Manage Cloud Identities with Microsoft PowerShell

Scenario

Heidi isn’t a great expert with PowerShell, but she is determined to get to grips with it and find out how it can help automate the processes of administering Office 365 user and group accounts. The Pilot Phase of the FastTrack process is a good time to learn these new skills and syntax.

The main tasks for this exercise are as follows:

1. Managing Users, Groups, and Licenses with Windows PowerShell 2. Bulk Provision Users with Windows PowerShell

 Task 1: Managing Users, Groups, and Licenses with Windows PowerShell 1. On LUC-CL1, on the desktop, right-click the Windows Azure Active Directory Module for

Windows PowerShell shortcut and click Run as administrator.

2. If a User Account Control dialog box appears, click Yes.

3. At the prompt, type the following command and press Enter:

Connect-msolservice

4. In the Enter Credentials dialog box log in as [email protected] (where XXX is your unique Lucerne Publishing number), with a password of Pa$$w0rd.

5. At the prompt, type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

New-MsolUser –UserPrincipalName [email protected] – DisplayName “Elisabeth Labrecque” –FirstName “Elisabeth” –LastName “Labrecque” –Password

‘Pa$$w0rd’ –ForceChangePassword $false –UsageLocation “CH”

6. At the prompt, type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

New-MsolUser –UserPrincipalName [email protected] – DisplayName “Liane Martin” –FirstName “Liane” –LastName “Martin” –Password ‘Pa$$w0rd’

–ForceChangePassword $false –UsageLocation “CH”

MCT USE ONL Y. STUDENT USE PROHIBITED

2-30 Managing Users, Groups, and Licenses

7. To create a Marketing group, at the prompt type the following command and press Enter:

New-MsolGroup –DisplayName “Marketing” –Description “Marketing department users”

8. To configure a variable for the group, at the prompt type the following command and press Enter:

$MktGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Marketing"}

9. To configure a variable for the first user account, at the prompt type the following command and press Enter:

$ELabrecque = Get-MsolUser | Where-Object {$_.DisplayName -eq "Elisabeth Labrecque"}

10. To configure a variable for the second user account, at the prompt type the following command and press Enter:

$LMartin = Get-MsolUser | Where-Object {$_.DisplayName -eq "Liane Martin"}

11. To add Elisabeth Labrecque to the Marketing group, at the prompt type the following command and press Enter:

AddMsolGroupMember GroupObjectId $MktGrp.ObjectId GroupMemberType "User" -GroupMemberObjectId $ELabrecque.ObjectId

12. To add Liane Martin to the Marketing group, at the prompt type the following command and press Enter:

AddMsolGroupMember GroupObjectId $MktGrp.ObjectId GroupMemberType "User" -GroupMemberObjectId $LMartin.ObjectId

13. To verify the members of the Marketing group, at the prompt type the following command and press Enter:

Get-MsolGroupMember -GroupObjectId $MktGrp.ObjectId

14. To determine which users are unlicensed, at the prompt type the following command and press Enter:

Get-MsolUser -UnlicensedUsersOnly

15. To license Elizabeth Labrecque, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

Set-MsolUserLicense -UserPrincipalName [email protected] – AddLicenses “LucernePublishingXXX:ENTERPRISEPACK”

16. To license Liane Martin, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

Set-MsolUserLicense -UserPrincipalName [email protected] – AddLicenses “LucernePublishingXXX:ENTERPRISEPACK”

17. To prevent a user from signing in, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

SetMsolUser UserPrincipalName [email protected] -blockcredential $true

MCT USE ONL Y. STUDENT USE PROHIBITED

Managing Office 365 Identities and Services 2-31

18. To delete a user, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

Remove-MsolUser –UserPrincipalName [email protected] – Force

19. To view the deleted users list, at the prompt type the following command and press Enter:

Get-MsolUser –ReturnDeletedUsers

20. Verify that Elisabeth Labrecque in included in the deleted users list. Note that it specifies that she is still licensed.

21. To restore a deleted user, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

Restore-MsolUser –UserPrincipalName e[email protected] 22. To view the deleted users list, at the prompt type the following command and press Enter:

Get-MsolUser –ReturnDeletedUsers

23. Verify that Elisabeth Labrecque is no longer in the deleted users list.

24. To view the active users list, at the prompt type the following command and press Enter:

Get-MsolUser

25. Verify that Elisabeth Labrecque is included in the active users list.

26. To allow a user to sign in, at the prompt type the following command and press Enter (where XXX is your unique Lucerne Publishing number):

SetMsolUser UserPrincipalName [email protected] -blockcredential $false

 Task 2: Bulk Provision Users with Windows PowerShell 1. On LUC-CL1, on the Task bar, click File Explorer.

2. Navigate to E:\labfiles\Lab02.

3. Right-click O365users.csv, point to Open with, and click Notepad.

4. Click Edit, and then click Replace.

5. In Find what, enter XXX.

6. In Replace with, enter your unique three digit number from your Office 365 domain (as in lucernepublishingXXX.onmicrosoft.com).

7. Click Replace All.

8. Click Cancel.

9. Check that the XXX entries have been replaced with your unique Lucerne Publishing number.

10. Close O365Users.csv and in the Notepad message box, click Save.

11. To bulk import several users from a CSV file, copy and paste this code into the Administrator:

Windows Azure Active Directory Module for Windows PowerShell window on LUC-CL1 and press Enter:

MCT USE ONL Y. STUDENT USE PROHIBITED

2-32 Managing Users, Groups, and Licenses

ImportCsv Path e:\labfiles\lab02\O365Users.csv | ForEachObject { NewMsolUser -UserPrincipalName $_."UPN" -AlternateEmailAddresses $_."AltEmail" -FirstName

$_."FirstName" -LastName $_."LastName" -DisplayName $_."DisplayName" -BlockCredential

$False ForceChangePassword $False LicenseAssignment $_."LicenseAssignment" -Password $_."-Password" --PasswordNeverExpires $True -Title $_."Title" -Department

$_."Department" -Office $_."Office" -PhoneNumber $_."PhoneNumber" -MobilePhone

$_."MobilePhone" Fax $_."Fax" StreetAddress $_."StreetAddress" City $_."City" -State $_."-State" -PostalCode $_."PostalCode" -Country $_."Country" -UsageLocation

$_."UsageLocation" }

12. To view the active users list, at the prompt type the following command and press Enter:

Get-MsolUser

13. Switch back to Internet Explorer, click Admin, and then click Office 365.

14. On the left column, click users and groups.

15. Review the active users that you have just imported.

16. Click Admin and then click Exchange.

17. Under recipients, review the mailboxes and associated email addresses that have been created.

Results: Heidi can use Windows Azure PowerShell to manage Lucerne Publishing user and group accounts in Office 365.

Lab Discussion Questions

What process do you need to go through before you can use PowerShell to administer users and groups in Office 365?

Run Windows Azure Active Directory PowerShell with administrative rights, then execute the Connect-MSOL command. Provide the credentials of an account that has Global Admin or User Management Admin rights.

How would you design your group structure to minimize adding and removing people from groups?

Use nested groups and assign permissions to the group rather than to individuals.

MCT USE ONL Y. STUDENT USE PROHIBITED

Managing Office 365 Identities and Services 2-33