Managing Office 365 Accounts with PowerShell

It is amazing how Office 365 empowers users to be more productive by providing access to applications and resources they need right at their fingertips; but what is even more amazing is how Office 365 provides Administrators with the tools they need to create and manage user accounts.

Company employees have the ability to download the latest Office applications and access company resources from any device anywhere in the world, and all they need is an Office 365 user account.
For small companies, managing user accounts may not be a problem but for large organizations, the tasks involving user identity management can be challenging and frustrating.

Office 365 offers a web administrative portal to create and manage user accounts but in many circumstances there are tasks that are not practical, or even possible with the Administrative portal, therefore we need to look into other alternatives to manage our user accounts.

Basically there are three ways to work with user accounts:

  • Office 365 admin center
  • Directory Synchronization
  • PowerShell

PowerShell is a great solution to manage and provision user accounts as well as many other administrative tasks. In this article I want to spend some time demonstrating how to provision user accounts via PowerShell.

In order to manage Office 365 via PowerShell, first we need to install the “Microsoft Online Services Sign-In Assistant for IT Professionals” (here), and also we need to install the “Windows Azure Active Directory Module for Windows PowerShell” (here).

After you install the PowerShell module for Windows Azure, you need to connect to your online service through your subscription.

Directions-Training-Managing-Office-365-Accounts-PowerShell

Once you are connected, the world is yours and now you can begin creating and provisioning user accounts.

When you add a new user to Office 365, you’ll need to assign them a license on one of your Office 365 plans. You can use the cmdlet Get-MsolAccountSku to find out which plans you own:

Directions-Training-Managing-Office-365-Accounts-PowerShell-1

Now you can use the New-MsolUser cmdlet to create an account in Office 365 and at the same time you can use the –LicenseAssignment attribute to assign a user license to it, so the user can start accessing online services right away.

Directions-Training-Managing-Office-365-Accounts-PowerShell-2

If you look at the command, you’ll notice that there is a “Usage Location” attribute at the end of the sentence. This attribute is the one used while assigning a license to a user in Office 365. Some features are not allowed in certain countries and “Microsoft” determines this with the help of the “Usage Location” attribute. Therefore, don’t forget to add the “UsageLocation” component.

If what you need is to add multiple users to Office 365 at the same time, then you will need a CSV (Comma-separated value) file that includes the information for all the users you intend to create. You can use the following table as an example for the CSV file.

Directions-Training-Managing-Office-365-Accounts-PowerShell-7

Build the file and store it in C:\Files\O365users.csv, then enter this command:

Directions-Training-Managing-Office-365-Accounts-PowerShell-3

After running this command you will have added multiple users in Office 365.

Now, when users leave the organization they will no longer require a user account in Office 365 and it will be your responsibility to delete them to ensure they can no longer access Office 365. The office 365 license assigned to the user becomes available to be assigned to another user.

To delete an account you can use this command:

Directions-Training-Managing-Office-365-Accounts-PowerShell-4

When accounts are deleted they become inactive and users cannot log in to access Office 365 services. However, there may be occasions when it will be necessary to restore them. Office 365 retains the accounts as a “Soft deleted’ inactive accounts for 30 days after deletion; this enables you to restore the accounts in such situations.

You can use the following command to view any inactive accounts:

Directions-Training-Managing-Office-365-Accounts-PowerShell-5

In PowerShell for Office 365 is important to identify the Object Id of an account in order to apply some actions to it; like in this example since we want to restore the account, we need to identify it with either the Object Id or by User Principal Name. Then you need to restore it with the Restore-MsolUser cmdlet.

Directions-Training-Managing-Office-365-Accounts-PowerShell-6

After running this command, the user account is restored and the user will be able to log in and work again.

Definitely Office 365 is a great cloud-based solution providing companies and administrators with the tools they need to achieve their goals in a very fast and consistent way.

 

Leave a Reply