How to export office 365/Exchange online mailbox to PST.

Hello, in this post we are going to see how to export an Office 365 (Exchange online) mailbox content to a PST file. This process can also be used to search for SharePoint, OneDrive, Teams sites, Office 365 group… content. Now that we have set the scene, we can get started.

In the Security and compliance center (https://protection.office.com), under “Search” click on “Content Search”

In the content search portal, start a New search

Check “Specific location” and select modify to specify the location/mailbox you want to export the content from.

On the next tab, click on “choose users, groups or teams” and specify the mailbox for which you want to export the content to PST.

Select the checkbox and click on Choose, selct Done and on the next tab click on Save to validate your choice.

Save and run to start the content search process.

Give a name to your content search process and click save to start the search.

Once the content search of the mailbox you specified is done, in the menu select Export results.

In the next tab, select the export options according to your need and click on “Export”

The export process has now started, you can see the status in the Exports tab by clicking on the name you gave to your export.

Once the export status is completed, you now can start downloading the result.

Clique on “Copy to clipboard” to copy the “Export secret” and click on “Download the result”. On the next page, enter the Export secret and specify the location where to save the pst file.

Start the downloading process – sorry, my OS is in french version 🙂 . At the end of the downloading, retrieve the pst file in the location you previously specified.

Et voilĂ  !

Active Directory – CrĂ©er des comptes utilisateurs Ă  partir d’un fichier Csv

Dans cet article nous allons voir comment crĂ©er des comptes d’utilisateurs dans Active Directory Ă  partir d’un fichier Csv.

Prenons l’exemple de ce fichier ci-dessous qui contient la liste des utilisateurs que nous souhaitons crĂ©er. Veuillez noter que la première ligne concerne les entĂŞtes de notre fichier csv qui sont en rĂ©alitĂ©s quelques attributs des comptes que nous allons crĂ©er.

Enregistrer votre fichier en tant que c:\users.csv puis utiliser le script ci-dessous pour créer les comptes :

#Bulk users accounts creation

$csv = Import-csv -Path c:\users.csv -Encoding UTF8 -Delimiter ";" 
$path = "OU=SITES,DC=srckoa,DC=local"
$domain = "srckoa.local"
$Password = "YourP@ssw0d"

foreach ($u in $csv) {

    #Creating Organizational Unit
    try {
        New-ADOrganizationalUnit -Name $u.OU -path $path #-WhatIf
    }
    catch {
        Write-Host "OU $($u.OU) ready for receiving user accounts" -ForegroundColor Yellow
    }
    
    #Creating user account in the previous created orgnizational Unit
    New-ADUser -Name $u.DisplayName`
        -GivenName $u.GivenName`
        -Surname $u.surname`
        -SamAccountName $u.samAccountName`
        -UserPrincipalName $($u.givenName + "." + $u.surname + "@$domain")`
        -Department $u.Department`
        -DisplayName $u.DisplayName`
        -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force)`
        -Path ("OU=" + $u.OU + "," + $path)`
        -Enabled $true `
        -ChangePasswordAtLogon $true

}

Ce script va crĂ©er les comptes utilisateurs dans les unitĂ©s d’organisations qui sont indiquĂ©es dans la colonne OU. Toutes les crĂ©ations vont se faire sous une OU racine appelĂ©e SITES que nous avons indiquĂ©e dans le script.

Une démo est disponible ici :

How to grant read-only permission on a MailBox

In this post I will show you how to grant user Perry Brill read-only permission on the mailbox of Joe Dan using PowerShell.

The first thing to do is to find all the folders present in Serge Boss mailbox then grant read only permission on those folders to John Doe.

Let’s go with the fistr step :

To find the folders in the mailbox, use the below commandline

Get-MailboxFolderStatistics -Identity <mailbox identity> | Select-Object Identity

To grant access to a particular folder, use this commandline

Add-MailboxFolderPermission -Identity <Folder Identity> -User <User who needs access> -AccessRights <Type of Access>

To grant read-only access to all the folders, you must apply the previous command to all the folder. The easiest way is to use a loop. I propose you a function to reach that goal.

function Add-PermissionOnAllMailboxFolders {
    param (
        [Parameter(Mandatory = $true)]
        $Identity,

        [Parameter(Mandatory = $true)]
        $User,

        [Parameter(Mandatory = $true)]
        [validateSet("Author","Reviewer","Contributor")] #Find complete list of permission on https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxfolderpermission?view=exchange-ps
        $AccessRights
    )

    $ExcludeFolders = ":\Top of Information Store",":\Recoverable Items",":\Audits",":\Calendar Logging",":\Deletions",":\DiscoveryHolds",":\Purges",":\SubstrateHolds",":\Versions",":\Sync Issues",":\Yammer Root"
    $alias = (Get-Mailbox -Identity $Identity).alias
    
    Add-MailboxFolderPermission "$($alias):\" -User $User -AccessRights $AccessRights

    (Get-MailboxFolderStatistics -Identity $alias).Identity | Foreach-object {
        $folder = $_.replace("$alias\","$($alias):\")
        if ($folder.replace("$alias","") -notin $ExcludeFolders) {
            Add-MailboxFolderPermission $folder -User $User -AccessRights $AccessRights
        }
    }

}

Run the script to load the function and then use the commands below to grant the permissions according to your need

To grant read-only permission

#Reviewer : FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Reviewer

To grant the other type of permission

#Author : CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Author

#Contributor : CreateItems, FolderVisible
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Contributor

Now you can add the mailbox to the user Outlook and access it content

The mailbox now appears in your outlook.

Directly assigned or Inherited Office 365 Licenses ?

Hello, today I am sharing with you an interesting Office 365 script that I hope will help you. This script will tell you how licenses are assigned to a set of user in your Office 365 tenant : Direct or Inherited ?

My script consists of 2 parts, the first determines License Plans assigned to a user account, the second one dertermines the Licenses paths (Direct or Inherited).

function Get-LicensePlan {

    param (

        [Parameter(Mandatory=$true)]
        [String]$SkuId,
        [Parameter(mandatory=$true)]
        [String]$TenantName

    )

    Switch($SkuId){

                      "$($TenantName):AAD_PREMIUM" {return "AAD Premium P1"}
                   "$($TenantName):AX7_USER_TRIAL" {return "D_AX7.0 TRIAL"}
          "$($TenantName):DYN365_ENTERPRISE_P1_IW" {return "D365 ETR P1"}
              "$($TenantName):DYN365_RETAIL_TRIAL" {return "D365 CRM TRIAL"}
                              "$($TenantName):EMS" {return "EMS_E3"}
                       "$($TenantName):EMSPREMIUM" {return "EMS_E5"}
                     "$($TenantName):DESKLESSPACK" {return "F1"}
                     "$($TenantName):STANDARDPACK" {return "E1"}
                   "$($TenantName):ENTERPRISEPACK" {return "E3"}
                "$($TenantName):ENTERPRISEPREMIUM" {return "E5"}
                        "$($TenantName):FLOW_FREE" {return "FLOW FREE"}
                      "$($TenantName):INTUNE_A_VL" {return "INTUNE"}
                       "$($TenantName):MCOMEETADV" {return "SFB PSTN Conf"}
        "$($TenantName):MICROSOFT_BUSINESS_CENTER" {return "MBC"}
                     "$($TenantName):POWER_BI_PRO" {return "PBI PRO"}
                "$($TenantName):POWER_BI_STANDARD" {return "PBI STD"}
        "$($TenantName):POWERAPPS_INDIVIDUAL_USER" {return "PAPPS IND User"}
                  "$($TenantName):POWERAPPS_VIRAL" {return "PAPPS and LOGIC FLOW"}
                   "$($TenantName):PROJECTPREMIUM" {return "PJ Online"}
                           "$($TenantName):STREAM" {return "STREAM"}
                "$($TenantName):VISIOONLINE_PLAN1" {return "VISIO P1"}
              "$($TenantName):WACONEDRIVESTANDARD" {return "OD P1"}
                      "$($TenantName):WIN_DEF_ATP" {return "WDF ATP"}
                                           default {return $SkuId.Replace("$($TenantName):","")}
    }

}

With the function Get-LicensePlan, we know what licenses are assigned to a user based on the SkuId. The following second function Get-LAPATH (Get-LicenseAssingmentPaths) will tell us if the licenses are Direct assigned or Inherited from a group.

 

function Get-LAPATH{

    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [string]$UPN
    )

    Begin{
        Get-Date
        Write-Host "## Data processing stated at $(Get-date)" -ForegroundColor Yellow
        Write-Host ""
        $TenantName = ((Get-MsolAccountSku).AccountSkuId[0] -split(':'))[0]
    }

    Process{
        
        Write-Host ""
        Write-Host "Working on $UPN" -ForegroundColor Green
        $User = Get-MsolUser -UserPrincipalName $UPN

        #Getting assignment paths
        $LicensesTab = $null
        $LicensePlan = $null
        $LicTabCount = 0
        $LicensesTab = $User.Licenses | Select-Object AccountSkuId, GroupsAssigningLicense

        if($LicensesTab){

            Write-Host "License Enabled : True" -ForegroundColor Yellow

            $i = 0 #(Measure-Object -InputObject $LicensesTab).Count
            $LicTabCount = $LicensesTab.AccountSkuId.Count

            Do{

                #Getting License Plan
                $LicensePlan = Get-LicensePlan -SkuId $LicensesTab[$i].AccountSkuId -TenantName $TenantName

                #Getting License Paths
                [System.Collections.ArrayList]$LicensePath = @()

                if($LicensesTab[$i].GroupsAssigningLicense){

                    foreach ($Guid in $LicensesTab[$i].GroupsAssigningLicense.guid){

                        if($Guid -eq $User.ObjectId.Guid){
                            $LicensePath.Add("Direct") | Out-Null
                        }
                        else{
                            $LicensePath.Add((Get-MsolGroup -ObjectId $Guid).DisplayName) | Out-Null
                        }

                    }
                }
                else{
                    $LicensePath.Add("Direct") | Out-Null
                }

                Write-Host "$LicensePlan : $([String]::Join(",",$LicensePath.ToArray()))" -ForegroundColor Yellow
                $i++

            }
            While ($i -ne $LicTabCount)
        }
        else {
            Write-Host "License Enabled : false" -ForegroundColor Red
        }
    }

    End{
        Write-Host ""
        Write-Host "## Data Processing ended on $(Get-Date)" -ForegroundColor Yellow
    }

}

Now that everything is set, let’s talk about how to use this script to achieve your goal. Of course, for running this script, you need to have Microsoft Online Services PowerShell installed on your computer (PowerShell Module For Office 365) and a read access permissions on your Office 365 Admin portal to see users configuration,  ideally User Management Role.

  • To see Office 365 license assginment paths for one user
"<UserPrincipalName>" | Get-LAPATH

Get-LAPATH_multiples_One

The user james.bond@acidalien.fr has 3 licenses plans assigned:

  1. FLOW FREE inherited from the license group GRP-FLOW-FREE
  2. FLOW FREE directly assigned
  3. DEVELOPERPACK directly assigned
  • To see Office 365 license assignment paths for several users 

From a Powershell table

"<User1 upn>" ,"<User2 upn>","..." | Get-LAPATH

Get-LAPATH_multiples_2

From a file containing the list of UserPrincipalName :

Get-LAPATH_multiples_File

Get-Content -Path <File path.txt> | Get-LAPATH

Get-LAPATH_multiples

Et voilà 🙂

Microsoft Teams – Unable to create Team from existing Group

Hello, I share with you in this post a workaround to create a Team in Microsoft Teams from an existing group.

Open an Exchange Online PowerShell and run this command line to get the InboxUrl of the group you want to create a Team from.

Get-UnifiedGroup -Identity <Your UnifiedGroup Identity> | Select InboxUrl

1

Use a browser and connect to the InboxUrl of the UnifiedGroup (OWA). In the mailbox, select the group header and open the associated SharePoint site.

2

This action provisions the SharePoint Site, now you can create a Team

3

If you see the below error, don’t worry, refresh the browser.

4.png

The Teams has been provisioned.

5.png

Click to open Teams

6.png

You are done !

Exchange Online Powershell module installation error – Application cannot be started. Contact the application vendor

This morning when trying to install the PowerShell Module for Exchange Online from the ECP,

Install Exchange Online PowerShell

I came accross this error message

Exchange Online - Cannot Start Application

Even though this is not a very serious issue, it may cause you lose your time.

So to avoid this error message, use INTERNET EXPLORER to connect to the ECP and then the INSTALLATION WILL BE POSSIBLE.

Thank you.

Cannot change Profile Picture on Teams

One day, an Office 365 user asked me why he cannot change his Teams Profile Picture. After a few check, we found that a license option was missing on his Office 365 user account. This user account was missing an Exchange Online license.

So, to enable picture adding to a Teams profile, you need to have an Exchange Online license enabled for this profile. Once it’s done, wait for un while or restart Teams and you will see the “Change picture” option appear.

Teams Profile picture

To understand how Microst Teams interacts with Exchange Online, you can read the following complete Microsoft article https://docs.microsoft.com/en-us/MicrosoftTeams/exchange-teams-interact

 

Check if an email address or a UserPrincipalName is already used by an account in your Office 365 tenant

Did you ever need to find in your Office 365 tenant :

  • What object is using a specific email address or UserPrincipalName ?
  • What object is preventing an Active Directory account from syncing because of duplicated email address or UserPrincipalName ?
  • Where are them located in your tenant : in Users, in Contacts or in Deleted users ?

If yes, this article may help you achieve your goal. Find below how to process. To install the Microsoft Online Service Module for Powershell, please follow the instruction in the paragraph Connect with the Microsoft Azure Active Directory Module for Windows PowerShell of this link :

https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

When you are ready, open a Powershell console and Sign in to your Office 365 tenant with an Admin Account using this command line

Connect-MsolService

Run the below Powershell fonction :

function Get-ConflictingAttributes {

  [Cmdletbinding()]
  param (
    [Parameter(mandatory=$true)]
    [String]$SearchValue
  )

  $SearchTable = @{}
  Write-Host "Searching began :" $(Get-Date) -ForegroundColor Green

  #Searching in all ProxyAddresses
  Write-Host "Searching User and Guest accounts" $(Get-Date) -ForegroundColor Yellow
  $User = Get-MsolUser -All | Where-Object {($_.UserPrincipalName -match $SearchValue) -or ($_.ProxyAddresses -match $SearchValue)}

  #Searching in all deleted users
  Write-Host "Searching Deleted accounts" $(Get-Date) -ForegroundColor Yellow
  $Del = Get-MsolUser -All -ReturnDeletedUsers | Where-Object {($_.UserPrincipalName -match $SearchValue) -or ($_.ProxyAddresses -match $SearchValue)}

  #Searching in contacts
  Write-Host "Searching Contacts" $(Get-Date) -ForegroundColor Yellow
  $Contact = Get-MsolContact -All | Where-Object {$_.EmailAddress -match $SearchValue}

  Write-Host "Searching ended :" $(Get-Date) -ForegroundColor Green

  if ($User){
    $SearchTable.Add($User.UserType,$User) | Out-Null
  }

  if ($Del){
    $SearchTable.Add($Del.UserType,$Del) | Out-Null
  }

  if ($Contact){
    $SearchTable.Add("Contact",$Contact) | Out-Null
  }

  return $SearchTable

}

Now, suppose that you want to know which account in your Office 365 tenant is using the email address john.doe@koafric.com, it’ simple, run this command line in the Powershell console you previously opened :

$Result = Get-ConflictingAttributes -SearchValue "john.doe@koafric.com"

To see the result :

Get-ConflictingAttributes

We can see that the object using the value “john.doe@koafric.com” is a contact and this value is set on his EmailAddress.

Change OneDrive For Business locale

Hello, here I am back with another script to share with you. Recently a client asked me how to change locale of OneDrive in bulk for his Office 365 users. The thing is that his Office 365 tenant has been created with french as default language, whereas there are many englishspeaking people in the company.

All Excel files created in OneDrive online show formula in French. Really embarrassing for some users.

Excel issue0.png

Of course you can change this default language through OneDrive online site settings > Regional settings

Change OD4B locale3

But the big deal is how to manage it for more than twenty thousand users ? This is where you can leverage on the power of PowerShell. Here is a script to help you achieve this goal.

<#
.SYNOPSIS
This script allows you to change regional settings in Office 365 OneDrive For Business.
.DESCRIPTION
    This script allows you to change regional settings in Office 365 OneDrive For Business.
.PARAMETER UpnPath
Full path to upns TXT or CSV file (without header), one UserPrincipalName (upn) per line.
.PARAMETER creds
Specify Admintrator UserPrincipalName
.PARAMETER SiteURL
Specify SharePoint Admin site url : "https://<yourtenant>-admin.sharepoint.com/", replace <tenant> with your tenant name
.PARAMETER ODUrl
Specify OneDrive For Business url : "https://<yourtenant>-my.sharepoint.com/Personal/, replace <tenant> with your tenant name
.PARAMETER LocaleID
Specify the Locale ID. The locale ID for US english (en-us) is 1033
.EXAMPLE
Set-OD4BLocale -UpnPath "C:\upns.txt" -creds "admin@mytenant.onmicrosoft.com" -SiteURL "https://mytenant-admin.sharepoint.com/" -ODUrl "https://mytenant-my.sharepoint.com/Personal/" -LocaleID 1033
.NOTES
Version : 1.0
Auteur : Jean-Marie AGBO
Date de création : 04/12/2018
Version 1.0 : DĂ©veloppement initial
#>

Function Set-OD4BLocale{
[CmdletBinding()]
Param(
[parameter(Mandatory=$true)]
[String]$UpnPath,

[parameter(Mandatory=$true)]
[PSCredential]$creds,

[parameter(Mandatory=$true)]
[string]$SiteURL,

[parameter(Mandatory=$true)]
[string]$ODUrl,

[parameter(Mandatory=$false)]
[string]$LocaleID = "1033"
)

#Connect msol service
Connect-SPOService -Url $SiteURL -Credential $creds

#Add references to SharePoint client assemblies and authenticate to Office 365 site - required for CSOM
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll"

#Import upn file
$Upns = Get-Content -Path $UpnPath

foreach ($upn in $Upns){
#Building user ODrive Full Url
Write-Host "Building ODrive Full Url for $upn" -ForegroundColor Yellow
$ODriveFullUrl = $ODUrl + $Upn.Replace("@","_").replace('.','_')

#Adding Admin access to user OneDrive
Write-Host "Adding Admin access to $upn OneDrive" -ForegroundColor Yellow
Set-SPOUser -Site $ODriveFullUrl -LoginName $creds.UserName -IsSiteCollectionAdmin $true | Out-Null

#Bind to OD4B Site and change locale
Write-Host "Changing Locale for $upn" -ForegroundColor Yellow
$spocreds = [Microsoft.SharePoint.Client.SharePointOnlineCredentials]::new($Creds.UserName,$creds.Password)
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($ODriveFullUrl)
$Context.Credentials = $spocreds
$Context.ExecuteQuery()
$Context.Web.RegionalSettings.LocaleId = $Locale
$Context.Web.Update()
$Context.ExecuteQuery()

#Removing Admin access from User OneDrive
Write-Host "Removing Admin access from $upn OneDrive" -ForegroundColor Green
Set-SPOUser -Site $ODriveFullUrl -LoginName $creds.UserName -IsSiteCollectionAdmin $false | Out-Null
}
}

How to run the script ?

Set-OD4BLocale -UpnPath "C:\upns.txt" -creds "admin@mytenant.onmicrosoft.com" -SiteURL "https://mytenant-admin.sharepoint.com/" -ODUrl "https://mytenant-my.sharepoint.com/Personal/" -LocaleID 1033

The upns.txt file must contain the UserPrincipalName of users you want to change the locale.

fname1@mytenant.com
fname2@mytenant.com
fname3@mytenant.com
fname4@mytenant.com

You can get help on the script. Run it and use the below PowerShell command line :

Get-Help Set-OD4BLocale -Full

After changing the default language:

Change OD4B locale2

Now, you can check your change by creating an excel file in OneDrive Online and note that the formula are in english.

Excel-issue-e1546263940174.png

Et voilà 🙂 !