Managing Office 365 in PowerShell

Remote Office

Managing Users

In addition to the cmdlets already mentioned, other commands let you create, manage, and delete users in Office 365. The most important cmdlets in this area include:

  • New-MsolUser – Create a new user. For example, to create a new user with a short command, use New-MsolUser -UserPrincipalName "<email address>" -DisplayName "<display name>". The commandlet generates the password and displays it.
  • Remove-MsolUser – Delete the user and return the assigned licenses. After that, the user can still sign in for 30 days.
  • Restore-MsolUser – The user's original state is restored. This works up to 30 days after deletion. However, you can permanently delete mailboxes to prevent them from being restored.
  • Set-MsolUser – Update a user and change their settings.
  • Set-MsolUserPassword – Change the password.

To view all of the user management cmdlets, type Get-Command *msoluser* (Figure 3). The commands available for group administration are shown by typing get-command *msolgroup*.

Figure 3: PowerShell has a number of commands for managing users in Office 365.

For example, if you want to specify that a user password never expires, use

Set-MsolUser -UserPrincipalName <Username> -PasswordNeverExpires $True

Without this option, the corresponding user must change their password every 90 days. $False lets you reverse this option. It is also possible to activate complex passwords for a user, which is what the -StrongPasswordRequired option does:

Set-MsolUser -UserPrincipalName <username> -StrongPasswordRequired $True

$False disables this function.

As mentioned earlier, a user resides for 30 days in the Recycle Bin when you delete them and can be restored from the Recycle Bin using Restore-MsolUser. The following command displays deleted mailboxes that can be restored:

Get-MsolUser -ReturnDeletedUsers | fl UserPrincipalName, ObjectID

If finally you want to delete a user, use their ObjectID:

Get-MsolUser -Remove-MsolUser -ObjectID GUID -RemoveFromRecycleBin -Force

Additionally, you can use the command

Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

to erase individual users, as well as remove all users from the Recycle Bin.

Connecting to the Exchange Management Shell

Office 365 accounts and a local Exchange server are used in parallel in many environments. It thus makes sense to make the commands from the Exchange Management Shell available in PowerShell in addition to Office 365 cmdlets. To do this, first store the Office 365 login credentials in a variable:

$cred = Get-Credential

Open a connection to Office 365 and the Exchange Management Shell:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange \
 -ConnectionUri \
 -Credential $cred -Authentication Basic -AllowRedirection

Then, import this data with Import-PSSession $Session.

Exchange Online Protection

Microsoft offers the cloud virus scanner Exchange Online Protection (EOP) for local Exchange installations and for Office 365. This tool is the successor of Forefront Online Protection for Exchange (FOPE). In Office 365, Exchange Online Protection is automatically enabled, which means that incoming and outgoing email is scanned for viruses and spam.

If you also have local Exchange servers, you can send email from your local servers to Office 365, where it is scanned for viruses and then forwarded. This approach also works in both directions with Exchange Server 2013 and with the virus scanner integrated in Exchange 2013.

The following command ensures that Exchange Server 2013 will scan email messages after Exchange Online Protection has scanned them:

Set-MalwareFilteringServer -ForceRescan $true

To check the value, enter:

Get-MalwareFilteringServer | Format-List Name, ForceRescan

This redirection between Exchange and Office 365 is controlled by the MX record in the domain. The wizard for connecting Office 365 with a local Exchange installation adds an additional accepted domain to the Exchange organization for hybrid messaging. This domain is added as a secondary proxy domain. By default, this is the domain. You can view the accepted domain with:

Get-AcceptedDomain | fl DomainName, IsCoexistenceDomain

In the Exchange Management Shell, you can view the settings by typing Get-HybridConfiguration.

Besides managing the Office 365 services in the PowerShell, you can also manage other cloud services from Microsoft, such as Windows Azure. The installation file for managing Windows Azure in PowerShell can be found online [8]. After the install, just import the cmdlets by typing Import-Module Azure. Before you can manage Azure with PowerShell, you must modify your PC so that it connects to Windows Azure.

To begin, enter Get-AzurePublishSettingsFile and then log in to Windows Azure. Download the file, which the wizard then displays. Enter the Import-AzurePublishSettingsFile <publishsettings File> command followed by Get-AzureSubscription.

Microsoft offers the Windows Azure Backup service, which lets you back up data from servers in the cloud. In PowerShell, you can view the available cmdlets for Windows Azure Backup with Get-Command *ob* (Figure 4). Alternatively, you can use the Get-Command -Module MSOnlineBackup command. More information about Azure Backup is available in the "Azure Backup" article in this issue.

Figure 4: Displaying the available commands for Microsoft Online Backup in PowerShell.

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus