It is becoming more common to externalize services like e-mail or lync to the cloud (Office 365) and Microsoft offers a web portal https://login.microsoftonline.com/ to control the hired licenses to your users.
But it also offers the possibility to do it with powershell commands:
import-module msonline
$LiveCred=get-credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
connect-msolservice -credential $LiveCred
get-msoluser -all|?{$_.islicensed -eq $true}
Remove-PSSession $Session
Here there is a lack of information of the account that has a license asigned, so why not query AD attributes for each result to have a full report?
In my case we have a domain with some subdomains so I query a Global Catalog (GC://) instead of the usual LDAP://.
Function get-ADuser($UPN)
{
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object ADSI("GC://dc=dominio,dc=local")
$objSearcher.Filter = "(&(objectcategory=person)(objectClass=user)(userprincipalname=$UPN))"
$Result1=$objSearcher.findone()
if ($Result1 -ne $NULL){$objuser=$Result1.GetDirectoryEntry()}
else{$objuser=$null}
return $objuser
}
##main##
Try{import-module msonline -ErrorAction Stop}
Catch{Write-Warning $_;Break}
#load credentials to connect Office365
$credfile=".\$($env:username).cred"
if (!(test-path -path $credfile)){$creds=get-credential
$creds.GetNetworkCredential().username|out-file $credfile
$creds.GetNetworkCredential().Password|ConvertTo-SecureString -AsPlainText -Force|convertfrom-securestring|out-file $credfile -append
}
$storedcreds = get-content ($credfile)
$username=$storedcreds[0]
$password = ConvertTo-SecureString $storedcreds[1]
$LiveCred = New-Object System.Management.Automation.PSCredential ($username, $password)
#conecto con Office365
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
connect-msolservice -credential $LiveCred
out-file ".\Office365Licenses.csv" -input "userprincipalname displayname usagelocation lync2 lync3 exch domain samaccountname company estado whenChanged"
get-msoluser -all|?{$_.islicensed -eq $true}|%{
$estado=$domain=$lync2=$lync3=$exch=$samaccountname=$company=$whenChanged=$dn=$domain=$null
foreach ($license in $_.licenses.servicestatus.serviceplan.servicename)
{
switch ($license)
{
"MCOSTANDARD"{$lync2="SI";break}
"MCOVOICECONF"{$lync3="SI";break}
"EXCHANGE_S_STANDARD"{$exch="SI"}
}
}
$objuser=get-ADuser $_.userprincipalname
if ($objuser -ne $null)
{
$samaccountname=$objuser.samaccountname
$company=$objuser.company
$dn=[string]$objuser.distinguishedname
$domain=$dn.substring($dn.indexof("DC="))
$whenChanged=get-date($objuser.whenChanged.tostring()) -uformat "%d/%m/%Y"
if ((2 -band [string]$objuser.userAccountControl) -ne "0"){$estado="DISABLED"}else{$estado="ENABLED"}
}
write-host "." -nonewline
out-file ".\Office365Licenses.csv" -input "$($_.userprincipalname) $($_.displayname) $($_.usagelocation) $lync2 $lync3 $exch $domain $samaccountname $company $estado $whenChanged" -append
}#end of listing msolusers
Remove-PSSession $Session
Comments
Post a Comment