:#e6db74">&#34;PasswordExpires&#34;</span>;E = { </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($_.PasswordNeverExpires){ </span></span><span style="display:flex;"><span> $DaysBeforeDisablingUsersWithPasswordNeverExpires - ((Get-Date) - ($_.PasswordLastSet)).Days </span></span><span style="display:flex;"><span> }<span style="color:#66d9ef">else</span>{ </span></span><span style="display:flex;"><span> $MaxDays - ((Get-Date) - ($_.PasswordLastSet)).Days </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> }} | </span></span><span style="display:flex;"><span> where{($_.Enabled <span style="color:#f92672">-eq</span> $true) <span style="color:#f92672">-and</span> ($_.PasswordExpires <span style="color:#f92672">-eq</span> $TriggerDay)} | %{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># set subject</span> </span></span><span style="display:flex;"><span> $Subject = <span style="color:#e6db74">&#34;Passwort Erinnerung: </span>$($_.DisplayName)<span style="color:#e6db74"> ihr Passwort läuft in </span>$($_.PasswordExpires)<span style="color:#e6db74"> Tagen ab&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> $BodyFont = <span style="color:#e6db74">&#34;font-size: 11pt; font-family: Calibri&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># create mail message</span> </span></span><span style="display:flex;"><span> $Body = <span style="color:#e6db74">&#34;&lt;p style = &#34;&#34;</span>$BodyFont<span style="color:#e6db74">&#34;&#34;&gt;Guten Tag </span>$($_.DisplayName)<span style="color:#e6db74"> &lt;br/&gt; &lt;br/&gt; Ihr Passwort läuft am </span>$(Get-Date (Get-Date).AddDays($_.PasswordExpires) -Format D)<span style="color:#e6db74"> ab.&lt;/b&gt;&lt;/p&gt;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">if</span>($SendLinkOnDays <span style="color:#f92672">-contains</span> $TriggerDay){ </span></span><span style="display:flex;"><span> $Body += <span style="color:#e6db74">&#34;&lt;p style = &#34;&#34;</span>$BodyFont<span style="color:#e6db74">&#34;&#34;&gt;Bitte ändern Sie das Passwort bevor es abläuft. Rufen Sie dazu die folgende Seite auf: &lt;a href=&#34;&#34;https://vbluzern.sharepoint.com/Support/_layouts/15/start.aspx#/SitePages/Passwortwechsel.aspx&#34;&#34; target=&#34;&#34;_blank&#34;&#34;&gt;Link&lt;/a&gt;&lt;/p&gt;&#34;</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> $Body += <span style="color:#e6db74">&#34;&lt;p style = &#34;&#34;</span>$BodyFont<span style="color:#e6db74">&#34;&#34;&gt;ACHTUNG! Dieses E-Mail wurde von einem unbeaufsichtigtem Konto verschickt, Antworten an den Sender dieser E-Mail werden nicht bearbeitet.&lt;/p&gt;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># send mail</span> </span></span><span style="display:flex;"><span> Write-PPEventLog <span style="color:#e6db74">&#34;</span>$($MyInvocation.InvocationName)<span style="color:#ae81ff">`n`n</span><span style="color:#e6db74">Send password reminder to </span>$($_.Mail)<span style="color:#e6db74">&#34;</span> -WriteMessage -Source <span style="color:#e6db74">&#34;Send Password Expiration Reminder&#34;</span> </span></span><span style="display:flex;"><span> Send-MailMessage -To $_.Mail -From $mail.FromAddress -Subject $Subject -Body $Body -SmtpServer $Mail.OutSmtpServer -BodyAsHtml -Priority High -Encoding ([<span style="color:#66d9ef">System.Text.Encoding</span>]::UTF8) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>}<span style="color:#66d9ef">catch</span>{ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> Write-PPErrorEventLog -Source <span style="color:#e6db74">&#34;Send Password Expiration Reminder&#34;</span> -ClearErrorVariable </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p><a href="https://gist.github.com/6184059">https://gist.github.com/6184059</a></p> <p>For the memberof Group I recommend to use the SID instead of the DN. I&rsquo;ll show you how the get the SID:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>PS C:Userssa-spadmin&gt; (Get-QADGroup <span style="color:#e6db74">&#34;SPO_PasswordNotification&#34;</span>).Sid </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> BinaryLength AccountDomainSid Value </span></span><span style="display:flex;"><span> ------------ ---------------- ----- </span></span><span style="display:flex;"><span> <span style="color:#ae81ff">28</span> S-<span style="color:#ae81ff">1</span>-<span style="color:#ae81ff">5</span>-<span style="color:#ae81ff">21</span>-<span style="color:#ae81ff">1744926098</span>-<span style="color:#ae81ff">708661255</span>-<span style="color:#ae81ff">2033415169</span> S-<span style="color:#ae81ff">1</span>-<span style="color:#ae81ff">5</span>-<span style="color:#ae81ff">21</span>-<span style="color:#ae81ff">1744926098</span>-<span style="color:#ae81ff">708661255</span>-<span style="color:#ae81ff">2033415169</span>-<span style="color:#ae81ff">36648</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>PS C:Userssa-spadmin&gt; Get-QADUser -MemberOf <span style="color:#e6db74">&#34;S-1-5-21-1744926098-708661255-2033415169-36648&#34;</span> </span></span></code></pre></div><!-- raw HTML omitted --> <p>Part two: <!-- raw HTML omitted --><a href="https://janikvonrotz.ch/2013/09/23/handling-user-password-change-and-expiration-issues-withoffice365-and-adfs-part-2/">https://janikvonrotz.ch/2013/09/23/handling-user-password-change-and-expiration-issues-withoffice365-and-adfs-part-2/</a><!-- raw HTML omitted --></p>