Thursday, 26 April 2018

Export Office 365 Distribution Group Members to CSV using PowerShell

This post will help you to find and export distribution group members in Office 365 by using powershell script. We can list all the office 365 distribution lists by using the Exchange online powershell cmdlet Get-DistributionGroup and its group members by Get-DistributionGroupMember cmdlet.

Before proceed run the following command to connect Exchange Online powershell module.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session
Run the following command to list all the distribution groups.
Get-DistributionGroup -ResultSize Unlimited
The following command lists all the members for the given distribution list.
Get-DistributionGroupMember -Identity "<group name>" -ResultSize Unlimited

Export Members of a Single Distribution List to CSV:

The following powershell script gets members of a given distribution group and export members list to CSV file. You can replace the parameter <group name> with your own group name in the below script.
$DGName = "<group name>"
Get-DistributionGroupMember -Identity $DGName -ResultSize Unlimited | Select Name, PrimarySMTPAddress, RecipientType |
Export-CSV "C:\\Distribution-Group-Members.csv" -NoTypeInformation -Encoding UTF8

Export All Distribution Groups and Members List to CSV:

First we can get all the distribution groups by using Get-DistributionGroup cmdlet and retrieve its members by iterating every group with Get-DistributionGroupMember cmdlet. The following script exports all the distribution lists and their memberships to CSV file.
$Result=@()
$groups = Get-DistributionGroup -ResultSize Unlimited
$totalmbx = $groups.Count
$i = 1 
$groups | ForEach-Object {
Write-Progress -activity "Processing $_.DisplayName" -status "$i out of $totalmbx completed"
$group = $_
Get-DistributionGroupMember -Identity $group.Name -ResultSize Unlimited | ForEach-Object {
$member = $_
$Result += New-Object PSObject -property @{ 
GroupName = $group.DisplayName
Member = $member.Name
EmailAddress = $member.PrimarySMTPAddress
RecipientType= $member.RecipientType
}}
$i++
}
$Result | Export-CSV "C:\\All-Distribution-Group-Members.csv" -NoTypeInformation -Encoding UTF8

CSV output of O365 Distribution Groups and Members:


Export Office 365 Distribution Groups and their Memberships to CSV

Tuesday, 24 April 2018

Get List of Registered Azure AD Applications using PowerShell

In this post, I am going to share powershell script to find and retrieve the list of Azure AD applications that are registered by your company in current tenant. We can use the Get-AzureADApplication cmdlet to fetch all the registered apps.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD
Run the following command to list all the applications that are registered by your company. This command returns both web applications and native applications (run in desktop/mobile device).
Get-AzureADApplication -All:$true
You can filter the results by application display name.
Get-AzureADApplication -Filter "DisplayName eq 'TestAppName'"
You can also filter the results by application id.
Get-AzureADApplication -Filter "AppId eq 'ca066717-5ded-411b-879e-741de0880978'"

Find and list only Web applications :

Use the below command to get all azure ad applications with the application type "Web app/API"
Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -ne $true } | FT

Find and list Native applications alone :

Run the following command to get all the native client (desktop/mobile device) applications.
Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -eq $true } | FT

Export All Registered Azure AD Application Details to CSV :

The below command exports all the all azure ad apps with required details to csv file.
Get-AzureADApplication -All:$true |
Select-Object DisplayName, AppID, PublicClient, AvailableToOtherTenants, HomePage, LogoutUrl  |
Export-Csv "C:\AzureADApps.csv"  -NoTypeInformation -Encoding UTF8

Thursday, 19 April 2018

How to: Add Mailbox Import Export Role in Office 365 using PowerShell

When you are in Exchange Online environment, you might have required (or asked) to assign "Mailbox Import Export Role" for some kind of mailbox operation, like importing PST files, delete messages from mailbox using Search-Mailbox cmdlet, restore deleted mails using Restore-RecoverableItems cmdlet, etc. When you import PST files without this role you will probably receive this error message: "Please add Mailbox Import Export role for use running import and check back in 60 minutes".

By default, the "Mailbox Import Export" role is not assigned to any role group, even to the Organization Management role group. Typically, you assign a role to a built-in/custom role group, or you can assign a role to a user, or a universal security group. In this post, I am going to share PowerShell script to find who has access to Mailbox Import Export role and how to assign this role to user, security group and existing build-in/custom role group.

Before proceed, run the following commands to load Exchange Online powershel module:
$o365Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Summary:

Assign Mailbox Import Export role to user, security group and existing role group

Run the following command to assign the role for the individual user account.
New-ManagementRoleAssignment –Role "Mailbox Import Export" –User "user name"
Run the following command to set this role for the universal security group.
New-ManagementRoleAssignment –Role "Mailbox Import Export" –SecurityGroup "group name"
Use the below command to add this role to existing management role group.
New-ManagementRoleAssignment -Role "Mailbox Import Export" -SecurityGroup "Organization Management" -Name "Import Export Org Management"
Note: You have to create a new Exchange Online PowerShell session to get new role permissions.

Find who has access to Mailbox Import Export role

You can run the following command to find out who has the role already.
Get-ManagementRoleAssignment –Role "Mailbox Import Export" | FL RoleAssigneeName, Name
In the result, you may see the Organization Management role group even though you haven’t explicitly given the rights , this is because of the members of the Organization Management role group can delegate the "Mailbox Import Export" role to themselves and other groups or users.

Remove Management Role Assignment

If you want to remove the existing role assignment, first you have to find the name of the role assignment that you want to delete using the command Get-ManagementRoleAssignment and run the following powershell command to clear the existing role.
Remove-ManagementRoleAssignment "Import Export Org Management" -Confirm:$false

Wednesday, 18 April 2018

Recover Deleted Office 365 Groups using PowerShell

Microsoft using Office 365 Group as a base service for other products like Planner, MS Teams, Yammer, etc... , so keeping its identity is very important. You might have deleted an O365 group without knowing its usage in other services, in this case you will also loose the group's dependent contents. If you soft-deleted the office 365 group, by default the deleted object retained for 30 days (retention period) and you can easily restore the group and its associated content within this retention period, after the retention period the group and its associated content will be permanently deleted and cannot be restored.

When a group is restored, the following group associated content also get recovered: Office 365 Group's Azure AD object and its properties, group SMTP address, Exchange Online shared inbox and calendar, SharePoint Online team site and files, OneNote notebook, Planner buckets and tasks, Microsoft Teams and other associated contents.

We can recover deleted unified groups using Restore-AzureADMSDeletedDirectory cmdlet from Azure AD PowerShell V2 module. Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD
Recovering a deleted office 365 group includes following two steps:

Find Id of the deleted office 365 group

Actually we need to pass the object Id of a deleted group to Restore-AzureADMSDeletedDirectory cmdlet, so we need to first get the object id of the deleted group that we want to restore.
Get-AzureADMSDeletedGroup
The above command retrieves all the soft deleted groups in a directory that are recoverable. You can also filter the groups by name using the parameter -SearchString.
Get-AzureADMSDeletedGroup -SearchString "Test Group"
After running any one of the above two commands , note down the Id of the office 365 group that you want to restore.

Restore the deleted office 365 group

Once you got the Id of the deleted group from the above step, you can just run the following command after replacing the Id parameter with your target group object Id.
Restore-AzureADMSDeletedDirectoryObject –Id <deleted group id>
If you believe there is no duplicate entries in the deleted groups with the same name, you can use the following commands to get the deleted group Id and recover the object in single execution.
$groupId = (Get-AzureADMSDeletedGroup -SearchString "Test Group").Id
Restore-AzureADMSDeletedDirectoryObject –Id $groupId
Once you run the above command, the restoring process will be completed in few minutes. Run the following powershell command to verify that the group has been restored successfully.
Get-AzureADGroup -ObjectID $groupId

Monday, 16 April 2018

Recover Deleted Emails in Office 365 Mailbox using PowerShell

As an Administrator you might requested by an Outlook user to restore the deleted e-mail messages. In Office 365, you can search and restore the deleted items using Exchange Online Powershell cmdlets Get-RecoverableItems and Restore-RecoverableItems.

Before proceed, first we need to connect Exchange Online powershel module by running below commands:
$o365Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Summary:


Permissions Required :

To run the cmdlets Get-RecoverableItems and Restore-RecoverableItems, you must have one of the Exchange RBAC roles with the "Mailbox Import Export Role" assigned. By default, this role isn't assigned to any role group. Typically, you assign a role to a built-in or custom role group. Or you can assign a role to a user, or a universal security group. The below example add the role to the Organization Management role group:
New-ManagementRoleAssignment -Name "Import_Export_Organization_Management" -SecurityGroup "Organization Management" -Role "Mailbox Import Export"
Note: You have to create a new Exchange Online PowerShell session to get new role permissions.

Restore deleted messages to their original folder location:

We can use the Restore-RecoverableItems cmdlet to restore each item to its original location and this cmdlet takes the same search parameters that you used to find items.
Restore-RecoverableItems -Identity "AlexW" -SourceFolder RecoverableItems -SubjectContains "Important”

Restore deleted messages from bulk users mailbox:

You can use the below powershell commands if you want restore deleted emails from set of users' mailbox by importing user details from CSV file.
Import-Csv 'C:\Users.csv' | ForEach-Object {
$mailbox = $_."UserPrincipalName"
Write-Host "Recovering messages for" $mailbox -Foreground Yellow
Restore-RecoverableItems -Identity $mailbox -SourceFolder RecoverableItems -SubjectContains "Important" -FilterItemType Ipm.Note
}