Tuesday, 15 May 2018

Find and Export Office 365 Users Profile Picture Status using PowerShell

In this post, I am going to share powershell script to find a list of users without profile picture in Office 365. We can extract this report using Exchange Online powershell cmdlets Get-Mailbox and Get-Userphoto.

Before proceed run the following command to connect Exchange Online powershell module.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session

Check if specific user has profile picture or not :

The following command checks whether profile photo set or not set for the user "alexw@contoso.com".
$photoObj = Get-Userphoto -Identity "alexw@contoso.com" -ErrorAction SilentlyContinue
If($photoObj.PictureData -ne $null)
{
Write-Host "User has profile picture"
}
Else
{
Write-Host "Profile picture not configured"
}

Export Office 365 Users without profile picture to CSV file :

Run the following powershell script to get a list of users who do not have profile picture and export user details to csv file.
$Result=@()
$allUsers = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$totalusers = $allUsers.Count
$i = 1 
$allUsers | ForEach-Object {
$user = $_
Write-Progress -activity "Processing $user" -status "$i out of $totalusers completed"
$photoObj = Get-Userphoto -identity $user.UserPrincipalName -ErrorAction SilentlyContinue
If($photoObj.PictureData -eq $null) 
{
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}}
$i++
}
$Result | Export-CSV "C:\\office-365-users-without-photo.csv" -NoTypeInformation -Encoding UTF8

Export all O365 Users with profile picture status :

The following powershell script exports all mailbox users with their profile picture status (photo uploaded or not) to csv file.
$Result=@()
$allUsers = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$totalusers = $allUsers.Count
$i = 1 
$allUsers | ForEach-Object {
$user = $_
Write-Progress -activity "Processing $user" -status "$i out of $totalusers completed"
$photoObj = Get-Userphoto -identity $user.UserPrincipalName -ErrorAction SilentlyContinue
$hasPhoto = $false
if ($photoObj.PictureData -ne $null)
{
$hasPhoto = $true
}
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
HasProfilePicture = $hasPhoto 
}
$i++
}
$Result | Export-CSV "C:\\office-365-users-photo-status.csv" -NoTypeInformation -Encoding UTF8


CSV Output of Profile Picture Status Report:

Find and Export O365 Profile Photo Status Report to CSV file

Read More...

Friday, 11 May 2018

Microsoft Teams : Get all your teams data using Powershell

Now we can get the list of teams where the current user is being a member using Microsoft Teams Powershell. Before proceed first you have to install Microsoft Teams Powershell using below command.
Install-Module MicrosoftTeams -Force
Note: You have to run the powershell with "Run as administrator" privilege to install this module.

Once you have installed the Teams module, then run the following command to connect Microsoft Teams and it will ask your credentials to proceed.
Connect-MicrosoftTeams

List all your Teams:

Once you have completed the login step, run the Get-Team command to list all your teams.
PS C:\> Get-Team

GroupId                              DisplayName        Description
-------                              -----------        -----------
9b614bd6-6710-44ae-a9e7-3446334546d7 Team 1             Team 1 Description
7d6143d6-2612-44ae-a9e7-2473364843f5 Team 2             Team 2 Description

List all channels in a Team:

You can get channels of a specific team by running following command. You can get the <Group Id> of the specific team from Get-Team command.
Get-TeamChannel -GroupId <Group Id>

Get Team members and their role:

You can also get members of a specific team and their role (owner or member) by running following command.
Get-TeamUser -GroupId <Group Id>
Note : Using Get-Team cmdlet you can get only your own teams, you can't get teams list of specific user even if you have administrator privilege. The Get-Team cmdlet actually included the parameter -User to get other user teams information, but as of now you will get only access denied ('Get-Team : Error occurred while executing Code: AccessDenied') error message even for global administrator.
PS C:\Windows\system32> Get-Team -User AlexW@contoso.onmicrosoft.com
Get-Team : Error occurred while executing
Code: AccessDenied
Message: Invalid UserId. UserId does not match Access token UserObjectId
InnerError: RequestId: f8664d28-5514-4bef-907e-f7a880907bc7 DateTimeStamp: 2018-05-11T16:59:53
HttpStatusCode: AccessDenied
At line:1 char:1
+ Get-Team -User AlexW@contoso.onmicrosoft.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Team], ApiException
    + FullyQualifiedErrorId : Microsoft.TeamsCmdlets.PowerShell.Custom.ErrorHandling.ApiException,Microsoft.TeamsCmdle
   ts.PowerShell.Custom.GetTeam
Read More...

Thursday, 10 May 2018

How to get password from user with a mask using Powershell

You can easily prompt and ask input from user by using the Read-Host cmdlet, but by default this command accepts the user input as plain text. If you get some secured data like password from user by using this command, when user type the input the password text will be clearly visible as shown in below example.
PS C:\> Read-Host "Enter password"
Enter password: myPassword
myPassword
If you want to hide or mask the password text from user, then you need to just pass the parameter –AsSecureString with Read-Host powershell command.
PS C:\> Read-Host "Enter password" -AsSecureString
Enter password: **********
System.Security.SecureString
The hard part of the above step is, it will read password as SecureString object not as clear text value. Most of the powershell commands (i.e. Set-ADAccountPassword, Set-MsolUserPassword , etc..) will accept the password input only as SecureString object, you don't need to worry if you are going to use the password with these kind of commands, but if you need that secured text for some other purpose then you should convert the secure string password to clear text password.

The following powershell code shows how to convert secure password into plain text password.

#Step 1: get secure password from user.
$securePwd = Read-Host "Enter password" -AsSecureString
#Step 2: convert secure password into normal plain text password.
$plainPwd =[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePwd))
Write-Host "You password is : $plainPwd" -ForegroundColor Yellow
Read More...

Monday, 7 May 2018

PowerShell : Show Progress Bar, Status and % Completed for Long Running Script

You can use the Write-Progress cmdlet to display progress status and percentage of process completed for a long running command or script. In normal cases you can use Write-Host command but if your script is going to run more time then you should use Write-Progress command to display the clear progress status.

The following command run the timer for 10 seconds and it update progress status for every second.
1..10 | ForEach {
Start-Sleep -s 1
Write-Progress -Activity "Process Started : " -Status "Total items processed: $_"
}
We can also display the progress bar by setting the parameter -PercentComplete
1..100 | ForEach {
Start-Sleep -m 100
Write-Progress -Activity "Process Started" -Status "Total items processed: $_" -PercentComplete $_
}
Show PowerShell Process Output Status 

We can also show the remaining time in seconds by setting the parameter -SecondsRemaining
1..10 | ForEach {
Start-Sleep -s 1
Write-Progress -Activity "Process Started" -Status "Total items processed: $_"  -SecondsRemaining (10-$_)
}
Display PowerShell Progress Bar Status
Read More...

PowerShell : Sleep, Wait or Suspends the activity for some period of time

You can use the Start-Sleep cmdlet to suspend the activity in a script for the specified period of time. You can use this command for the tasks, such as waiting for an operation to complete or pausing before repeating an operation.

This command wait for 5 seconds.
Start-Sleep -Seconds 5
------- or ---------
Start-Sleep -s 5
The following command makes all the commands to sleep for 500 milliseconds (half of a second)
Start-Sleep -Milliseconds 500
------- or ---------
Start-Sleep -m 500

Timer Job using the cmdlets Start-Sleep and Write-Progress:

The following command run the timer for 60 seconds (1 minute).
1..60 | ForEach { 
Start-Sleep -s 1
Write-Progress -activity "Timer Started: " -Status $_
}

Wait, Sleep or Suspend in PowerShell script
Read More...

Thursday, 26 April 2018

Export Office 365 Distribution Group Members to CSV using PowerShell

This post will help you to find and export distribution group members in Office 365 by using powershell script. We can list all the office 365 distribution lists by using the Exchange online powershell cmdlet Get-DistributionGroup and its group members by Get-DistributionGroupMember cmdlet.

Before proceed run the following command to connect Exchange Online powershell module.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session
Run the following command to list all the distribution groups.
Get-DistributionGroup -ResultSize Unlimited
The following command lists all the members for the given distribution list.
Get-DistributionGroupMember -Identity "<group name>" -ResultSize Unlimited

Export Members of a Single Distribution List to CSV:

The following powershell script gets members of a given distribution group and export members list to CSV file. You can replace the parameter <group name> with your own group name in the below script.
$DGName = "<group name>"
Get-DistributionGroupMember -Identity $DGName -ResultSize Unlimited | Select Name, PrimarySMTPAddress, RecipientType |
Export-CSV "C:\\Distribution-Group-Members.csv" -NoTypeInformation -Encoding UTF8

Export All Distribution Groups and Members List to CSV:

First we can get all the distribution groups by using Get-DistributionGroup cmdlet and retrieve its members by iterating every group with Get-DistributionGroupMember cmdlet. The following script exports all the distribution lists and their memberships to CSV file.
$Result=@()
$groups = Get-DistributionGroup -ResultSize Unlimited
$totalmbx = $groups.Count
$i = 1 
$groups | ForEach-Object {
Write-Progress -activity "Processing $_.DisplayName" -status "$i out of $totalmbx completed"
$group = $_
Get-DistributionGroupMember -Identity $group.Name -ResultSize Unlimited | ForEach-Object {
$member = $_
$Result += New-Object PSObject -property @{ 
GroupName = $group.DisplayName
Member = $member.Name
EmailAddress = $member.PrimarySMTPAddress
RecipientType= $member.RecipientType
}}
$i++
}
$Result | Export-CSV "C:\\All-Distribution-Group-Members.csv" -NoTypeInformation -Encoding UTF8

CSV output of O365 Distribution Groups and Members:


Export Office 365 Distribution Groups and their Memberships to CSV
Read More...

Tuesday, 24 April 2018

Get List of Registered Azure AD Applications using PowerShell

In this post, I am going to share powershell script to find and retrieve the list of Azure AD applications that are registered by your company in current tenant. We can use the Get-AzureADApplication cmdlet to fetch all the registered apps.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD
Run the following command to list all the applications that are registered by your company. This command returns both web applications and native applications (run in desktop/mobile device).
Get-AzureADApplication -All:$true
You can filter the results by application display name.
Get-AzureADApplication -Filter "DisplayName eq 'TestAppName'"
You can also filter the results by application id.
Get-AzureADApplication -Filter "AppId eq 'ca066717-5ded-411b-879e-741de0880978'"

Find and list only Web applications :

Use the below command to get all azure ad applications with the application type "Web app/API"
Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -ne $true } | FT

Find and list Native applications alone :

Run the following command to get all the native client (desktop/mobile device) applications.
Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -eq $true } | FT

Export All Registered Azure AD Application Details to CSV :

The below command exports all the all azure ad apps with required details to csv file.
Get-AzureADApplication -All:$true |
Select-Object DisplayName, AppID, PublicClient, AvailableToOtherTenants, HomePage, LogoutUrl  |
Export-Csv "C:\AzureADApps.csv"  -NoTypeInformation -Encoding UTF8
Read More...

Thursday, 19 April 2018

How to: Add Mailbox Import Export Role in Office 365 using PowerShell

When you are in Exchange Online environment, you might have required (or asked) to assign "Mailbox Import Export Role" for some kind of mailbox operation, like importing PST files, delete messages from mailbox using Search-Mailbox cmdlet, restore deleted mails using Restore-RecoverableItems cmdlet, etc. When you import PST files without this role you will probably receive this error message: "Please add Mailbox Import Export role for use running import and check back in 60 minutes".

By default, the "Mailbox Import Export" role is not assigned to any role group, even to the Organization Management role group. Typically, you assign a role to a built-in/custom role group, or you can assign a role to a user, or a universal security group. In this post, I am going to share PowerShell script to find who has access to Mailbox Import Export role and how to assign this role to user, security group and existing build-in/custom role group.

Before proceed, run the following commands to load Exchange Online powershel module:
$o365Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Summary:

Assign Mailbox Import Export role to user, security group and existing role group

Run the following command to assign the role for the individual user account.
New-ManagementRoleAssignment –Role "Mailbox Import Export" –User "user name"
Run the following command to set this role for the universal security group.
New-ManagementRoleAssignment –Role "Mailbox Import Export" –SecurityGroup "group name"
Use the below command to add this role to existing management role group.
New-ManagementRoleAssignment -Role "Mailbox Import Export" -SecurityGroup "Organization Management" -Name "Import Export Org Management"
Note: You have to create a new Exchange Online PowerShell session to get new role permissions.

Find who has access to Mailbox Import Export role

You can run the following command to find out who has the role already.
Get-ManagementRoleAssignment –Role "Mailbox Import Export" | FL RoleAssigneeName, Name
In the result, you may see the Organization Management role group even though you haven’t explicitly given the rights , this is because of the members of the Organization Management role group can delegate the "Mailbox Import Export" role to themselves and other groups or users.

Remove Management Role Assignment

If you want to remove the existing role assignment, first you have to find the name of the role assignment that you want to delete using the command Get-ManagementRoleAssignment and run the following powershell command to clear the existing role.
Remove-ManagementRoleAssignment "Import Export Org Management" -Confirm:$false
Read More...