With Intune / SCCM Hybrid, after upgrading SCCM to CB 1702, you might see the following error. Android for Work shows its status as failed. Even though your bindings are OK in the Intune console. It appears that even though…
Hi, Again Johan the author at 365lab.net wrote a nice script. It will change user license based on AD Group Membership.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 |
<# .SYNOPSIS Script that assigns Office 365 licenses based on Group membership in WAAD. .DESCRIPTION The script assigns of licenses for new users based on groups/licenseSKUs in the $licenses hashtable. It switch licensetype if a user is moved from one group to Another. It removes the license if the user no longer is a member in any of the license assignment Groups. Updated 2015-03-25 to support multiple skus for each user. The script REQUIRES PowerShell 3.0 or later! .NOTES Author: Johan Dahlbom Blog: 365lab.net Email: johan[at]dahlbom.eu The script are provided “AS IS” with no guarantees, no warranties, and they confer no rights. #> #Import Required PowerShell Modules Import-Module MSOnline #Office 365 Admin Credentials $CloudUsername = 'admin@365lab.net' $CloudPassword = ConvertTo-SecureString 'Password' -AsPlainText -Force $CloudCred = New-Object System.Management.Automation.PSCredential $CloudUsername, $CloudPassword #Connect to Office 365 Connect-MsolService -Credential $CloudCred $Licenses = @{ 'E1' = @{ LicenseSKU = 'mstlabs:STANDARDPACK' Group = 'E1_Users' } 'E3' = @{ LicenseSKU = 'mstlabs:ENTERPRISEPACK' Group = 'E3_Users' } } $UsageLocation = 'FI' #Get all currently licensed users and put them in a custom object $LicensedUserDetails = Get-MsolUser -All | Where-Object {$_.IsLicensed -eq 'True'} | ForEach-Object { [pscustomobject]@{ UserPrincipalName = $_.UserPrincipalName License = $_.Licenses.AccountSkuId } } #Create array for users to change or delete $UsersToChangeOrDelete = @() foreach ($license in $Licenses.Keys) { #Get current group name and ObjectID from Hashtable $GroupName = $Licenses[$license].Group $GroupID = (Get-MsolGroup -All | Where-Object {$_.DisplayName -eq $GroupName}).ObjectId $AccountSKU = Get-MsolAccountSku | Where-Object {$_.AccountSKUID -eq $Licenses[$license].LicenseSKU} Write-Output "Checking for unlicensed $license users in group $GroupName with ObjectGuid $GroupID..." #Get all members of the group in current scope $GroupMembers = (Get-MsolGroupMember -GroupObjectId $GroupID -All).EmailAddress #Get all already licensed users in current scope $ActiveUsers = ($LicensedUserDetails | Where-Object {$_.License -eq $licenses[$license].LicenseSKU}).UserPrincipalName $UsersToHandle = '' if ($GroupMembers) { if ($ActiveUsers) { #Compare $Groupmembers and $Activeusers #Users which are in the group but not licensed, will be added #Users licensed, but not, will be evaluated for deletion or change of license $UsersToHandle = Compare-Object -ReferenceObject $GroupMembers -DifferenceObject $ActiveUsers -ErrorAction SilentlyContinue -WarningAction SilentlyContinue $UsersToAdd = ($UsersToHandle | Where-Object {$_.SideIndicator -eq '<='}).InputObject $UsersToChangeOrDelete += ($UsersToHandle | Where-Object {$_.SideIndicator -eq '=>'}).InputObject } else { #No licenses currently assigned for the license in scope, assign licenses to all group members. $UsersToAdd = $GroupMembers } } else { Write-Warning "Group $GroupName is empty - will process removal or move of all users with license $($AccountSKU.AccountSkuId)" #If no users are a member in the group, add them for deletion or change of license. $UsersToChangeOrDelete += $ActiveUsers } #Check the amount of licenses left... if ($AccountSKU.ActiveUnits - $AccountSKU.consumedunits -lt $UsersToAdd.Count) { Write-Warning 'Not enough licenses for all users, please remove user licenses or buy more licenses' } foreach ($User in $UsersToAdd){ #Process all users for license assignment, if not already licensed with the SKU in order. if ((Get-MsolUser -UserPrincipalName $User).Licenses.AccountSkuId -notcontains $AccountSku.AccountSkuId) { try { #Assign UsageLocation and License. Set-MsolUser -UserPrincipalName $User -UsageLocation $UsageLocation -ErrorAction Stop -WarningAction Stop Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $AccountSKU.AccountSkuId -ErrorAction Stop -WarningAction Stop Write-Output "SUCCESS: Licensed $User with $license" } catch { Write-Warning "Error when licensing $User" } } } } #Process users for change or deletion if ($UsersToChangeOrDelete -ne $null) { foreach ($User in $UsersToChangeOrDelete) { if ($user -ne $null) { #Fetch users old license for later usage $OldLicense = ($LicensedUserDetails | Where-Object {$_.UserPrincipalName -eq $User}).License #Loop through to check if the user group assignment has been changed, and put the old and the new license in a custom object. #Only one license group per user is currently supported. $ChangeLicense = $Licenses.Keys | ForEach-Object { $GroupName = $Licenses[$_].Group if (Get-MsolGroupMember -All -GroupObjectId (Get-MsolGroup -All | Where-Object {$_.DisplayName -eq $GroupName}).ObjectId | Where-Object {$_.EmailAddress -eq $User}) { [pscustomobject]@{ OldLicense = $OldLicense NewLicense = $Licenses[$_].LicenseSKU } } } if ($ChangeLicense) { #The user were assigned to another group, switch license to the new one. try { Set-MsolUserLicense -UserPrincipalName $User -RemoveLicenses $ChangeLicense.OldLicense -AddLicenses $ChangeLicense.NewLicense -ErrorAction Stop -WarningAction Stop Write-Output "SUCCESS: Changed license for user $User from $($ChangeLicense.OldLicense) to $($ChangeLicense.NewLicense)" } catch { Write-Warning "Error when changing license on $User`r`n$_" } } else { #The user is no longer a member of any license group, remove license Write-Warning "$User is not a member of any group, license will be removed... " try { Set-MsolUserLicense -UserPrincipalName $User -RemoveLicenses $OldLicense -ErrorAction Stop -WarningAction Stop Write-Output "SUCCESS: Removed $OldLicense for $User" } catch { Write-Warning "Error when removing license on user`r`n$_" } } } } } |
Hi, Customer has working tenant with data inside and you need to convert it from Cloud-Only to Synced. It can be done with the following choices: UPN-matcing https://support.microsoft.com/en-us/help/3164442/how-to-use-upn-matching-for-identity-synchronization-in-office-365,-azure,-or-intune SMTP-matching http://www.ivchenko.pro/Blog/Post/23/Merging-on-premises-and-Office-365-users HARD-matching https://dirteam.com/dave/2014/08/15/fixing-office-365-dirsync-account-matching-issues/ Or by using little bit more effort and…
When migrating mailboxes to O365 exchange online, maximum item size is limited to 150 MB. To move these items, you can export these to pst -file and you can import these back after mailbox is migrated. With this script to find users / mailboxes…
Active Directory Federation Services can be installed in a farm. There can be maximum of 5 ADFS-servers in a farm using locally installed SQL Express. When You add in the sixth, You will have to install Full SQL-Server instance for…
Hi again, Below script will add Reviewer permissons for DefaultCalendarShare group. This is needed for Hybrid environments and Cross-Premises calendar sharing. $allmailbox = Get-Mailbox -Resultsize Unlimited | where { $_.IsShared -eq $False -and $_.ArbitrationMailbox -eq $Null } $Logfile = “C:TempLogsadd-calendarPerm.log”…
Below is a script that will export calendar permissions to utf8-formatted csv-file. Works with Onpremise Exchange as well as Exchange Online.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
$col = @() $mbxs = get-mailbox -Resultsize unlimited foreach ($mbx in $mbxs) { $mbx $calendarName = Get-MailboxFolderStatistics $mbx.userprincipalname | where-object { $_.FolderType -eq "Calendar" } | select-Object Name $mailboxCalPermissions = get-MailboxFolderPermission ("{0}`:{1}" -f ($mbx.userprincipalname).toString(),$calendarName.Name)|select-object @{Name="PrimaryMailBox";Expression={$mbx.userprincipalname}}, FolderName,User,AccessRights|where-object { $_.AccessRights -ne {None}} $col += $mailboxCalPermissions } $col $col | export-csv -nti -enc utf8 c:\temp\calendarPERM.csv |
The last blog entry was about setting up Onpremise AD with Office 365 and ADFS. So now to the instresting part. I’m going a little bit awol with this, as I’m not a coder. First about Azure authentication. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-whats-changed#authentication And specially…
So scenario was this. Customer has an Office 365 tenant all ready in-place. The users in Onpremise AD have SamAccountNames as UserPrincipalNames. The next step Is obvious. Add UPN-suffix and change UserPrincipalName to match email address. Then add mail-attribute for…
Hi all, Yesterday I saw an error I haven’t seen before. I was setting up a Shared Namespace Hybrid with S4B Server 2015 and this came by: I spent several hours solving this, but nothing was found. Until I found…
RSS - Posts