Saturday, 19 January 2019

Set up Manager for Office 365 Users

Every organization should have a hierarchy set up for their employees to run day-to-day to work smoothly. Office 365 introducing many advanced features (ex: Office 365 Groups, Flow, Planner ,Teams, and etc.) to reduce the hurdles in collaboration and communication between employees and their manager. So, setting up manager for users is important to use advanced features like Flow and Workflow.

In this post, we are going to explain how to update manager field for Azure AD users by following three different ways.

Set Manager via Exchange Online Admin center

You can follow the below steps to set a manager in required mailbox user through Exchange Online Admin center.
  • Go to Office 365 Admin center.
  • In the left navigation, expand Admin centers, and then select Exchange.
  • In the Exchange Administration Center (EAC), navigate to recipients > mailboxes.
  • Select required user to update manager field and then click on Edit icon.
  • In Edit Uer Mailbox popup, go to organization tab and you can set manager field as shown in below image.
Add manager from Exchange Admin Center

Set Manager via Azure AD portal

Follow the below steps to configure manager from Azure AD Portal.
  • Go to Azure AD Portal.
  • In the left navigation, click Azure Active Directory and click Users.
  • Select (click on user name hyperlink) required user, click on Edit under Job info section and then add or remove manager field as shown in below image.
Add or Remove manager from office 365 user in Azure AD Portal

Set or Remove Manager using PowerShell

Powershell is always a good tool for Administrators to manager Azure Ad objects. We can use the Azure AD powershell cmdlet Set-AzureADUserManager to set manager field and Remove-AzureADUserManager to remove manager.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
You can run following command to add manager after replacing required user’s and manager’s UPN or ObjectId.
$User  = ""
$Manager  = ""
$ManagerObj = Get-AzureADUser -ObjectId $Manager
Set-AzureADUserManager -ObjectId $User -RefObjectId $ManagerObj.ObjectId
You can run following command to remove or clear manager field.
Remove-AzureADUserManager -ObjectId ""
You can check and get users' existing manager value by running following command.
Get-AzureADUserManager -ObjectId ""
Note: Setting up manager field in one place does not immediately reflect in other places or in Delve and you have to wait few mins to hours for a full crawl of Active Directory by the SharePoint User Profiles.

Thursday, 20 December 2018

Office 365 Admin Roles which has permission to manage users license

Managing Office 365 users license is an occasional or may be a one-time task, but we can't always use the Global Admin account to administer license. In large environment with thousands of users, we may need to assign a dedicated person to manage users license.

Earlier you should have either a Global administrator or a User management administrator role to update users license, but now Office 365 introduced a new admin role License administrator.

With anyone of the below Admin role, users can add, update and remove user's license subscription or individual service plans:
  • License administrator
  • User management administrator
  • Global administrator
With anyone of the above role, you can manage license in following three ways:

Tuesday, 21 August 2018

How to change E-mail address of a Guest user in Office 365

Office 365 team extending its supports to add external users in many services like Office 365 groups, SharePoint groups, etc to provide collaboration experience with customers and clients. In Office 365, the guest users are represented by a mail user objects, so if you want to change email address for the existing guest user account, you can use the Exchange powershell cmdlet Set-MailUser.
Set-MailUser <mail_alias_of_guest_user> -WindowsEmailAddress <new email addresss>


If you don't have enough admin privilege to use this cmdlet, you can just remove the existing guest account and add again with new email address.

Thursday, 2 August 2018

How to find all digitally signed or encrypted emails in Outlook App

In this post, I am going to explain how to search and filter only the digitally signed emails or encrypted messages. By normal Outlook search we can filter emails by subject and message body, but we can't use this normal filter to search signed messages. For this case, we need to use Advanced Filter option and filter mails by its Message Class type.

You can find some of Message Class types in below list.
  • IPM.Note - Normal e-mail message.
  • IPM.Note.SMIME - The message is encrypted and can also be signed
  • IPM.Note.SMIME.MultipartSigned - The message is clear signed.
You can find the entire list here : E-mail message MessageClass types

Steps to filter messages by Message Class in Outlook

  • Go to Inbox (other mail folder), select Filter Email from the group Find in the Ribbon and click More Filters.
How to find all Digitally Signed and Encrypted Mails in Outlook App
  • Now you can see the Search tab open, select Search Tools under the group Options and click Advanced Find.
How to find signed messages or encrypted emails in outlook
  • Now you can see the Advanced Find window, click the tab Advanced -> Field -> All Mail fields -> Message Class as shown in below figure.
How to find signed messages or encrypted emails in outlook
  • Apply the contains condition in Message Class with the value IPM.Note.SMIME to search both signed and encrypted messages. 
Filter messages by Message Class in Outlook 2016
  • You need to apply exactly condition with the value IPM.Note.SMIME to filter only encrypted messages and apply exactly condition with the value IPM.Note.SMIME.MultipartSigned to list only signed messages that are not encrypted.
  • Once you have added the search criteria, then click Find Now button to scan the results.
Filter messages by Message Class in Outlook 2016


Tuesday, 31 July 2018

Export OneDrive for Business Users Storage Report using Powershell

In this post, I am going to share Powershell script to find and export current storage size used by every OneDrive users, maximum storage quota and warning size of all OneDrive sites to CSV file. We can easily find OneDrive for Business (ODFB) sites storage details using SharePoint management powershell cmdlet Get-SPOSite.

Before proceed, Install and Connect SharePoint Online PowerShell Module. Run the below commands after replacing your SPO Admin site url to connect SPO Online service.
$AdminSiteURL="https://<your tenant name>"
#Connect to SharePoint Online Admin Site
Connect-SPOService -Url $AdminSiteURL
The below command retrieves all personal sites and how much storage space (in MB) used by OneDrive users.
Get-SPOSite -IncludePersonalSite $true -Limit All -Filter "Url -like ''" |
Select Owner, StorageUsageCurrent, Url

Export OneDrive for Business users storage size report to CSV

The below powershell script get and export all personal sites and storage details to csv file.
#Get all OneDrive for Business sites
$oneDriveSites = Get-SPOSite -IncludePersonalSite $true -Limit All -Filter "Url -like ''"
$oneDriveSites | ForEach-Object {
$site = $_
$Result += New-Object PSObject -property @{ 
UserName = $site.Owner
Size_inMB = $site.StorageUsageCurrent
StorageQuota_inGB = $site.StorageQuota/1024
WarningSize_inGB =  $site.StorageQuotaWarningLevel/1024
OneDriveSiteUrl = $site.URL
$Result | Select UserName, Size_inMB, StorageQuota_inGB, WarningSize_inGB, OneDriveSiteUrl |
Export-CSV "C:\\OneDrive-for-Business-Size-Report.csv" -NoTypeInformation -Encoding UTF8

CSV output of OneDrive for Business (ODFB) users storage report:

Export OneDrive Users Current Storage Size Report using Powershell

Friday, 20 July 2018

How to Reuse a Deleted SharePoint Site Name and Site Url

When you delete a SharePoint Site from Office 365, by default the deleted site will be retained in the Site Collection Recycle Bin for 93 days (Retention Period) and if you have deleted a site collection, then the site collection will be retained in Tenant Recycle Bin.

The deleted sites are automatically emptied from the Site Collection/Tenant Recycle Bin after the retention period. You can restore a deleted site before this retention period time end.

Scenario 1 :

Consider that you have deleted a team site and you want to create another site with same name and site url. In this case, you can create a site with the same name but you can’t reuse the deleted site url until the deleted site exists in Recycle Bin.

If you are creating another site collection from SharePoint Online Admin portal, then you will get the validation error The site collection already exists. Please enter a different address. . Under this error message you can also see the option Permanently delete the site collection from the recycle bin and continue., you can check this option and proceed to remove the deleted site from Recycle Bin and create a site collection with same site url.

Reuse deleted site collection url

Scenario 2:

Consider that you have a Office 365 group that named as TestO365Group and the O365 group should have a associated team site ( If you delete this O365 group, it will also delete its associated site, both the group and site will be moved into Recycle Bin. Now you can create another O365 group with same name and email alias (group email address), but it will not create the associated team site with same url and it will place a numeric number after the site name in the URL (For example: So you have to remove the deleted site first from Recycle Bin to have the same group site url.

Manually deleting the sites from Recycle Bin will be a tough task. So you can use the SharePoint Online Management Powerhsell cmdlet Remove-SPODeletedSite to remove the deleted sites from Recycle Bin.

Before proceed Install and Connect SharePoint Online PowerShell Module, then run the below command to remove a deleted site.
Remove-SPODeletedSite -Identity
If you don’t know the deleted site url, you can use the command Get-SPODeletedSite to list all the deleted sites with Url.

Thursday, 19 July 2018

Fix: The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

Problem :

I have received the error message The Call to GetCustomUI() for RibbonID "Microsoft.Excel.Workbook" failed with the title Custom UI Runtime Error in Visual Studio Tools for Office Design-Time Adaptor for Excel when opening the Excel application. In my environment the below error comes when I open the Excel application that comes with Microsoft Office Professional Plus 2016.

Error - The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

Solution :

After analyzing some time found that this error is coming due to the COM Add-In Visual Studio Tools for Office Design-Time Adaptor for Excel. So to fix/remove this error, we need to enable Developer tab and turn off the problematic COM Add-In.

Follow the below steps to disable COM Add-In :

  • In Excel, click File menu and select Options.
Step 1 - Fix The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

  • In the Options menu select Customize Ribbon. In the right-hand side, you can see the Developer tab under Main Tabs, make sure that this tab is selected and click OK to save the changes.
Step 2 - Fix The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

  • Now you can see the Developer tab menu. Under the Developer tab ribbon, click on COM Add-Ins
Step 3 - Fix The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

  • In the COM Add-Ins window, look for the add in Visual Studio Tools of Office Design-Time Adaptor for Excel and Uncheck it (If you find multiple entries, uncheck all the entries).
Step 4 - Fix The Call to GetCustomUI for RibbonID Microsoft.Excel.Workbook failed

  • This will fix the issue, now you can close the Excel app and open it again to check the problem is solved or not.

Tuesday, 17 July 2018

Manage SharePoint Item Level Permissions using PowerShell

Occasionally we need to grant read permission for some set of users on certain document item and set edit permission to a particular user or group. To achieve this requirement, we need to add explicit permission for the particular list item. In this post I am going to share powershell scripts to add or remove item level permissions using CSOM (Client Object Model) and delete unique permissions from list item. To use CSOM in Powershell, we need to load the required Microsoft SharePoint Online SDK assembly files.


Find a list item or set of list items :

The below powershell commands find a file item by its name, if you want to reset permissions for all list items you can set this caml query : $camlQuery.ViewXml = "<View Scope='RecursiveAll' />" and you can also write your own caml query to get different set of list items.
#Add required references to SharePoint client assembly to use CSOM 

#Proivde your details: SharePoint Site Url, UserName and Password   
$UserName = ""
$Password = 'adminpassword'
$SecPwd = $(ConvertTo-SecureString $Password -asplaintext -force)  

#Connecting site web
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)  
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName,$SecPwd)  
$ctx.credentials = $credentials 

#Find list by Title

#Find list item by Name
$itemName = "TestFile.txt"; 
$camlQuery = New-Object Microsoft.SharePoint.Client.CamlQuery 
$camlQuery.ViewXml ="<view><query><where><eq><fieldref name='FileLeafRef'><value type='Text'>" + $itemName + "</value></fieldref></eq></where></query></view>" 
# If you want to set permissions for all list items, you can use the below line (caml query to fetch all items) after commenting above line.
# $camlQuery.ViewXml ="<View Scope='RecursiveAll' />"  

# You can use the result $allItems in below examples.

Set item level permissions for user and SharePoint group :

By default all list items inherit the permissions from parent list, so to add unique permission for a particular list item, first we need to stop inheriting permissions (break the inheritance) of the particular item.

Add permission for user account :

The below powershell commands remove the unique permissions from the given list item (or list items) and set Contribute permission for the given user account.
# $allItems - You can get the required list items using the commands from above step.
foreach($listItem in $allItems) 
# Break inherited permissions. By default, the permissions are inherited from the above level.
$listItem.BreakRoleInheritance($false, $false); 

#Find the given site user account
$editUser = $ctx.Web.EnsureUser("") 

# Providing edit (contribute permission) access to the given site user.
$editAccess = $ctx.Web.RoleDefinitions.GetByName("Contribute")   
$editRole = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)   
$editPermission = $listItem.RoleAssignments.Add($editUser, $editRole)   
Write-Host "Edit permission granted for the user:" $editUser.Title -foregroundcolor Green 

Add permission for group :

You can use the below powershell commands to grant read access for the given sharepoint group.
foreach($listItem in $allItems) 
$listItem.BreakRoleInheritance($false, $false); 

#Fecth the SharePoint groups for the site                         
#Fecth the specific SharePoint group
$readGroup = $spGroups.GetByName("Test Site Visitors"); 

# Providing read permission access to the members of the group "Test Site Visitors".    
$readAccess = $ctx.Web.RoleDefinitions.GetByName("Read")   
$readRole = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)   
$readPermission = $listItem.RoleAssignments.Add($readGroup, $readRole)   
Write-Host "Read access granted for the group 'Test Site Visitors'" -foregroundcolor Green 

Remove item level permissions :

You can use the below csom based powershell commands to remove unique permissions from a particular SharePoint/SharePoint Online list item.

Remove user permission from list item :

foreach($listItem in $allItems) 
#Remove permissions for a given user
$spUser = $ctx.Web.EnsureUser("") 
Write-Host "Permissions removed for the given user:" $spUser.Title -foregroundcolor Green

Delete group permission from list item :

foreach($listItem in $allItems) 
#Remove permissions for a given site group
$spGroup = $spGroups.GetByName("Test Site Visitors"); 
Write-Host "Permissions removed for the given group:" $spGroup.Title -foregroundcolor Green

Delete all unique permissions :

You can use the following powershell commands to remove all the explicit permissions from a list item and reset broken inheritance (recover inheritance).
foreach($listItem in $allItems) 
Write-Host "Unique permissions removed successfully and inheritance recovered." -foregroundcolor Green