Tuesday, 12 December 2017

Reset Office 365 User Password using PowerShell

As you know Office 365 user identities are stored in Azure Active Directory, we can use the Azure AD powershell cmdlet Set-MsolUserPassword to set password of a user. You may already used the Set-MsolUser cmdlet to update user properties but we can't use the same command to change password.

Note: Before proceed, Install and Configure Azure AD PowerShell and run the following command to connect Azure AD powershell module.
Import-Module MSOnline
$msolCred = Get-Credential
Connect-MsolService –Credential $msolCred

Set Password for Single User:

Run the below command to change the password for a single O365 user.
Set-MsolUserPassword –UserPrincipalName "user@domain.com" –NewPassword "pass@word1" -ForceChangePassword $False
Note: If you are Help Desk admin and you are resetting one time password for your end-user, you need to set the parameter -ForceChangePassword as $True, it will force the users to change their password from the portal the next time they sign-in.

You can find whether an user's password is set or not by getting user's password last set time by using Get-MsolUser cmdlet.
Get-MSOLUser -UserPrincipalName "user@domain.com" | Select DisplayName,LastPasswordChangeTimestamp

Change Password for Multiple Users:

In some scenarios, you might want to set temporary password for set of new users who are created in recent days. We can get the recently created users using Get-MsolUser cmdlet. The below command set temporary password for bulk users who are created in last 7 days, you can change the no of days or the Where filter as per your need.
Get-MsolUser -All | Where-Object { $_.WhenCreated –gt ([System.DateTime]::Now).AddDays(-7)} |
Set-MsolUserPassword –NewPassword "pass@word1" -ForceChangePassword $True

Reset Bulk Office 365 Users Password from CSV file

In some scenarios, we may required to set password for bulk azure ad users by importing user identities from csv file. Consider the CSV file office365users.csv which contains every user's userPrincipalName in each row with the column header UserPrincipalName.
Import-Csv 'C:\office365users.csv' | ForEach-Object {
$upn = $_."UserPrincipalName"
$tempPwd = "pass@word1"
Set-MsolUserPassword -UserPrincipalName $upn –NewPassword $tempPwd -ForceChangePassword $True
}
Read More...

Friday, 8 December 2017

Find list of active mailboxes in Office 365 with PowerShell

We can use the Exchange powershell cmdlet Get-MailboxStatistics (On-premises and Online) to check the Last logon time of an user's mailbox. In this post I am going share powershell commands to find and get a list of active users who are actively using their mailbox in Office 365 environment.

Before proceed, first we need to connect Exchange Online powershel module by running below commands:
$o365Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
You can find last logon time for a single user mailbox by running below command:
Get-MailboxStatistics -Identity "username@domain.com" | Select LastLogonTime
If you want to get last logon time for all the Office 365 mailbox users, first we need to get all mailbox details by using Get-Mailbox cmdlet and pipe the results to Get-MailboxStatistics.
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,LastLogonTime

Find active mailboxes in last N days

To get active mailbox list we need to use Where filter in the output of Get-MailboxStatistics. The below powershell command find and retrieve all mailbox users who are logged-into their mailbox within last 7 days.
Get-Mailbox -RecipientType 'UserMailbox' -ResultSize Unlimited | Get-MailboxStatistics |
Where {$_.LastLogonTime –gt ([System.DateTime]::Now).AddDays(-7) } | Sort-Object LastLogonTime -Descending |
Format-Table DisplayName, LastLogonTime

Export list of active mailbox users to CSV file

The below command find and export list of active mailbox user names and their last logon time to CSV file.
Get-Mailbox -RecipientType 'UserMailbox' -ResultSize Unlimited | Get-MailboxStatistics |
Where {$_.LastLogonTime –gt ([System.DateTime]::Now).AddDays(-7) } | Sort-Object LastLogonTime -Descending |
Select DisplayName, LastLogonTime | Export-CSV "C:\\ActiveMailboxes.csv" -NoTypeInformation -Encoding UTF8
Note: Here I have used number of days as 7 to check logon activity, you can change this value (i.e 30 or 90 days) as per your need and you can also use the same commands for On-premise environment by properly connecting Exchange management powershell.
Read More...

Wednesday, 6 December 2017

Add Bulk Users to Office 365 Group with PowerShell

As you know Microsoft is targeting Office 365 Group as base service for many of cloud services like Planner, Teams and etc. So now a days every admins getting frequent request to add new on-board users to Office 365 group, we can easily achieve this task with Exchange Online powershell cmdlet Add-UnifiedGroupLinks.

Before proceed run the below commands to connect Exchange Online Powershell session.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session
Run the below command to add single user into Office 365 group.
Add-UnifiedGroupLinks –Identity "O365Group" –LinkType Members  –Links username@domain.com
We have to set the parameter LinkType as Members to add user as member and other valid values are Owners and Subscribers.

The parameter Links accept multiple values, we need to provide users as comma (",") separated values to add multiple members (ex: user1@domain.com,user2@domain.com....). If the user names contain spaces or otherwise require quotation marks (ex: "username 1","username 2",...).

Add multiple members to O365 group:
Add-UnifiedGroupLinks –Identity "O365Group" –LinkType Members  –Links "user1@domain.com","user2@domain.com"

Add Bulk Users to Office 365 Group from CSV

For bulk import process the CSV file is the best choice of all time, you can use the below powershell commands to add bulk members to an office 365 group by importing user identities from csv file. Consider the csv file members.csv that includes the column header member which holds the user identity values in each row of the csv file.
Import-CSV "C:\members.csv" | ForEach-Object {
Add-UnifiedGroupLinks –Identity "O365Group" –LinkType Members  –Links $_.member
}

Find and list members of unified group:

Once we added user as member in O365 group, we can use Get-UnifiedGroupLinks cmdlet to get members. The below command lists all members of given group.
Get-UnifiedGroupLinks –Identity "O365Group" –LinkType Members -ResultSize Unlimited
Read More...

Monday, 4 December 2017

Change Office 365 Group Email Address using PowerShell

Modifying name or display name of Office 365 Group is simple. However, if you want to rename primary email address this is simply not possible from Admin center, but we can easily change it using the Exchange Online Powershell cmdlet Set-UnifiedGroup.

Note: Before proceed, Connect Exchange Online Remote PowerShell.

Summary:

Changing email address of office 365 group includes the following four kind of tasks.
  • Rename Primary SMTP Address.
  • Rename Group Alias (or Email Alias).
  • Add or Remove Secondary Email Addresses (or Proxy Addresses).
  • Change both Primary and Secondary Email Address in single command
  • Find and Export Email Address details

Rename Primary E-mail Address of Office 365 Group

We need to use the attribute PrimarySmtpAddress in Set-UnifiedGroup cmdlet to change the primary mail address of an O365 group. The below command change the primary address to salesgroupnew@domain.com for the group named "Sales Group".
Set-UnifiedGroup -Identity "Sales Group" -PrimarySmtpAddress "salesgroupnew@domain.com"

Rename Group Alias or Email Alias

To update email alias we need to update the attribute alias. The below command rename the mail alias to salesgroupnew.
Set-UnifiedGroup -Identity "Sales Group" -Alias "salesgroupnew"

Add or Remove Secondary Email Addresses (or Proxy Addresses)

We can use the parameter EmailAddresses in Set-UnifiedGroup cmdlet to update proxy addresses of office 365 group. The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address.

Syntax to update email addresses:
Set-UnifiedGroup -Identity "o365group" -EmailAddresses @{Add="[<Type>]:<emailaddress1>","
[<Type>]:<emailaddress2>"...;Remove="[<Type>]:<emailaddress3>","[<Type>]:<emailaddress4>"...}
The optional value <Type> specifies the type of email address. Some of valid values are:
  • SMTP - The primary SMTP address (You can use this value only once in a command).
  • smtp - Other SMTP email addresses.
If you don't include a <Type> value for an email address, the value smtp (proxy address) is assumed.

Add proxy address:
Set-UnifiedGroup -Identity "Sales Group" -EmailAddresses @{Add="salesgroup1@domain.com",
"salesgroup2@domain.com"}
Remove proxy address:
Set-UnifiedGroup -Identity "Sales Group" -EmailAddresses @{Remove="salesgroup3@domain.com",
"salesgroup4@domain.com"}
To add or remove proxy addresses without affecting other existing values, use the following syntax.
Set-UnifiedGroup -Identity "Sales Group" -EmailAddresses @{Add="salesgroup1@domain.com",
"salesgroup2@domain.com"; Remove="salesgroup3@domain.com","salesgroup4@domain.com"}

Change both Primary and Secondary Email Address in single command

We can easily update both primary and proxy address in a single command by specifying valid <Type> values (SMTP - for primary address. smtp - for proxy address).The following command removes the primary address salesgroupold@domain.com and the proxy address salesgroup3@domain.com, and adds the primary address salesgroupnew@domain.com and the proxy address salesgroup1@domain.com.
Set-UnifiedGroup -Identity "Sales Group" -EmailAddresses @{Remove="SMTP:salesgroupold@domain.com",
"smtp:salesgroup3@domain.com"; Add="SMTP:salesgroupnew@domain.com","smtp:salesgroup1@domain.com"; }

Export Email Address details of Office 365 group

We can use the following command to find and list the email address details for the given office 365 group.
Get-UnifiedGroup -Identity "Sales Group" | Select PrimarySMTPAddress,Alias,EmailAddresses|FL
The below command export email address details of all the office 365 groups to csv file.
Get-UnifiedGroup -ResultSize Unlimited | Select DisplayName,PrimarySMTPAddress,Alias,EmailAddresses |
Export-CSV "C:\\O365GroupMailAddresses.csv" -NoTypeInformation -Encoding UTF8
Read More...

Wednesday, 22 November 2017

Remove user from Office 365 Group using PowerShell

We can use the Exchange Online powershell cmdlet Remove-UnifiedGroupLinks to remove members, owners and subscribers from Office 365 groups. The Remove-UnifiedGroupLinks cmdlet includes the following parameters:

Identity – This parameter specifies the Office 365 Group that you want to update. You can use alias, display name, or email address of the unified group that you want to modify.
Links  – This parameter specifies the recipients to remove from the Office 365 Group.You can use alias, display name, or email address of the user that you want to remove.
LinkType – Members, Owners, or Subscribers.

Before proceed, run the following commands to connect Exchange Online Powershell session.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session

Remove user from Office 365 Group

The following command remove the member morgan@contoso.com from the Office 365 Group named TestO365Group. We need to set the parameter LinkType as Members to remove user from being a member.
Remove-UnifiedGroupLinks –Identity "TestO365Group" –Links morgan@contoso.com –LinkType Members -Confirm:$false

Remove multiple users from Office 365 Group

In above command the parameter Links accept multiple values, so we can easily remove multiple members by running single command by passing user identities as comma separated values (Ex: value1,value2....). If the user ids contain spaces we need to enclose every value by quotation marks (Ex: "value1","value2",..).

The below example removes the members alexw@contoso.com and alland@contoso.com from the Office 365 Group named TestO365Group.
Remove-UnifiedGroupLinks –Identity "TestO365Group" –Links alexw@contoso.com ,alland@contoso.com –LinkType Members -Confirm:$false

Remove bulk users from Office 365 Group (from CSV file)

You can use the below powershell commands to remove bulk members from an office 365 group by importing users from csv file. Consider the csv file members.csv that includes the column member which holds the member identity in each row of the csv file.
Import-CSV "C:\members.csv" | ForEach-Object {
Remove-UnifiedGroupLinks –Identity "TestO365Group" –Links $_.member –LinkType Members -Confirm:$false
Write-Host "The user" $_.member "removed"
}

Find and list members of Office 365 Group

Once we added or removed users in unified group, we can use the Get-UnifiedGroupLinks cmdlet to get members of a specific group. The below command lists all the members of the given group.
Get-UnifiedGroupLinks –Identity "TestO365Group" –LinkType Members -ResultSize "Unlimited"
You can also export all the member details to csv file using below command.
Get-UnifiedGroupLinks –Identity "TestO365Group" –LinkType Members -ResultSize "Unlimited" | 
Select DisplayName,Name,PrimarySMTPAddress |
Export-CSV "C:\\Office365GroupMembers.csv" -NoTypeInformation -Encoding UTF8
Read More...

Wednesday, 4 October 2017

PowerShell : Check if user is member of local Adminstrators group

We can find whether the given user is member of local Administrators group or not by accessing ADSI WinNT Provider. In this post, I am going to write powershell script to check if an user is exists in local Administrators group in local machine and remote server.

Check if user is member of local Administrators group:

The following powershell commands checks whether the given user is member of Administrators group in local machine.
$user = "Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 
$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})
If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}

Find if user is member of local Admins group in Remote server:

Use the below powershell command to check if user is member of Administrators group in remote computer.
$computer = "hp-pc" 
$user = "Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://$computer/$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 
$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})
If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}

Check if multiple users are member of Administrators group:

Use the below powershell script to check if multiple users are member of local Admins group.
$users = "Morgan","TestUser1","TestUser2"
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 
$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})

ForEach ($user in $users) {
If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}}
Read More...

Check if an user is member of a local group using PowerShell

We can easily find a local user is member of a local group by accessing ADSI WinNT Provider. In this post, I am going to share powershell script to check if local user is exists in a group, and check multiple users are member of a local group.

Check if local user is member of Administrators group:

The following powershell commands checks whether the given user is member of built-in Administrators group.
$user = "Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 

$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})

If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}

Check if multiple users are member of a given local Group:

Run the below powershell command to check if multiple users are member of a given group.
$users = "Morgan","TestUser1","TestUser2"
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 

$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})

ForEach ($user in $users) {
If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}}

Check if users are member of a group in Remote Computer:

Use the below powershell command to check if users are member of a given group in remote machine/server.
$computer = "remote-pc" 
$users = "Morgan","TestUser1","TestUser2"
$group = "Administrators";
$groupObj =[ADSI]"WinNT://$computer/$group,group" 
$membersObj = @($groupObj.psbase.Invoke("Members")) 

$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})

ForEach ($user in $users) {
If ($members -contains $user) {
      Write-Host "$user exists in the group $group"
 } Else {
        Write-Host "$user not exists in the group $group"
}}
Read More...

Tuesday, 26 September 2017

How to find Windows OS version using PowerShell

For troubleshooting purpose, or before deploy any software, it is good to know what is Windows operating system version that is currently running. We can easily find the OS details from My Computer properties, but if you want to get details from your customer machine to troubleshoot any issue, PowerShell is the best option to get all the required machine details.

In PowerShell, we can find operating system details in different ways, but to be safe we can use the WMI based cmdlet Get-WmiObject, this command is compatible from Windows PowerShell 2.0. Using this command we can query the WMI class Win32_OperatingSystem to get os version number:
(Get-WmiObject Win32_OperatingSystem).Version
The above command only returns the os version number. Run the following command to get the display name of your Windows version.
(Get-WmiObject Win32_OperatingSystem).Caption
Output :
Microsoft Windows 7 Ultimate
We can use select command to get the output of all the required OS related properties.
Get-WmiObject Win32_OperatingSystem |
Select PSComputerName, Caption, OSArchitecture, Version, BuildNumber | FL
We can use the Get-WmiObject cmdlet in short form gwmi.
(gwmi win32_operatingsystem).caption

Get OS version of a remote computer:

We can easily get the OS version details of a remote computer by adding the parameter -ComputerName to Get-WmiObject.
Get-WmiObject Win32_OperatingSystem -ComputerName "Remote_Machine_Name" |
Select PSComputerName, Caption, OSArchitecture, Version, BuildNumber | FL

Get OS details for a list of remote computers using PowerShell:

You can use the following powershell script to find OS version details for multiple remote computers. First create a text file named as computers.txt which includes one computer name in each line. You will get the output of machine name, OS name and version number in the csv file OS_Details.csv.
Get-Content C:\computers.txt  | ForEach-Object{
$os_name = (Get-WmiObject Win32_OperatingSystem -ComputerName $_ ).Caption
if(!$os_name){
$os_name = "The machine is unavailable"
$os_version = "The machine is unavailable"
}
else{
$os_version = (Get-WmiObject Win32_OperatingSystem -ComputerName $_ ).Version 
}
New-Object -TypeName PSObject -Property @{
ComputerName = $_
OSName = $os_name
OSVersion = $os_version 
}} | Select ComputerName,OSName,OSVersion |
Export-Csv C:\OS_Details.csv -NoTypeInformation -Encoding UTF8
Read More...