Author Archives: Jean-Marie AGBO

Jean-Marie AGBO 7:00 pm on 9 December 2020  

Rename AD User using PowerShell

If you are looking for renaming an AD User attributes like the “name”, you may be interested in this article. Of course, you can customize the command line to change other attribute like the “DisplayName” or another one.

Before doing any change, check the AD User name you want to rename

To check it with PowerShell, use the below command line

Get-ADUser "Tameka Reed" | fl name

Now rename the account with the following command line

Get-ADUser "Tameka Reed" | Rename-ADObject -NewName "Tameka Reed New"

How to check that your change worked ?

Get-ADUser "Tameka Reed" | fl name

In management console Active Directory Users and Computers

Jean-Marie AGBO 1:37 am on 29 November 2020
Tags: ,   

How to export office 365/Exchange online mailbox to PST.

Hello, in this post we are going to see how to export an Office 365 (Exchange online) mailbox content to a PST file. This process can also be used to search for SharePoint, OneDrive, Teams sites, Office 365 group… content. Now that we have set the scene, we can get started.

In the Security and compliance center (https://protection.office.com), under “Search” click on “Content Search”

In the content search portal, start a New search

Check “Specific location” and select modify to specify the location/mailbox you want to export the content from.

On the next tab, click on “choose users, groups or teams” and specify the mailbox for which you want to export the content to PST.

Select the checkbox and click on Choose, selct Done and on the next tab click on Save to validate your choice.

Save and run to start the content search process.

Give a name to your content search process and click save to start the search.

Once the content search of the mailbox you specified is done, in the menu select Export results.

In the next tab, select the export options according to your need and click on “Export”

The export process has now started, you can see the status in the Exports tab by clicking on the name you gave to your export.

Once the export status is completed, you now can start downloading the result.

Clique on “Copy to clipboard” to copy the “Export secret” and click on “Download the result”. On the next page, enter the Export secret and specify the location where to save the pst file.

Start the downloading process – sorry, my OS is in french version 🙂 . At the end of the downloading, retrieve the pst file in the location you previously specified.

Et voilĂ  !

Jean-Marie AGBO 2:07 am on 12 November 2020
Tags:   

Active Directory – CrĂ©er des comptes utilisateurs Ă  partir d’un fichier Csv

Dans cet article nous allons voir comment crĂ©er des comptes d’utilisateurs dans Active Directory Ă  partir d’un fichier Csv.

Prenons l’exemple de ce fichier ci-dessous qui contient la liste des utilisateurs que nous souhaitons crĂ©er. Veuillez noter que la première ligne concerne les entĂŞtes de notre fichier csv qui sont en rĂ©alitĂ©s quelques attributs des comptes que nous allons crĂ©er.

Enregistrer votre fichier en tant que c:\users.csv puis utiliser le script ci-dessous pour créer les comptes :

#Bulk users accounts creation

$csv = Import-csv -Path c:\users.csv -Encoding UTF8 -Delimiter ";" 
$path = "OU=SITES,DC=srckoa,DC=local"
$domain = "srckoa.local"
$Password = "YourP@ssw0d"

foreach ($u in $csv) {

    #Creating Organizational Unit
    try {
        New-ADOrganizationalUnit -Name $u.OU -path $path #-WhatIf
    }
    catch {
        Write-Host "OU $($u.OU) ready for receiving user accounts" -ForegroundColor Yellow
    }
    
    #Creating user account in the previous created orgnizational Unit
    New-ADUser -Name $u.DisplayName`
        -GivenName $u.GivenName`
        -Surname $u.surname`
        -SamAccountName $u.samAccountName`
        -UserPrincipalName $($u.givenName + "." + $u.surname + "@$domain")`
        -Department $u.Department`
        -DisplayName $u.DisplayName`
        -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force)`
        -Path ("OU=" + $u.OU + "," + $path)`
        -Enabled $true `
        -ChangePasswordAtLogon $true

}

Ce script va crĂ©er les comptes utilisateurs dans les unitĂ©s d’organisations qui sont indiquĂ©es dans la colonne OU. Toutes les crĂ©ations vont se faire sous une OU racine appelĂ©e SITES que nous avons indiquĂ©e dans le script.

Une démo est disponible ici :

Jean-Marie AGBO 1:53 pm on 30 October 2019  

How to grant read-only permission on a MailBox

In this post I will show you how to grant user Perry Brill read-only permission on the mailbox of Joe Dan using PowerShell.

The first thing to do is to find all the folders present in Serge Boss mailbox then grant read only permission on those folders to John Doe.

Let’s go with the fistr step :

To find the folders in the mailbox, use the below commandline 

Get-MailboxFolderStatistics -Identity <mailbox identity> | Select-Object Identity

To grant access to a particular folder, use this commandline

Add-MailboxFolderPermission -Identity <Folder Identity> -User <User who needs access> -AccessRights <Type of Access>

To grant read-only access to all the folders, you must apply the previous command to all the folder. The easiest way is to use a loop. I propose you a function to reach that goal.

function Add-PermissionOnAllMailboxFolders {
    param (
        [Parameter(Mandatory = $true)]
        $Identity,

        [Parameter(Mandatory = $true)]
        $User,

        [Parameter(Mandatory = $true)]
        [validateSet("Author","Reviewer","Contributor")] #Find complete list of permission on https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxfolderpermission?view=exchange-ps
        $AccessRights
    )

    $ExcludeFolders = ":\Top of Information Store",":\Recoverable Items",":\Audits",":\Calendar Logging",":\Deletions",":\DiscoveryHolds",":\Purges",":\SubstrateHolds",":\Versions",":\Sync Issues",":\Yammer Root"
    $alias = (Get-Mailbox -Identity $Identity).alias
    
    Add-MailboxFolderPermission "$($alias):\" -User $User -AccessRights $AccessRights

    (Get-MailboxFolderStatistics -Identity $alias).Identity | Foreach-object {
        $folder = $_.replace("$alias\","$($alias):\")
        if ($folder.replace("$alias","") -notin $ExcludeFolders) {
            Add-MailboxFolderPermission $folder -User $User -AccessRights $AccessRights
        }
    }

}

Run the script to load the function and then use the commands below to grant the permissions according to your need

To grant read-only permission

#Reviewer : FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Reviewer

To grant the other type of permission

#Author : CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Author

#Contributor : CreateItems, FolderVisible
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Contributor

Now you can add the mailbox to the user Outlook and access it content

The mailbox now appears in your outlook.

Jean-Marie AGBO 5:14 am on 22 August 2019  

Directly assigned or Inherited Office 365 Licenses ?

Hello, today I am sharing with you an interesting Office 365 script that I hope will help you. This script will tell you how licenses are assigned to a set of user in your Office 365 tenant : Direct or Inherited ?

My script consists of 2 parts, the first determines License Plans assigned to a user account, the second one dertermines the Licenses paths (Direct or Inherited).

function Get-LicensePlan {

    param (

        [Parameter(Mandatory=$true)]
        [String]$SkuId,
        [Parameter(mandatory=$true)]
        [String]$TenantName

    )

    Switch($SkuId){

                      "$($TenantName):AAD_PREMIUM" {return "AAD Premium P1"}
                   "$($TenantName):AX7_USER_TRIAL" {return "D_AX7.0 TRIAL"}
          "$($TenantName):DYN365_ENTERPRISE_P1_IW" {return "D365 ETR P1"}
              "$($TenantName):DYN365_RETAIL_TRIAL" {return "D365 CRM TRIAL"}
                              "$($TenantName):EMS" {return "EMS_E3"}
                       "$($TenantName):EMSPREMIUM" {return "EMS_E5"}
                     "$($TenantName):DESKLESSPACK" {return "F1"}
                     "$($TenantName):STANDARDPACK" {return "E1"}
                   "$($TenantName):ENTERPRISEPACK" {return "E3"}
                "$($TenantName):ENTERPRISEPREMIUM" {return "E5"}
                        "$($TenantName):FLOW_FREE" {return "FLOW FREE"}
                      "$($TenantName):INTUNE_A_VL" {return "INTUNE"}
                       "$($TenantName):MCOMEETADV" {return "SFB PSTN Conf"}
        "$($TenantName):MICROSOFT_BUSINESS_CENTER" {return "MBC"}
                     "$($TenantName):POWER_BI_PRO" {return "PBI PRO"}
                "$($TenantName):POWER_BI_STANDARD" {return "PBI STD"}
        "$($TenantName):POWERAPPS_INDIVIDUAL_USER" {return "PAPPS IND User"}
                  "$($TenantName):POWERAPPS_VIRAL" {return "PAPPS and LOGIC FLOW"}
                   "$($TenantName):PROJECTPREMIUM" {return "PJ Online"}
                           "$($TenantName):STREAM" {return "STREAM"}
                "$($TenantName):VISIOONLINE_PLAN1" {return "VISIO P1"}
              "$($TenantName):WACONEDRIVESTANDARD" {return "OD P1"}
                      "$($TenantName):WIN_DEF_ATP" {return "WDF ATP"}
                                           default {return $SkuId.Replace("$($TenantName):","")}
    }

}

With the function Get-LicensePlan, we know what licenses are assigned to a user based on the SkuId. The following second function Get-LAPATH (Get-LicenseAssingmentPaths) will tell us if the licenses are Direct assigned or Inherited from a group.

 

function Get-LAPATH{

    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [string]$UPN
    )

    Begin{
        Get-Date
        Write-Host "## Data processing stated at $(Get-date)" -ForegroundColor Yellow
        Write-Host ""
        $TenantName = ((Get-MsolAccountSku).AccountSkuId[0] -split(':'))[0]
    }

    Process{
        
        Write-Host ""
        Write-Host "Working on $UPN" -ForegroundColor Green
        $User = Get-MsolUser -UserPrincipalName $UPN

        #Getting assignment paths
        $LicensesTab = $null
        $LicensePlan = $null
        $LicTabCount = 0
        $LicensesTab = $User.Licenses | Select-Object AccountSkuId, GroupsAssigningLicense

        if($LicensesTab){

            Write-Host "License Enabled : True" -ForegroundColor Yellow

            $i = 0 #(Measure-Object -InputObject $LicensesTab).Count
            $LicTabCount = $LicensesTab.AccountSkuId.Count

            Do{

                #Getting License Plan
                $LicensePlan = Get-LicensePlan -SkuId $LicensesTab[$i].AccountSkuId -TenantName $TenantName

                #Getting License Paths
                [System.Collections.ArrayList]$LicensePath = @()

                if($LicensesTab[$i].GroupsAssigningLicense){

                    foreach ($Guid in $LicensesTab[$i].GroupsAssigningLicense.guid){

                        if($Guid -eq $User.ObjectId.Guid){
                            $LicensePath.Add("Direct") | Out-Null
                        }
                        else{
                            $LicensePath.Add((Get-MsolGroup -ObjectId $Guid).DisplayName) | Out-Null
                        }

                    }
                }
                else{
                    $LicensePath.Add("Direct") | Out-Null
                }

                Write-Host "$LicensePlan : $([String]::Join(",",$LicensePath.ToArray()))" -ForegroundColor Yellow
                $i++

            }
            While ($i -ne $LicTabCount)
        }
        else {
            Write-Host "License Enabled : false" -ForegroundColor Red
        }
    }

    End{
        Write-Host ""
        Write-Host "## Data Processing ended on $(Get-Date)" -ForegroundColor Yellow
    }

}

Now that everything is set, let’s talk about how to use this script to achieve your goal. Of course, for running this script, you need to have Microsoft Online Services PowerShell installed on your computer (PowerShell Module For Office 365) and a read access permissions on your Office 365 Admin portal to see users configuration,  ideally User Management Role.

  • To see Office 365 license assginment paths for one user
"<UserPrincipalName>" | Get-LAPATH

Get-LAPATH_multiples_One

The user james.bond@acidalien.fr has 3 licenses plans assigned:

  1. FLOW FREE inherited from the license group GRP-FLOW-FREE
  2. FLOW FREE directly assigned
  3. DEVELOPERPACK directly assigned
  • To see Office 365 license assignment paths for several users 

From a Powershell table

"<User1 upn>" ,"<User2 upn>","..." | Get-LAPATH

Get-LAPATH_multiples_2

From a file containing the list of UserPrincipalName :

Get-LAPATH_multiples_File

Get-Content -Path <File path.txt> | Get-LAPATH

Get-LAPATH_multiples

Et voilà 🙂

Jean-Marie AGBO 10:45 am on 12 July 2019  

Microsoft Teams – Unable to create Team from existing Group

Hello, I share with you in this post a workaround to create a Team in Microsoft Teams from an existing group.

Open an Exchange Online PowerShell and run this command line to get the InboxUrl of the group you want to create a Team from.

Get-UnifiedGroup -Identity <Your UnifiedGroup Identity> | Select InboxUrl

1

Use a browser and connect to the InboxUrl of the UnifiedGroup (OWA). In the mailbox, select the group header and open the associated SharePoint site.

2

This action provisions the SharePoint Site, now you can create a Team

3

If you see the below error, don’t worry, refresh the browser.

4.png

The Teams has been provisioned.

5.png

Click to open Teams

6.png

You are done !

Jean-Marie AGBO 11:01 am on 10 May 2019
Tags: ,   

Exchange Online Powershell module installation error – Application cannot be started. Contact the application vendor

This morning when trying to install the PowerShell Module for Exchange Online from the ECP,

Install Exchange Online PowerShell

I came accross this error message

Exchange Online - Cannot Start Application

Even though this is not a very serious issue, it may cause you lose your time.

So to avoid this error message, use INTERNET EXPLORER to connect to the ECP and then the INSTALLATION WILL BE POSSIBLE.

Thank you.

Jean-Marie AGBO 8:56 am on 13 February 2019
Tags: Microsoft Teams   

Cannot change Profile Picture on Teams

One day, an Office 365 user asked me why he cannot change his Teams Profile Picture. After a few check, we found that a license option was missing on his Office 365 user account. This user account was missing an Exchange Online license.

So, to enable picture adding to a Teams profile, you need to have an Exchange Online license enabled for this profile. Once it’s done, wait for un while or restart Teams and you will see the “Change picture” option appear.

Teams Profile picture

To understand how Microst Teams interacts with Exchange Online, you can read the following complete Microsoft article https://docs.microsoft.com/en-us/MicrosoftTeams/exchange-teams-interact

 

Jean-Marie AGBO 10:21 pm on 31 January 2019
Tags: ,   

Check if an email address or a UserPrincipalName is already used by an account in your Office 365 tenant

Did you ever need to find in your Office 365 tenant :

  • What object is using a specific email address or UserPrincipalName ?
  • What object is preventing an Active Directory account from syncing because of duplicated email address or UserPrincipalName ?
  • Where are them located in your tenant : in Users, in Contacts or in Deleted users ?

If yes, this article may help you achieve your goal. Find below how to process. To install the Microsoft Online Service Module for Powershell, please follow the instruction in the paragraph Connect with the Microsoft Azure Active Directory Module for Windows PowerShell of this link :

https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

When you are ready, open a Powershell console and Sign in to your Office 365 tenant with an Admin Account using this command line

Connect-MsolService

Run the below Powershell fonction :

function Get-ConflictingAttributes {

  [Cmdletbinding()]
  param (
    [Parameter(mandatory=$true)]
    [String]$SearchValue
  )

  $SearchTable = @{}
  Write-Host "Searching began :" $(Get-Date) -ForegroundColor Green

  #Searching in all ProxyAddresses
  Write-Host "Searching User and Guest accounts" $(Get-Date) -ForegroundColor Yellow
  $User = Get-MsolUser -All | Where-Object {($_.UserPrincipalName -match $SearchValue) -or ($_.ProxyAddresses -match $SearchValue)}

  #Searching in all deleted users
  Write-Host "Searching Deleted accounts" $(Get-Date) -ForegroundColor Yellow
  $Del = Get-MsolUser -All -ReturnDeletedUsers | Where-Object {($_.UserPrincipalName -match $SearchValue) -or ($_.ProxyAddresses -match $SearchValue)}

  #Searching in contacts
  Write-Host "Searching Contacts" $(Get-Date) -ForegroundColor Yellow
  $Contact = Get-MsolContact -All | Where-Object {$_.EmailAddress -match $SearchValue}

  Write-Host "Searching ended :" $(Get-Date) -ForegroundColor Green

  if ($User){
    $SearchTable.Add($User.UserType,$User) | Out-Null
  }

  if ($Del){
    $SearchTable.Add($Del.UserType,$Del) | Out-Null
  }

  if ($Contact){
    $SearchTable.Add("Contact",$Contact) | Out-Null
  }

  return $SearchTable

}

Now, suppose that you want to know which account in your Office 365 tenant is using the email address john.doe@koafric.com, it’ simple, run this command line in the Powershell console you previously opened :

$Result = Get-ConflictingAttributes -SearchValue "john.doe@koafric.com"

To see the result :

Get-ConflictingAttributes

We can see that the object using the value “john.doe@koafric.com” is a contact and this value is set on his EmailAddress.