TechShizz | All posts tagged 'Office 365'

Administering Groups in Office 365 via PowerShell

Remember you must connect to O365 via PowerShell first:



Groups

 

  • Exchange Online Groups - These are managed from the Exchange Admin Center
    • Distribution groups
    • Security groups
    • Dynamic Distribution Groups
  • SharePoint Online Default Groups
    • Public Website - Visitors, Members, Owners, Approvers, Designers
    • Team Site - Visitors, Members and Owners
  • Office 365 Security Groups
    • Used to assign permissions to SharePoint Online resources
    • Assign users to Security Groups then add group to default SharePoint groups or assign SharePoint permissions to Security Groups.

 

Managing Groups with Windows Azure PowerShell

 

Remember:

 

New-MsolGroup

Set-MsolGroup

Get-MsolGroup

Remove-MsolGroup

 

Add-MsolGroupMember

Get-MsolGroupMember

Remove-MsolGroupMember

 

In order for these commands to work effectivly you will need to put the objectID switch into a variable to save on the typing.

 

New-MsolGroup -Displayname "Marketing" -Description "MarketingGurus"

 

$groupinfo = get-msolgroup -searchstring "Marketing"

$groupinfo

 

Set-msolgroup -objectid $groupinfo.objectid -Description "Smart Marketeers"

 

REMEMBER VARIABLES ARE STATIC FROM THE TIME YOU MADE THEM

 

 

 

 

 


Installing Information Right Management for Office 365

IRM needs to be activated first:

Service settings > Rights Management > Manage

Click Activate:

Rights Management is not activated

 

Managing IRM

 

Before we can manage IRM in PowerShell there is an module that needs to be downloaded and installed.

Download the Azure Rights Management Administration Tool - English - United Kingdom

http://www.microsoft.com/en-gb/download/details.aspx?id=30339

 

Remember:

connect-msolservice

 

Then:

 

Import-module aadrm

Connect-aadrmservice -verbose

Enable-aadrm

 

Connect-aadrmservice -verbose

 

Disconnect-aadrmservice

 


Configuring Office 365 Admin Center Administration Roles

Admin Center Admin Roles

 

Global Administrator - All tasks in O365 admin center.

Manage Domains

Manage Organization information

Delegate administrator roles

Use Directory Syncronization

 

 

User Management - Manage users and groups, manage service requests, reset passwords and monitor health.

Cannot create other admins

Cannot delete global administrators

Cannot reset passwords for Billing, Global or Service Admins.

 

Password - Manage passwords, service requests and monitor health. (Not manage passwords of other admin roles)

 

Service - Manage service requests and monitor health. Must assign admin permissions to online service before this role.

 

Billing - Make purchases, manage subscriptions and support tickets and monitor health. (Only if bought from Microsoft).

 

PowerShell to Admin Center


Titles for administration groups vary in Office 365 to sharepoint. Below is a list of the equivelant role for each administraton role in each.PowerShell= left, SharePoint=right.



Company Administrator = Global Administrator

 

User Management Administrator = User Management

 

Helpdesk Administrator = Password Administrator

 

Service Support Administrator = Services Administrator

 

Billing Administrator = Billing Administrator

 

Managing in PowerShell

 

Remember:

connect-msolservice

 

List the role groups:

 

Get-Msolrole

Get-Msolrole

 

Add a member to a role group:

 

Add-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "kengle@teamrou.onmicrosoft.com"

 

To list who is in a role group:

 

$Roleinfo = get-msolrole -rolename "user account administrator"

 

Get-msolrolemember -roleobjectid $roleinfo.objectid

Get-msolrolemember

 

Remove a member to a role group:

 

Remove-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "kengle@teamrou.onmicrosoft.com"

 

Remove-msolrolemember

 


Integrating with Exchange


This enables IRM in Office 365 - It will allow the control of content in exchange via use of the menus as shown:

 

Set Permissions - Do Not Forward

It also allows us to create rights protection mail rules in Exchange online:

Apply Right Protecting to Messages

 

 

 

 

 

In order to enable IRM in Exchange online we need to do the following.

 

Open PowerShell as Admin and run the following commands in order.

 

Set-ExecutionPolicy RemoteSigned


$usercred = Get-Credential

$sessioninfo = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell -Credential $usercred -Authentication Basic -AllowRedirection


Import-PSSession $sessioninfo


Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp.rms.eu.aadrm.com/tenantmanagement/servicepartner.svc"


Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"


Set-IRMConfiguration -InternalLicensingEnabled $true


Test-IRMConfiguration -RMSOnline


Test-IRMConfiguration -Sender $usercred.username


Remove-PSSession $sessioninfo


Administering Office 365 Users via PowerShell

Remember, you must connect to O365 first:

connect-msolservice

Users can be adding with the following methods:

 

  • O365 Admin Centre
  • Bulk Import (CSV)
  • Windows PowerShell
  • Directory Synchronization

 

 

PowerShell

 

New-MsolUser -UserPrincipalName user@domain.local -DisplayName "User One" -FirstName "User" -LastName "One"

 

Remove-MsolUser -UserPrincipalName user@domain.local

(30 Day recycle bin)

 

Set-MsolUser -UserPrincipalName user@domain.local

 

Restore-MsolUser -UserPrincipalName user@domain.local

 

Restore-MsolUser -UserPrincipalName


Bulk User Imports

Bulk user imports in office 365 are easy. They can be done from the Admin panel under the users page. There is a Microsoft example CSV file than can be used. 

I've created my own, which can be saved as a CSV. The formulas here allow you to enter the Domain, and names and everything else is done for you. 

O365-Bulk-User-Import-Template.xlsx (10.9KB)