Whist Office 365 has an impressive Web GUI (and its current iteration has many more features then previous versions) admins still need to be able to access Office 365 using PowerShell to perform certain admin tasks.
Using PowerShell opens up the system to almost any query an admin can think of from simple passwords resets to exporting lists of all users within the system
Before we get to the guts of this article lets explain both PowerShell and Office 365!
What is Powershell
Powershell is a tool that's intended to replace the Command Prompt and deliver more power and control over the Windows operating system. Windows PowerShell is an extendable command shell and scripting language which can be used to manage/administer server environments like Windows Server, Exchange and also SharePoint 2010.
For a more detailed explanation check out Wikipedia's page
, TechNet's Page
, or this informative blog
from the Microsoft Scripting Guy, Ed Wilson.
I have found that the internet can be a great source of Powershell knowledge and the one bit of advice I would give is, what ever Powershell work you are doing, try to learn the code rahter than just copy & paste the code. It has helped my overtime to learn the code structure and enabled me to devlope my own knowldge.
What is Office 365
"Office 365" refers to subscription plans that include access to Office applications plus other productivity services that are enabled over the Internet (cloud services), such as Lync web conferencing and Exchange Online hosted email for business, and additional online storage with OneDrive and Skype world minutes for home.
Many Office 365 plans also include the desktop version of the latest Office applications, which users can install across multiple computers and devices. The Office 365 plans that are online-only are a great choice for certain business needs, and they are compatible with desktop versions of the latest version of Office, Office 2010, Office 2007 (with slightly limited functionality), Office 2011 for Mac, and Office 2008 for Mac.
All Office 365 plans are paid for on a subscription basis, monthly or annually.
“Microsoft Office” is the name we still use for our familiar productivity software. Office suites have traditionally included applications such as Word, Excel, PowerPoint, and Outlook. All the new Office suites (for example, Office Standard 2013) include the latest versions of these applications. These suites can be installed on only one PC and do not come with any cloud-based services included in Office 365.
The above is taken directly from http://products.office.com/en-us/business/microsoft-office-365-frequently-asked-questions
and says it all.
I have supported Office 365 since March 2012 and its a great fit for all of my clients. It may not always be the best fit depending on a clients brief so make sure you are aware of its limitations!
More information can be found here
on Microsoft's Office 365 page.
With that out of the way lets get down to connecting to Office 365 using Powershell.
Connecting to Office 365 via Powershell
There are a number of steps that need to be taken before being able to connect to Office 365 using PowerShell.
Well, first some prerequisites. Before you can connect you need to download the 'Microsoft Online Services Sign-In Assistant'.
You can get that here: http://www.microsoft.com/en-us/download/details.aspx?id=39267
Run the installer. It is fairly straight forward and doesn't need much in terms of input. This is all you need to do with the Sign-in Assistant.
The second prerequisite is to download the 'Windows Azure Active Directory Module for Windows PowerShell'. This can be downloaded here:
Windows Azure Active Directory Module for Windows PowerShell (32-bit)
Windows Azure Active Directory Module for Windows PowerShell (64-bit)
Again a simple installer. Change the default install path if needed. Check the box to 'Create a shortcut on the desktop'
and click the 'Next' button. Follow the remaining screens.
Once both are installed you can go ahead and open the 'Windows Azure Active Directory Module for Windows PowerShell' from the Desktop icon. Right click on this icon and select 'Run As Administrator' from the context menu. If you do not 'Run As Administrator' you may recieve errors such as :
At the PowerShell prompt (looks just like a command prompt) enter the following command and hit Return:
Set-ExecutionPolicy –ExecutionPolicy RemoteSigned
When prompted hit the Return key as it should default to' Y (Yes)':
Once that is complete copy and paste the following into the PowerShell window and hit Return:
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
You should be asked for credentials. These are admin credentials to your Office 365 system:
Once you click OK you should see a status bar appear within the PowerShell Window:
Once you are connected you should see a message similar to this:
Next you need to copy and paste the following into the PowerShell window and hit Return
$Creds = Get-Credential
Connect-MsolService –Credential $Creds
Which looks like this (if asked for credentials, use your Office 365 Admin account again):
Now you have a secure session running and you can start running the commands you need.
Some simple tasks you can run
Here is how you can dump the mailboxes:
Get-Mailbox -ResultSize Unlimited | fl WindowsEmailAddress,RecipientType
When you run the above you should see results similar to:
Running other commands will show results in a similar fashion.
To give an admin FullAccess to all Mailboxes on the system, copy & paste this into the PS Window:
Get-Mailbox | Add-mailboxpermission -user firstname.lastname@example.org -AccessRights FullAccess
The above will give the user email@example.com Full Access to all mailboxes on your Office 365
To hide all Distribution groups:
Get-DistributionGroup |Set-DistributionGroup -HiddenFromAddressListsEnabled $true
To set the Owner of all Distribution Groups:
Get-DistributionGroup |Set-DistributionGroup -ManagedBy “firstname.lastname@example.org", "email@example.com", –BypassSecurityGroupManagerCheck
To see which users passwords never expires:
Get-User | Select UserPrincipalName, PasswordNeverExpires
To give a user the permission to the another user's mailbox but with the switch to make sure the mailbox doesnt get added to the users Outlook:
Add-MailboxPermission -Identity firstname.lastname@example.org -User email@example.com -AccessRights FullAccess -AutoMapping:$false
To set users passwords to never expires:
Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true
To set Send As permission on distribution list for users.
Add-RecipientPermission -AccessRights SendAs -Trustee
To get a list of all the statistics of a particular mailbox:
Get-MailboxFolderStatistics -Identity user@domain |export-csv -path "c:\path\file.csv"
When you are finished with the session you need to securely close the session down. To do this enter the following in the PowerShell window:
You can then close the PowerShell window.
There is an almost unlimited amount of commands you can run once you have the session and the above is just a few of the simplier ones. You can search online for more resources around the different commands that can be run. Check out this MS TechNet note https://technet.microsoft.com/library/jj151815.aspx
which can help open up the power of PowerShell and Office 365.
If you find this article helpful please vote!