Thursday, June 12, 2014
NOTE: Many exchange power shell commands will also work with office 365 and Exchange, some may only work in one. Commands which start MSOL will only work in Office 365
Connecting to Office 365
There are two ways to connect to office 365 via powershell. The first method will work in any powershell window and will allow you to run most general commands which are not office 365 specific. For example Exchange powershell commands
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
The second method requires installing the Office 365 Powershell Module. Then using this command to connect. This is required for Office 365 commands. These general have MSOL in the command.
Connect-MsolService
Connection to Office 365 via Partner Deligate Admin
If you want to connect to office 365 logging it with your login using your Alliance Systems login then using the Partner Deligate Admin rights use the following connection method
$LiveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell-LiveID?DelegatedOrg=<tenantname>.onmicrosoft.com -Credential $LiveCred -Authentication Basic –AllowRedirection Import-PSSession $Session
If using Connect-MsolService it is not quite as nice. Connect as normal then run this
$tenID=(get-msolpartnercontract -domain <tenantname>.onmicrosoft.com).tenantId.guid
Then you will need to add -tenantID $tenID to each command. For Example
Get-MSolUser -UserPrincipalName SomeUser@MyCustomer.com -tenantID $tenID
Import Exchange Powershell Commands
If you are running Exchange Powershell commands without using the Exchange Powershell you will need to load the exchange commands. Import-Module Activedirectory
Convert mailbox to Shared Mailbox Get-Mailbox <primary SMTP address> | Set-Mailbox –type shared
Set password to never expire (Office 365)
This is an Office 365 command and will require the Office 365 Powershell Module For a single User
Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true
For all Users
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
Change Users Password (Office 365)
This is an Office 365 command and will require the Office 365 Powershell Module For a Single User
Set-MsolUserPassword -UserPrincipalName <userid> -NewPassword <newpassword> -ForceChangePassword $false
For all users
Get-MSOLUser | Set-MsolUserPassword -NewPassword <newpassword> -ForceChangePassword $false
Get AD User information for reporting
This gets a list of all users in a OU
Get-ADUser -SearchBase "ou=users,ou=mybusiness,dc=alliance,dc=local" -Filter * -Re sultSetSize 5000 | Select Name,SamAccountName
This gets a list of AD Group Membership
Get-ADGroupMember -identity "Group" | get-aduser | Where {$_.Enabled -eq $true} | format-table name, samaccountname -autosize
Get Mailbox Sizes
There are two methods of this
Get-MailboxStatistics -server "G2B2008EX" | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending | Export-CSV C:\MBSizes.csv
Or
get-mailbox –resultsize unlimited | get-mailboxstatistics | select-object DisplayName,TotalItemSize,StorageLimitStatus,LastLogonTime > mailboxsize.txt
Export Mailboxes (Exchange 2010 and above?)
The path to be exported to must be a share not a local drive (ie \\servername\share) you may have issues exporting to a NAS, if so try exporting to a windows share then copying over to the NAS
New-MailboxExportRequest -mailbox "Mailbox Name" -filepath \\server\share\mailbox.name.pst
Then monitor the Export Progress
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics
Remove all completed Mailbox Export Requests
Get-MailboxExportRequest | where {$_.status -eq "Completed"} | Remove-MailboxExportRequest
Purge Disconnected Mailboxes
Remove-StoreMailbox –database “MyDatabaseName” –identity “Joe Blogs” –MailboxState Disabled
Exclude Database From Auto Selection During Mailbox Creation
When a new mailbox is created, if a specific database is not selected then exchange will randomnly pick a database (I think via round-robbin). This command will exluded a database from the list.
Set-MailboxDatabase -Identity "Mailbox Database 04" -IsExcludedFromProvisioning
Check Database ‘WhiteSpace’
Use this command to check how much empty space there is in an exchange database
Get-MailboxDatabase –Status | ft name,databasesize,availablenewmailboxspace -auto
Mailboxes which have a forwarding address
This command will list all the Mailbox where the forwarding address is not null
Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name, PrimarySMTPAddress, ForwardingAddress, DeliverToMailboxAndForward
Exchange Distribution Groups and Members
This will create a list of distribution groups and memebers. This will not work with Dynamic Distribution Groups
$dist = foreach ($group in (Get-DistributionGroup -Filter {name -like "*"})) {Get-DistributionGroupMember $group | Select @{Label="Group";Expression={$Group.Name}},@{Label="User";Expression={$_.Name}},SamAccountName}
$dist | Sort Group,User | ExportCSV c:\export.csv
Adding/Removing a user to a Distribution Group
Unless you are a Distribution Group Manager you cannot add users to a Distribution group through the Office 365 portal. This gives us a problem when trying to update these groups as using Partner Delegate Admin Permissions. To get around this issue you can log into power shell wiht the Partner Deligate Admin Permissions as noted above and then use this to add uses to the Distibution Group
Add-DistributionGroupMember -Identity "<groupname>" -Member "<username>" -BypassSecurityGroupManagerCheck $true
And to Remove
Remove-DistributionGroupMember -Identity "<groupname>" -Member "<username>" -BypassSecurityGroupManagerCheck $true
Find All objects using a particular Domain in Office 365
If you can’t remove a domain from Office 365 this will list all objects using it.
Get-MSOLUser | Where-Object {$_.Proxyaddresses-like "*<domain.com>*"}
Get-MSOLUser -returnDeletedUsers | Where-Object {$_.Proxyaddresses -like "*<domain.com>*"}
Get-Recipient | Where-Object {$_.EmailAddresses -like "*<domain.com>*"}
Get-Mailbox –SoftDeletedMailbox | Where-Object {$_.EmailAddresses -like "*<domain.com>*"}
Get-RemovedMailbox | Where-Object {$_.EmailAddresses -like "*<domain.com>*"}
Get-MsolUser -DomainName <domain.com> | fl UserPrincipalName
Get-recipient | where {$_.EmailAddresses -match "*<domain.com>*"}| fl Name, RecipientType, EmailAddresses
Find mailboxes where autoatically update email address to policy is disabled
Get-Recipient |Where-Object {!$_.EmailAddressPolicyEnabled} |Select Displayname, EmailAddressPolicyEnabled
Add Send-As to all Mailboxes
Get-Recipient | Where-Object {($_.RecipientType -eq “MailUser”) -or ($_.RecipientType -eq “UserMailbox”)} | Add-RecipientPermission -AccessRights SendAs -Trustee “smtp.user”