Access Office 365 using Powershell to perform admin tasks

Mark GalvinHead Of Projects
Whist Office 365 has an impressive Web GUI (and its current iteration has many more features then previous versions) admins still need to be able to access Office 365 using PowerShell to perform certain admin tasks.

Using PowerShell opens up the system to almost any query an admin can think of from simple passwords resets to exporting lists of all users within the system

Before we get to the guts of this article lets explain both PowerShell and Office 365!

What is Powershell

Powershell is a tool that's intended to replace the Command Prompt and deliver more power and control over the Windows operating system. Windows PowerShell is an extendable command shell and scripting language which can be used to manage/administer server environments like Windows Server, Exchange and also SharePoint 2010.

For a more detailed explanation check out Wikipedia's page, TechNet's Page, or this informative blog from the Microsoft Scripting Guy, Ed Wilson.

I have found that the internet can be a great source of Powershell knowledge and the one bit of advice I would give is, what ever Powershell work you are doing, try to learn the code rahter than just copy & paste the code. It has helped my overtime to learn the code structure and enabled me to devlope my own knowldge.

What is Office 365

"Office 365" refers to subscription plans that include access to Office applications plus other productivity services that are enabled over the Internet (cloud services), such as Lync web conferencing and Exchange Online hosted email for business, and additional online storage with OneDrive and Skype world minutes for home.

Many Office 365 plans also include the desktop version of the latest Office applications, which users can install across multiple computers and devices. The Office 365 plans that are online-only are a great choice for certain business needs, and they are compatible with desktop versions of the latest version of Office, Office 2010, Office 2007 (with slightly limited functionality), Office 2011 for Mac, and Office 2008 for Mac.

All Office 365 plans are paid for on a subscription basis, monthly or annually.

“Microsoft Office” is the name we still use for our familiar productivity software. Office suites have traditionally included applications such as Word, Excel, PowerPoint, and Outlook. All the new Office suites (for example, Office Standard 2013) include the latest versions of these applications. These suites can be installed on only one PC and do not come with any cloud-based services included in Office 365.

The above is taken directly from and says it all.

I have supported Office 365 since March 2012 and its a great fit for all of my clients. It may not always be the best fit depending on a clients brief so make sure you are aware of its limitations!

More information can be found here on Microsoft's Office 365 page.

With that out of the way lets get down to connecting to Office 365 using Powershell.

Connecting to Office 365 via Powershell

There are a number of steps that need to be taken before being able to connect to Office 365 using PowerShell.

Well, first some prerequisites. Before you can connect you need to download the 'Microsoft Online Services Sign-In Assistant'.

You can get that here:
Run the installer. It is fairly straight forward and doesn't need much in terms of input. This is all you need to do with the Sign-in Assistant.

The second prerequisite is to download the 'Windows Azure Active Directory Module for Windows PowerShell'. This can be downloaded here:
Windows Azure Active Directory Module for Windows PowerShell (32-bit)
Windows Azure Active Directory Module for Windows PowerShell (64-bit)
Again a simple installer. Change the default install path if needed. Check the box to 'Create a shortcut on the desktop ' and click the 'Next' button. Follow the remaining screens.

Once both are installed you can go ahead and open the 'Windows Azure Active Directory Module for Windows PowerShell' from the Desktop icon. Right click on this icon and select 'Run As Administrator' from the context menu. If you do not 'Run As Administrator' you may recieve errors such as :
1.JPGAt the PowerShell prompt (looks just like a command prompt) enter the following command and hit Return:

Set-ExecutionPolicy –ExecutionPolicy RemoteSigned

Open in new window

When prompted hit the Return key as it should default to' Y (Yes)':
2.JPGOnce that is complete copy and paste the following into the PowerShell window and hit Return:
$Cred = Get-Credential
                      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic –AllowRedirection
                      Import-PSSession $Session

Open in new window

You should be asked for credentials. These are admin credentials to your Office 365 system:
3.JPGOnce you click OK you should see a status bar appear within the PowerShell Window:
4.JPGOnce you are connected you should see a message similar to this:
5.JPGNext you need to copy and paste the following into the PowerShell window and hit Return
Import-Module MSOnline
                      $Creds = Get-Credential
                      Connect-MsolService –Credential $Creds

Open in new window

Which looks like this (if asked for credentials, use your Office 365 Admin account again): 6.JPGNow you have a secure session running and you can start running the commands you need.

Some simple tasks you can run
Here is how you can dump the mailboxes:
Get-Mailbox -ResultSize Unlimited | fl WindowsEmailAddress,RecipientType

Open in new window

When you run the above you should see results similar to:
7.JPGRunning other commands will show results in a similar fashion.

To give an admin FullAccess to all Mailboxes on the system, copy & paste this into the PS Window:
Get-Mailbox | Add-mailboxpermission -user -AccessRights FullAccess

Open in new window

The above will give the user Full Access to all mailboxes on your Office 365

To hide all Distribution groups:
Get-DistributionGroup |Set-DistributionGroup -HiddenFromAddressListsEnabled $true

Open in new window

To set the Owner of all Distribution Groups:              
Get-DistributionGroup |Set-DistributionGroup -ManagedBy “", "", –BypassSecurityGroupManagerCheck

Open in new window

To see which users passwords never expires:

Get-User | Select UserPrincipalName, PasswordNeverExpires

Open in new window

To give a user the permission to the another user's mailbox but with the switch to make sure the mailbox doesnt get added to the users Outlook:

Add-MailboxPermission -Identity -User -AccessRights FullAccess -AutoMapping:$false

Open in new window

To set users passwords to never expires:
                      Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

Open in new window

To set Send As permission on distribution list for users.
Add-RecipientPermission -AccessRights SendAs -Trustee 

Open in new window

To get a list of all the statistics of a particular mailbox:
Get-MailboxFolderStatistics -Identity user@domain |export-csv -path "c:\path\file.csv" 

Open in new window

 When you are finished with the session you need to securely close the session down. To do this enter the following in the PowerShell window:
Remove-PSSession $session

Open in new window

You can then close the PowerShell window.

There is an almost unlimited amount of commands you can run once you have the session and the above is just a few of the simplier ones. You can search online for more resources around the different commands that can be run. Check out this MS TechNet note which can help open up the power of PowerShell and Office 365.

If you find this article helpful please vote!
Mark GalvinHead Of Projects

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.