Manage Office 365 using PowerShell

Office 365 includes two infrastructures that can manage by using PowerShell: Office 365 and Exchange Online. When we use the term “Office 365”, the meaning is the part that serves as an “envelope” to all other Office 365 Services/Applications.

This part includes components such as user and group object (Windows Azure Active Directory), Domain name’s management, mail migration, SSO (Single sign on), subscription and license management, etc. In this article, we will review some popular administrative task using PowerShell.

Table of contents

Connect to Azure Active Directory

Before you start, connect to Azure Active Directory. Suppose you don’t have the Azure AD module, install it first.

Connect-MsolService

Section A: Office 365 users Password management

Set Password never expired for Office 365 user

PowerShell command syntax:

Set-MsolUser -UserPrincipalName <Identity> -PasswordNeverExpires $True

PowerShell command example:

Set-MsolUser -UserPrincipalName John@o365info.com -PasswordNeverExpires $True

Disable Password never expired option for Office 365 user

PowerShell command syntax:

Set-MsolUser -UserPrincipalName <Identity> -PasswordNeverExpires $False

PowerShell command example:

Set-MsolUser -UserPrincipalName John@o365info.com -PasswordNeverExpires $False

Set Password never expired for ALL Office 365 users (BulkMode)

PowerShell command syntax:

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True

Set a Predefined Password for Office 365 user

PowerShell command syntax:

Set-MsolUserPassword -UserPrincipalName <Identity> -NewPassword <Password> -ForceChangePassword $False

PowerShell command example:

Set-MsolUserPassword -UserPrincipalName John@o365info.com -NewPassword ww#322x -ForceChangePassword $False

Set a Predefined Password for Office 365 users imported from a CSV File

Step 1: Export Office 365 users account.

PowerShell command syntax:

Get-MsolUser | Select UserPrincipalName | Export-CSV

PowerShell command example:

Get-MsolUser | Select UserPrincipalName | Export-CSV c:\temp\o365users.csv

Step 2: Set a predefined password.

PowerShell command syntax:

Import-CSV | % {Set-MsolUserPassword -userPrincipalName $_.UserPrincipalName -NewPassword -ForceChangePassword $False}

PowerShell command example:

Import-CSV C:\Temp\o365users.csv | % {Set-MsolUserPassword -UserPrincipalName $_.UserPrincipalName -NewPassword AbcAs123 -ForceChangePassword $False}

Create new Office 365 user and set a unique temporary password by import the information from CSV file

PowerShell command example:

Import-Csv -Path C:\Temp\Users.csv| ForEach-Object { New-MsolUser -UserPrincipalName $_.UserPrincipalName -FirstName $_.FirstName -LastName $_.LastName -DisplayName "$($_.FirstName) $($_.LastName)" -Password $_.Password -UsageLocation "US" }

Set a Temporary Password for a specific user

PowerShell command syntax:

Set-MsolUserPassword -UserPrincipalName <Identity> -NewPassword -ForceChangePassword $True

PowerShell command example:

Set-MsolUserPassword -UserPrincipalName John@o365info.com -NewPassword ww@322x -ForceChangePassword $True

Set a Temporary Password for all Office 365 users (BulkMode)

PowerShell command syntax:

Get-MsolUser | Set-MsolUserPassword -NewPassword -ForceChangePassword $False

PowerShell command example:

Get-MsolUser | Set-MsolUserPassword -NewPassword ww#322x -ForceChangePassword $False

Set Office 365 Password Policy

PowerShell command syntax:

Set-MsolPasswordPolicy -DomainName -NotificationDays -ValidityPeriod

PowerShell command example:

Set-MsolPasswordPolicy -DomainName o365info.com -NotificationDays 15 -ValidityPeriod 180

Display Password settings for all Office 365 users

PowerShell command syntax:

Get-MsolUser | Select UserPrincipalName,PasswordNeverExpires

Display information about Office 365 Password Policy

PowerShell command syntax:

Get-MsolPasswordPolicy -DomainName

PowerShell command example:

Get-MsolPasswordPolicy -DomainName o365info.com

Section B: User Principal Name (UPN) management

Change User login name “(UPN)” for a specific user

PowerShell command syntax:

Set-MsolUserPrincipalname -UserPrincipalName <Identity> -NewUserPrincipalName

PowerShell command example:

Set-MsolUserPrincipalname -UserPrincipalName John@o365info.onmicrosoFT.com -NewUserPrincipalName John@o365info.com

Change user login name “(UPN)” for ALL Office 365 users, exclude admin (BulkMode)

PowerShell command syntax:

Get-MsolUser | Where { -Not $_.UserPrincipalName.ToLower().StartsWith("admin@") } | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split("@")[0] + "@") }

Section C: License management

Display information about service that included in Specific license plan

PowerShell command syntax:

Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPACK'} | ForEach-Object {$_.ServiceStatus}

Display information about available licenses type

PowerShell command syntax:

Get-MsolAccountSku

Display information about all users and there licenses type

PowerShell command syntax:

Get-MsolUser -All | FT Displayname,Licenses

Display information about specific license plan

PowerShell command syntax:

Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPACK'}

Display information about Subscription

PowerShell command syntax:

Get-MsolSubscription | FL DateCreated, NextLifecycleDate,SkuPartNumber,Status,TotalLicenses

Display all Users with license

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -like "True"} | FT DisplayName,licenses,islicensed

Display all Users without a license

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -like "False"}

Display information about License Options assigned to User

PowerShell command syntax:

(Get-MsolUser -UserPrincipalName ).Licenses[0].ServiceStatus

Display information about License Options assigned to ALL Users

PowerShell command syntax:

Get-MsolUser -all | ForEach-Object { "============="; $_.DisplayName; $_.licenses[0].servicestatus }

Bulk licensing: Assign license by using CSV File

PowerShell command syntax:

Import-CSV -Path <Path> | ForEach-Object { New-MsolUser -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -DisplayName "$($_.FirstName) $($_.LastName)" -LicenseAssignment '' -UsageLocation }

PowerShell command example:

Import-CSV -Path C:\Temp\User-lic.csv | ForEach-Object { New-MsolUser -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -DisplayName "$($_.FirstName) $($_.LastName)" -LicenseAssignment 'o365info:ENTERPRISEPACK ' -UsageLocation US }

Assign license by importing from a file + Export to file and save password

PowerShell command syntax:

Import-CSV -Path | ForEach-Object { New-MsolUser -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -DisplayName "$($_.FirstName) $($_.LastName)" -LicenseAssignment '' -UsageLocation } | Export-Csv -Path -NoTypeInformation

PowerShell command example:

Import-CSV -Path C:\Temp\User-lic.csv | ForEach-Object { New-MsolUser -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -DisplayName "$($_.FirstName) $($_.LastName)" -LicenseAssignment 'o365info:ENTERPRISEPACK ' -UsageLocation US } | Export-Csv -Path c:\temp\users-Password.csv -NoTypeInformation

Assign license for all the Office 365 that Don’t have license (BulkMode)

Step 1: The first command will display a list of available license types.

PowerShell command syntax:

Get-MsolAccountSku

Step 2: The second command will be used for assigning the license.

PowerShell command syntax:

Get-MsolUser -UnlicensedUsersOnly | Set-MsolUserLicense -AddLicenses <License>

PowerShell command example:

Get-MsolUser -UnlicensedUsersOnly | Set-MsolUserLicense -AddLicenses o365info:ENTERPRISEPACK

Assign specific service for Office 365 user

SKU Part Number’s reference:

  1. ENTERPRISEPACK (Enterprise Plan E3)
  2. OFFICESUBSCRIPTION (Office ProPlus)
  3. MCOSTANDARD (Skype for Business Online Standalone Plan 2)
  4. SHAREPOINTWAC (Office Online)
  5. SHAREPOINTENTERPRISE (SharePoint online)
  6. EXCHANGE_S_ENTERPRISE (Exchange online)
  7. DESKLESSWOFFPACK (Office 365 (Plan K2)
  8. SHAREPOINTWAC (Office Online)
  9. SHAREPOINTDESKLESS (SharePoint Online Kiosk)
  10. EXCHANGE_S_DESKLESS (Exchange Online Kiosk)
  11. EXCHANGEARCHIVE_ADDON (Exchange Online Archiving For Exchange Online)

Step 1: The first command will display information about the service that is included in the specific license plan.

PowerShell command syntax:

Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq 'ENTERPRISEPACK'} | ForEach-Object {$_.ServiceStatus}

Step 2: The second command will Create a variable named $OnlyOffice that will “contain” the values of all disabled services besides Office.

$OnlyOffice = New-MsolLicenseOptions -AccountSkuId -DisabledPlans MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,EXCHANGE_S_ENTERPRISE

Step 3: The third command will assign a license to a user by using the variable the disable all other services besides the Office service.

Set-MsolUserLicense -UserPrincipalName -LicenseOptions $OnlyOffice

Set location for unlicensed users

Get-MsolUser -UnlicensedUsersOnly | Set-MsolUser -UsageLocation US

Bulk removal of unlicensed users

PowerShell command syntax:

Get-MsolUser -all | Where-Object {$_.isLicensed -ne "true"}| Remove-MsolUser -Force

Export information about users without a License

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -like "False"} | Export-CSV

PowerShell command example:

Get-MsolUser | Where-Object {$_.isLicensed -like "False"} | Export-CSV C:\Temp\Unlicensed-Users.csv -NoTypeInformation

Section D: Usage location management

Set Usage location for Specific user

PowerShell command syntax:

Set-MsolUser -UserPrincipalName -UsageLocation

PowerShell command example:

Set-MsolUser -UserPrincipalName user@o365info.com -UsageLocation US

“fix” Usage location for Office 365 users

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.usagelocation -ne ""} | Set-MsolUser -UsageLocation ""

PowerShell command example:

Get-MsolUser | Where-Object {$_.usagelocation -ne "US"} | Set-MsolUser -UsageLocation "US"

Set Usage location for un-licensed Office 365 users

PowerShell command syntax:

Get-MsolUser -UnlicensedUsersOnly | Set-MsolUser -UsageLocation

PowerShell command example:

Get-MsolUser -UnlicensedUsersOnly | Set-MsolUser -UsageLocation US

Set Usage location to users from specific department

PowerShell command syntax:

Get-MsolUser | Where {$_.Department -eq ""} |Set-MsolUser -UsageLocation

PowerShell command example:

Get-MsolUser | Where {$_.Department -eq "mrkt"} |Set-MsolUser -UsageLocation US

Section E: Display and Export information about Office 365 environment

Display a list of Office 365 users

PowerShell command syntax:

Get-MsolUser

Display a list of Office 365 Global Administrators

PowerShell command syntax:

Get-MsolRoleMember -RoleObjectId .ObjectId | Select DisplayName,EmailAddress

PowerShell command example:

Get-MsolRoleMember -RoleObjectId "Company Administrator".ObjectId | Select DisplayName,EmailAddress

Display list of services assigned to user

PowerShell command syntax:

Get-MsolUser -all | ForEach-Object { "============="; $_.DisplayName; $_.licenses[0].servicestatus }

Display list of users and their current License

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -eq "TRUE"} | Select Displayname,Licenses

Find users UPN with a specific Domain name suffix

PowerShell command syntax:

Get-MsolUser -DomainName | FT UserPrincipalName

PowerShell command example:

Get-MsolUser -DomainName o365info.com | FT UserPrincipalName

Display a list of user from a specific department

PowerShell command syntax:

Get-MsolUser | Where {$_.Department -eq ""}

PowerShell command example:

Get-MsolUser | Where {$_.Department -eq "Mrkt"}

Export list of users and their License to CSV file

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -eq "TRUE"} | Select Displayname,Licenses

PowerShell command example:

Get-MsolUser | Where-Object {$_.isLicensed -eq "TRUE"} | Select Displayname,Licenses > c:\temp\Licenses.txt

Export information about Office 365 users mailbox to CSV file | Export list of all Office 365 users

PowerShell command syntax:

Get-MsolUser | Select DisplayName,FirstName,LastName,UserPrincipalName,MobilePhone,PhoneNumber,Office,Fax,StreetAddress,PostalCode,City,Country,State,Department,IsLicensed,PreferredLanguage,Title,UsageLocation | Export-CSV

Export information about Office 365 users mailbox to CSV file | Export list of all Office 365 users with License

PowerShell command syntax:

Get-MsolUser | Where-Object {$_.isLicensed -eq "TRUE"} | Export-CSV

Export information about Office 365 users mailbox to CSV file | Export list of all Office 365 users without License

PowerShell command syntax:

Get-MsolUser -UnlicensedUsersOnly | Export-CSV

Export list of o365 users UPN + Email Address to HTML file

PowerShell command syntax:

$htstyle = "Get-MsolUser | Select UserPrincipalName,FirstName,LastName,DisplayName,@{Name="ProxyAddresses";Expression={$_.ProxyAddresses | ForEach-Object {$_.tostring() + "`n"}}} | ConvertTo-Html -head $htstyle -Body "Office 365 users list" | Out-File c:\temp\o365users.htm

Section F: Office 365 Recycle bin

Delete Office 365 User Account

PowerShell command syntax:

Remove-MsolUser -UserPrincipalName

PowerShell command example:

Remove-MsolUser -UserPrincipalName John@o365info.com

Delete Office 365 User Account Without a license (BulkMode)

PowerShell command syntax:

Get-MsolUser -all | Where-Object {$_.isLicensed -ne "true"}| Remove-MsolUser -Force

Restore Deleted User account by using the User UPN

PowerShell command syntax:

Restore-MsolUser -UserPrincipalName -AutoReconcileProxyConFLicts -NewUserPrincipalName

PowerShell command example:

Restore-MsolUser -UserPrincipalName user1@o365info.com -AutoReconcileProxyConFLicts -NewUserPrincipalName user1@o365info.com

Restore Deleted User account by using the User GUID

PowerShell command syntax:

Restore-MsolUser -ObjectId -AutoReconcileProxyConFLicts -NewUserPrincipalName

PowerShell command example:

Restore-MsolUser -ObjectId b9e82087-ad92-4632-a219-d779c29d2edd -AutoReconcileProxyConFLicts -NewUserPrincipalName user1@o365info.com

Delete (Remove) Specific user account from the Recycle bin

PowerShell command syntax:

Remove-MsolUser -ObjectId -RemoveFromRecycleBin -Force

PowerShell command example:

Remove-MsolUser -ObjectId b9e82087-ad92-4632-a219-d779c29d2edd -RemoveFromRecycleBin -Force

Delete (Remove) ALL user account from the Recycle bin (BulkMode)

PowerShell command syntax:

Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Display a list of ALL deleted User accounts

PowerShell command syntax:

Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID

Display information about Specific deleted User account

PowerShell command syntax:

Get-MsolUser -ReturnDeletedUsers -SearchString | FL UserPrincipalName, ObjectID

PowerShell command example:

Get-MsolUser -ReturnDeletedUsers -SearchString user1@o365info.com | FL UserPrincipalName,ObjectID

Delete Office 365 User Account

PowerShell command syntax:

Remove-MsolUser -UserPrincipalName

PowerShell command example:

Remove-MsolUser -UserPrincipalName John@o365info.com
The o365info Team

The o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

Twitter

What Others Are Reading

This Post Has 5 Comments

  1. Hi All,

    How can I export out those user account is been disabled from office 365 into cvs files?

    Reply

  3. Just an FYI – at present, if you set PasswordNeverExpires for an account to $true, then the user can’t change their password in OWA. They will get a message along the lines of “Sorry, you can’t change your password here. Contact your administrator.”

    The fix seems to be to set the domain’s password policy (Set-MsolPasswordPolicy) so that passwords expire far into the future (9999 days is good), then set PasswordNeverExpires to $false. This will allow users to change their password if they want, but won’t force them to any time soon.

    Reply

    1. Hi, I need to move all of our users from one licence type to another. Any ideas how we can do that? I think we need to remove their licences then re-add them. Unfortunately I couldn’t find exactly what I needed on here.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *