Thursday, 20 June 2019

Add user as owner of all Office 365 groups using Powershell

As you know modern Office 365 groups are being used as base service for other Office 365 workloads (Ex: Teams, Planner).So you have to first member of the group to manage and work with groups and its associated services, if you want to do some high privilege actions (ex: delete group, delete team, or delete planner plan) then you have to be added as a owner of the group.

With Global Admin privilege, sometimes you may wanted to delete a group or update some group settings, but without being a owner of the group you can't delete group even though you have global admin privilege. We can use Exchnage Online Powershell cmdlet Add-UnifiedGroupLinks to add user as owner and member of unified group.

Before proceed, first connect EXO Powershell module by using below commands :
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session
The below commands add an user as owner and member of the specific group :
Add-UnifiedGroupLinks –Identity "TestO365Group" –LinkType Members –Links username@yourdomain.com
Add-UnifiedGroupLinks –Identity "TestO365Group" –LinkType Owners –Links username@yourdomain.com
Note : To get complete privilege, you have to add the user as owner and also as a member of the group.

Add user as owner of all Office 365 Groups :

To add an user as owner of all the available o365 groups in your organization, first you have to get all the unified groups using the Get-UnifiedGroup cmdlet and pipe the results to Add-UnifiedGroupLinks cmdlet to add user one by one.
$userToAddOwner = "username@yourdomain.com"
Get-UnifiedGroup -ResultSize Unlimited | ForEach-Object {
$o365group = $_
Add-UnifiedGroupLinks –Identity $o365group.Name –LinkType Members –Links $userToAddOwner
Add-UnifiedGroupLinks –Identity $o365group.Name –LinkType Owners –Links $userToAddOwner
}

Add user as owner of multiple groups from CSV :

Consider the csv file o365Groups.csv that includes the column GroupName which holds the name of groups in each row of the csv file.
$userToAddOwner = "username@yourdomain.com"
Import-CSV "C:\o365Groups.csv" | ForEach-Object {
$groupName = $_."GroupName"
Add-UnifiedGroupLinks –Identity $groupName –LinkType Members –Links $userToAddOwner
Add-UnifiedGroupLinks –Identity $groupName –LinkType Owners –Links $userToAddOwner
}
You can use the Remove-UnifiedGroupLinks cmdlet to remove membership and ownership of an user from Office 365 group.

Friday, 14 June 2019

Get info of all the configured Outlook profiles using Powershell

In Outlook client you can configure multiple email accounts as per your need. You can add your primary work email as default profile and configure personal email as secondary profile. Sometimes you may need to fetch details of all the configured profiles, you can use outlook client itself for this need, but an easiest way is Powershell to retrieve all the properties from multiple accounts.

Open the powershell console and run the below command to list DisplayName and SmtpAddress of all accounts.
$outlookApplication = New-Object -ComObject 'Outlook.Application'
$accounts = $outlookApplication.Session.Accounts
$accounts | Select DisplayName, SmtpAddress
Use below command to list all the available properties.
$accounts | FL
The below command returns the default profile name
$outlookApplication.Application.DefaultProfileName
Note: The above commands will work only in Outlook client installed machine as it uses the interface library "Microsoft.Office.Interop.Outlook.Application" which works under the logged-in user's outlook context.

Since the above commands are working under the logged-in user's outlook context, you have to open the powershell without Run as administrator privilege. If you have opened the powershell console with Run as administrator privilege, then you will get the below error :
PS C:\WINDOWS\system32> $outlookApplication = New-Object -ComObject 'Outlook.Application'
New-Object : Retrieving the COM class factory for component with CLSID {0006F03A-0000-0000-C000-000000000046} failed
due to the following error: 80080005 Server execution failed (Exception from HRESULT: 0x80080005
(CO_E_SERVER_EXEC_FAILURE)).
At line:1 char:23
+ $outlookApplication = New-Object -ComObject 'Outlook.Application'
+                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [New-Object], COMException
    + FullyQualifiedErrorId : NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand

Wednesday, 5 June 2019

Get Azure AD Users with their Registered Devices using Powershell

In this post I am going to share Powershell script to find and list devices that are registered by Azure AD users. We can use the Get-AzureADUserRegisteredDevice cmdlet to get the registered devices.

Before proceed run the below command to connect Azure AD Powershell module.
Connect-AzureAD
The below command gets the devices that are registered to the specified user.
$user = Get-AzureADUser -SearchString "UserName"
Get-AzureADUserRegisteredDevice -ObjectId  $user.ObjectId -All $true

List registered devices of all Azure AD users :

To get a report of device list for all Azure AD users, first we need to get users by Get-AzureADUser cmdlet and pipe the users list to Get-AzureADUserRegisteredDevice cmdlet.
$Result=@()
$Users = Get-AzureADUser -All $true | Select UserPrincipalName,ObjectId
$Users | ForEach-Object {
$user = $_
Get-AzureADUserRegisteredDevice -ObjectId $user.ObjectId | ForEach-Object {
$Result += New-Object PSObject -property @{ 
DeviceOwner = $user.UserPrincipalName
DeviceName = $_.DisplayName
DeviceOSType = $_.DeviceOSType
ApproximateLastLogonTimeStamp = $_.ApproximateLastLogonTimeStamp
}
}
}
$Result | Select DeviceOwner,DeviceName,DeviceOSType,ApproximateLastLogonTimeStamp

Export Report to CSV file :

You can export the result to CSV file using the command Export-CSV.
$Result | Export-CSV "C:\\AzureADJoinedDevices.csv" -NoTypeInformation -Encoding UTF8

Tuesday, 4 June 2019

How to Set Property Bag Value in SharePoint Online using Powershell

The SharePoint property bag is a hash table, which is used to store data in key-value pairs and it is good place to store and retrieve meta-data or custom properties. We can set and get property bag value using CSOM or SharePoint Online PnP cmdlets. In this post I am going to share steps to update property bag value using PnP Powershell Module.

Before proceed install SharePoint PnP PowerShell Online module by running below command.
Install-Module SharePointPnPPowerShellOnline -Force
Run the below command to connect site with PnPOnline powershell.
$SiteURL = "https://MyTenant.sharepoint.com/sites/testsite"
Connect-PnPOnline $SiteURL
Once you have connected the required site, run the below command to set required property value.
Set-PnPPropertyBagValue -Key "myCustomProperty" -Value "customValue"
The above command works without any issue if the site setting NoScript disabled, or else you will get the below error message.
Set-PnPPropertyBagValue : Site has NoScript enabled, and setting property bag values is not supported
At line:1 char:1
+ Set-PnPPropertyBagValue -Key "myCustomProperty" -Value "customValue"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (SharePointPnP.P...ropertyBagValue:SetPropertyBagValue) [Set-PnPProper
   tyBagValue], Exception
    + FullyQualifiedErrorId : NoScriptEnabled,SharePointPnP.PowerShell.Commands.SetPropertyBagValue
To disable the NoScript setting, we need to set the property DenyAddAndCustomizePages as Disabled. Run the below command to disable NoScript setting for the given site.
$site = Get-PnPTenantSite -Detailed -Url $SiteURL 
$site.DenyAddAndCustomizePages = 'Disabled'
$site.Update()
$site.Context.ExecuteQuery()
-- OR -- You can also use the below command to set this value using Set-PnPTenantSite cmdlet in modern sharepoint sites.
Set-PnPTenantSite -Url $SiteURL  -NoScriptSite:$false
Now run the below command to re-connect the site and set required property bag value.
Connect-PnPOnline $SiteURL
Set-PnPPropertyBagValue -Key "myCustomProperty" -Value "customValue"

Get Property Bag value :

Use the below command to get the configured property value.
Get-PnPPropertyBag -Key "myCustomProperty"

Remove Property Bag value :

Run the below command to delete an existing property.
Remove-PnPPropertyBagValue -Key "myCustomProperty" -Force