It is becoming more common to externalize services like e-mail or lync to the cloud (Office 365) and Microsoft offers a web portal https://login.microsoftonline.com/ to control the hired licenses to your users.
But it also offers the possibility to do it with powershell commands:
import-module msonline $LiveCred=get-credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection Import-PSSession $Session connect-msolservice -credential $LiveCred get-msoluser -all|?{$_.islicensed -eq $true} Remove-PSSession $SessionHere there is a lack of information of the account that has a license asigned, so why not query AD attributes for each result to have a full report? In my case we have a domain with some subdomains so I query a Global Catalog (GC://) instead of the usual LDAP://.
Function get-ADuser($UPN) { $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = New-Object ADSI("GC://dc=dominio,dc=local") $objSearcher.Filter = "(&(objectcategory=person)(objectClass=user)(userprincipalname=$UPN))" $Result1=$objSearcher.findone() if ($Result1 -ne $NULL){$objuser=$Result1.GetDirectoryEntry()} else{$objuser=$null} return $objuser } ##main## Try{import-module msonline -ErrorAction Stop} Catch{Write-Warning $_;Break} #load credentials to connect Office365 $credfile=".\$($env:username).cred" if (!(test-path -path $credfile)){$creds=get-credential $creds.GetNetworkCredential().username|out-file $credfile $creds.GetNetworkCredential().Password|ConvertTo-SecureString -AsPlainText -Force|convertfrom-securestring|out-file $credfile -append } $storedcreds = get-content ($credfile) $username=$storedcreds[0] $password = ConvertTo-SecureString $storedcreds[1] $LiveCred = New-Object System.Management.Automation.PSCredential ($username, $password) #conecto con Office365 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection Import-PSSession $Session connect-msolservice -credential $LiveCred out-file ".\Office365Licenses.csv" -input "userprincipalname displayname usagelocation lync2 lync3 exch domain samaccountname company estado whenChanged" get-msoluser -all|?{$_.islicensed -eq $true}|%{ $estado=$domain=$lync2=$lync3=$exch=$samaccountname=$company=$whenChanged=$dn=$domain=$null foreach ($license in $_.licenses.servicestatus.serviceplan.servicename) { switch ($license) { "MCOSTANDARD"{$lync2="SI";break} "MCOVOICECONF"{$lync3="SI";break} "EXCHANGE_S_STANDARD"{$exch="SI"} } } $objuser=get-ADuser $_.userprincipalname if ($objuser -ne $null) { $samaccountname=$objuser.samaccountname $company=$objuser.company $dn=[string]$objuser.distinguishedname $domain=$dn.substring($dn.indexof("DC=")) $whenChanged=get-date($objuser.whenChanged.tostring()) -uformat "%d/%m/%Y" if ((2 -band [string]$objuser.userAccountControl) -ne "0"){$estado="DISABLED"}else{$estado="ENABLED"} } write-host "." -nonewline out-file ".\Office365Licenses.csv" -input "$($_.userprincipalname) $($_.displayname) $($_.usagelocation) $lync2 $lync3 $exch $domain $samaccountname $company $estado $whenChanged" -append }#end of listing msolusers Remove-PSSession $Session
Comments
Post a Comment