Thursday, 22 February 2018

Check if Office 365 User is Licensed or Not using PowerShell

In this post I am going to write PowerShell script to check if a given office 365 user is licensed or not using Azure AD V2 PowerShell cmdlet Get-AzureADUser. Earlier with Old Azure AD V1 powershell command (Get-MsolUser) we had the attribute isLicensed but we don't have the same property in latest V2 PowerShell module, so we need to use the property AssignedLicenses to check license status.

Note: Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD V2 PowerShell module:
Connect-AzureAD
The below command checks if license is provisioned or not for the given user account:
$user = "username@o365domain.com"
$AssignedLicenses = (Get-AzureADUser -ObjectId $user).AssignedLicenses
If ($AssignedLicenses.Count -ne 0) {
      Write-Host "Licensed"
 } Else {
        Write-Host "Not licensed"
}

Export all licensed users to CSV file:

Run the below commands to export all the licensed office 365 users to csv file.
$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
if($_.AssignedLicenses.Count -ne 0){
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName }
}}
$Result | Export-CSV "C:\\LicensedO365Users.csv" -NoTypeInformation -Encoding UTF8

Export all Unlicensed users to CSV file:

Run the below powershell commands to export all the office 365 users whose license is not provisioned.
$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
if($_.AssignedLicenses.Count -eq 0){
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName }
}}
$Result | Export-CSV "C:\\UnLicensedO365Users.csv" -NoTypeInformation -Encoding UTF8

Export license status of all Office 365 users:

$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
$IsLicensed = ($_.AssignedLicenses.Count -ne 0)
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName
IsLicensed = $IsLicensed  }
}
$Result | Export-CSV "C:\\O365UsersLicenseStatus.csv" -NoTypeInformation -Encoding UTF8

Check license status for bulk users from CSV file:

The below command checks whether license is applied or not for bulk azure ad users by importing users from CSV file and export the result to csv file.
$Result=@() 
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = $_."UserPrincipalName"
$userObj = Get-AzureADUser -ObjectId $user
$IsLicensed = ($userObj.AssignedLicenses.Count -ne 0)
$Result += New-Object PSObject -property @{ 
Name = $userObj.DisplayName
UserPrincipalName = $userObj.UserPrincipalName
IsLicensed = $IsLicensed }
}
$Result | Export-CSV "C:\\LicenseStatusReport.csv" -NoTypeInformation -Encoding UTF8
Read More...

Wednesday, 21 February 2018

Export Enabled/Disabled Office 365 Users to CSV using PowerShell

In this post I am going to share PowerShell script to export enabled Azure AD users and disabled (sign-in blocked) users to CSV file by using latest Azure AD PowerShell for Graph. With latest Azure AD PowerShell module we can extract Office 365 users information by using Get-AzureADUser cmdlet, this command includes the property AccountEnabled and it indicates whether the user is enabled or disabled.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD

Export Enabled Office 365 Users to CSV:

The below command lists all the enabled Azure AD users in PowerShell console.
Get-AzureADUser -All $True | Where-Object { $_.AccountEnabled -eq $true } | FT
You can export user details to csv file by running below command:
Get-AzureADUser -All $True | Where-Object { $_.AccountEnabled -eq $true } |
Select-Object UserPrincipalName, DisplayName, Department |
Export-Csv "C:\EnabledO365Users.csv"  -NoTypeInformation -Encoding UTF8

Export Disabled Office 365 Users to CSV:

Run the below command to list disabled or sign-in access blocked office 365 users in PowerShell console.
Get-AzureADUser -All $True | Where-Object { $_.AccountEnabled -eq $false } | FT
You can get a list of disabled office 365 users in csv file by running below command:
Get-AzureADUser -All $True | Where-Object { $_.AccountEnabled -eq $false } |
Select-Object UserPrincipalName, DisplayName, Department |
Export-Csv "C:\DisabledO365Users.csv"  -NoTypeInformation -Encoding UTF8
Read More...

Tuesday, 13 February 2018

Check if Office 365 User is Blocked or Not using PowerShell

In this post I am going to share PowerShell script to check if a given office 365 user is blocked to sign-in by using latest Azure AD PowerShell for Graph. We can use Get-AzureADUser cmdlet to get office 365 user information, this command returns the property AccountEnabled and it indicates whether the login status of user is enabled or disabled. Earlier with Old Azure AD powershell command (Get-MsolUser) we had the same attribute with different name BlockCredential.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD
The below command checks if login status is enabled or blocked for the given azure ad user account:
$user = "username@o365domain.com"
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}

Check sign-in status of multiple user accounts:

Use the below command to check sign-in status is enabled or blocked for multiple user accounts:
$users = "user1@o365domain.com","user1@o365domain.com"
ForEach ($user in $users) {
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}}

Check account status for bulk users from CSV file:

The below command gets account status for bulk azure ad users by importing users from CSV file and export the result to csv file.
$Result=@() 
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = $_."UserPrincipalName"
$userObj = Get-AzureADUser -ObjectId $user
$Result += New-Object PSObject -property @{ 
Name = $userObj.DisplayName
UserPrincipalName = $userObj.UserPrincipalName
AccountEnabled = $userObj.AccountEnabled }
}
$Result | Export-CSV "C:\\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8

Export all Azure AD users account status to CSV file:

The below command gets all office 365 users and exports account enabled status to csv file.
$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName
AccountEnabled = $_.AccountEnabled }
}
$Result | Export-CSV "C:\\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8
Read More...

Thursday, 8 February 2018

Check if a Software Program Is Installed using PowerShell Script

We can easily check the list of installed applications via Control Panel's Add or Remove Programs UI. But if you are System Administrator and need to frequently check whether an application is installed or not, the PowerShell script will be very useful in this case.

Summary:


Check if a Software is installed by using WMI query:

The below function checks the application is installed or not by using Powershell's WMI Class Win32_Product.
function Check_Program_Installed( $programName ) {
$wmi_check = (Get-WMIObject -Query "SELECT * FROM Win32_Product Where Name Like '%$programName%'").Length -gt 0
return $wmi_check;
}

Check_Program_Installed("Microsoft SQL")

Check if a Program is installed or not by checking registry value:

The below PowerShell function check the Uninstall location and returns true if a given program is installed and returns false if not installed.
function Check_Program_Installed( $programName ) {
$x86_check = ((Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall") |
Where-Object { $_."Name" -like "*$programName*" } ).Length -gt 0;

if(Test-Path 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall')  
{
$x64_check = ((Get-ChildItem "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall") |
Where-Object { $_."Name" -like "*$programName*" } ).Length -gt 0;
}
return $x86_check -or $x64_check;
}

Check_Program_Installed("Microsoft")
This above script checks both the regular Uninstall location as well as the"Wow6432Node" location to ensure that both 32-bit and 64-bit locations are checked for software installations.

Check if a Software is installed in Remote Machine:

The below function checks if the given software program is installed or not in remote computer.
function Check_Program_Installed($computer, $programName ) {
$wmi_check = (Get-WMIObject -ComputerName $computer -Query "SELECT * FROM Win32_Product Where Name Like '%$programName%'").Length -gt 0
return $wmi_check;
}

Check_Program_Installed("hp-pc","Microsoft SQL")

Export list of Installed Software Programs into CSV file:

You can export the installed software application details to CSV using Powershell's Export-CSV cmdlet. The following script exports the Non-Microsoft applications to CSV file.
Get-WMIObject -Query "SELECT * FROM Win32_Product Where Not Vendor Like '%Microsoft%'" |
Select-Object Name,Version,Vendor,InstallLocation,InstallDate |
Export-CSV 'C:\Non_MS_Products.csv'
Read More...

Friday, 19 January 2018

Remove user from local Administrator group using PowerShell

In this post I am going to share PowerShell script to remove local user account or AD domain users from local Administrators group.

Remove user account from local Administrators group :

The following powershell commands remove the given AD user account from local Admins group.
$user = "DomainName/Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$userObj = [ADSI]"WinNT://$user,user"
$groupObj.Remove($userObj.Path)
If you want to remove non-domain local user account, you need to just pass the username as shown below:
$user = "ComputerName/Morgan";

Remove multiple users from local Administrators group :

Use the below PowerShell script to remove set of Active Directory user accounts from local Admins group. First create the text file users.txt which includes one user name in each line.
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
ForEach ($user in (Get-Content "C:\users.txt"))
{
   $userObj = [ADSI]"WinNT://$user,user"
   $groupObj.Remove($userObj.Path)
}

Remove user from local Admins group on Remote computer :

We need to provide the remote computer name to remove local Administrators group member on a remote computer.
$computer = "hp-pc";
$domainUser = "DomainName/Morgan";
$groupObj =[ADSI]"WinNT://$computer/Administrators,group" 
$userObj = [ADSI]"WinNT://$domainUser,user"
$groupObj.Remove($userObj.Path)
Read More...

Thursday, 18 January 2018

PowerShell : Add a user to the local Administrators group

By default the local Administrators group will be reserved for local admins. However, in some cases, you might want to grant an end user administrator privileges on his machine so that he can able to install a driver or an application, in this case we can easily use PowerShell commands to add local user or AD domain users to local Administrators group in local machine and remote computer.

Add a user account to the local Administrators group :

The following powershell commands add the given user account to local Admin group.
$user = "ComputerName/Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$userObj = [ADSI]"WinNT://$user,user"
$groupObj.Add($userObj.Path)

Add a AD domain user account to the local Admin group :

We can use the above same commands to add domain user account by just passing the domain user.
$domainUser = "DomainName/Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$userObj = [ADSI]"WinNT://$domainUser,user"
$groupObj.Add($userObj.Path)

Add a domain user account to the local Administrators group on a Remote computer:

We need to just pass the remote machine name to add an Active Directory user to the local Administrators group on a remote Windows computer with PowerShell.
$computer = "hp-pc";
$domainUser = "DomainName/Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://$computer/$group,group" 
$userObj = [ADSI]"WinNT://$domainUser,user"
$groupObj.Add($userObj.Path)
Read More...

Fix: The Security database on the server does not have a computer account for this workstation trust relationship

Problem :

Users might have received following error when they attempting to log on to a Active Directory domain joined machine.
The Security database on the server does not have a computer account for this workstation trust relationship

Fix/Solution :

Usually this error occurs if the problematic computer object in AD is disabled or deleted. You can either dis-join and re-join or reset the problematic computer object in AD if you have required Admin access.

Also check whether your local machine time is synced with DC server.

If you can't resolve the issue using above stated method, you can follow the below steps:
  1. Open ADUC console (Active Directory Users and Computers)
  2. Click the menu View and make sure that Advanced Features is checked.
  3. Navigate to the organizational unit (OU) where the the problematic computer account resides.
  4. Open the Properties for the computer object
  5.  Choose the Attribute Editor tab in the Properties dialog box
  6. Check the attributes dNSHostName & servicePrincipalName and make sure that the entry matches the host name that you have configured in your problem computer object (Start -> Computer -> Properties -> Full Computer Name)
    dNSHostName:
    computername.domainname.com
    
    servicePrincipalName:
    HOST/computername.domainname.com
    If you find that both entries are not matched, you can change the correct value.
  7. Restart the computer to reflect changes quickly and try to login again.
Read More...

Tuesday, 9 January 2018

Search Office 365 Mailbox : Delete, Copy and Move Messages using PowerShell

In this post I am going to share PowerShell script to search mailbox and delete, copy and move searched messages from one mailbox to another mailbox. We can use the exchange powershell cmdlet Search-Mailbox to search a mailbox and copy the results to a specified target mailbox and this cmdlet is available for both Exchange On-Premises and Exchange Online environment.

Before proceed, first we need to connect Exchange Online powershel module by running below commands:
$o365Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Summary:


Delete searched messages from mailbox

To delete messages we need to use DeleteContent switch, to use the DeleteContent switch you have to be assigned the Mailbox Import Export management role. By default, this role isn't assigned to any role group. Typically, you assign a role to a built-in or custom role group. Or you can assign a role to a user, or a universal security group. The below example add the role to the Organization Management role group:
New-ManagementRoleAssignment -Name "Import_Export_Organization_Management" -SecurityGroup "Organization Management" -Role "Mailbox Import Export"
Note: You have to create a new Exchange Online PowerShell session to get new role permissions.

This example searches Alex Wilber's mailbox for messages that contain the phrase "test message" in the subject and deletes the messages from the source mailbox.
Search-Mailbox -Identity "Alex Wilber" -SearchQuery {Subject:"test message" } -DeleteContent

Copy messages between mailboxes

This example searches Alex Wilber's mailbox for messages that contain the subject "sales report" in the subject and copy the result messages to Allan Deyoung's mailbox in the target folder "Sales".
Search-Mailbox -Identity "Alex Wilber" -SearchQuery {Subject:"sales report" } -TargetMailbox "Allan Deyoung" -TargetFolder "Sales"

Move messages from source mailbox to target mailbox

Move operation is nothing but the copy action along with removing messages from source mailbox. This example search and move messages from Alex Wilber's mailbox to Allan Deyoung's mailbox.
Search-Mailbox -Identity "Alex Wilber" -SearchQuery {Subject:"sales report" } -TargetMailbox "Allan Deyoung" -TargetFolder "Sales" -DeleteContent
Read More...