Infrastruktur

Update: Assign Office 365 licenses based on Active Directory groups (version 1.1)

05.12.2017 07:51

Several months ago, I published a PowerShell script to assign Office 365 licenses to user accounts based on their on-premises Active Directory group memberships (original post). I received a lot of great feedback for that script and added some bugfixes and support for multiple assigned licenses. Multiple assigned licenses will occur if your users are using multiple Office 365 services, like Intunes and Office 365 E3, or maybe Windows E3 for instance.

Like all my new coding project you’ll also find the PowerShell script on GitHub:
https://github.com/michaelmiklis/Set-MSOLLicenseToADGroupMembers.ps1

You just need to modify the on the end to match your environment (username, password, group names, e.g.):

######################################################################
## (C) 2017 Michael Miklis (michaelmiklis.de)
##
##
## Filename:      Set-MSOLLicenseToADGroupMembers.ps1
##
## Version:       1.1
##
## Release:       Final
##
## Requirements:  -none-
##
## Description:   Assign Office 365 Licenses based on Active Directory
##                Groups.
##
## This script is provided 'AS-IS'.  The author does not provide
## any guarantee or warranty, stated or implied.  Use at your own
## risk. You are free to reproduce, copy & modify the code, but
## please give the author credit.
##
####################################################################
Set-PSDebug -Strict
Set-StrictMode -Version latest
  
 
function Set-MSOLLicenseToADGroupMembers {
    <#
    .SYNOPSIS
    Assigns Office 365 Licenses to Members of AD-Group
  
    .DESCRIPTION
    The Set-MSOLLicenseToADGroupMembers CMDlet gets all users from a
    specified AD-Group and assigns a specified Office 365 License to
    the corresponding Office 365 identities
  
    .PARAMETER GroupName
    Name of the Active Group
  
    .PARAMETER License
    Name of the License
 
    .PARAMETER UsageLocation
    Name of the Location
  
    .EXAMPLE
    Set-MSOLLicenseToADGroupMembers -GroupName "Office365_E3" -License "contoso:ENTERPRISEPACK"
 
    #>
      
    param (
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$GroupName,
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$License,
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$LicenseName,
        [parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]$UsageLocation="DE"
    )
 
    foreach ($User in (Get-ADGroupMember -Identity $GroupName)) {
    $User = Get-ADUser -Identity $User -Properties UserPrincipalName
    $MsOlUser =  Get-MsolUser -UserPrincipalName $User.UserPrincipalName -ErrorAction SilentlyContinue 
 
    if ($MsOlUser -ne $null) {
        Write-Host ("Found Office 365 User: " + $MsOlUser.UserPrincipalName)
            Set-MsolUser -UserPrincipalName $User.UserPrincipalName -UsageLocation $UsageLocation
 
        if ($MSOlUser.IsLicensed -eq $false) {
            Write-Host ("User not licensed - assigning license: " + $LicenseName)

            Set-MSOLUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $LicenseName
            Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -LicenseOptions $License
        }
        else {
            foreach ($UserLicense in $MSOLUser.Licenses)
            {
                if ($UserLicense.AccountSkuId -eq $LicenseName)
                {
                    $UserLicensePresent = $true
                    break
                }
            }


            if ($UserLicensePresent -eq $false) {
                Write-Host ("User licensed, but not with correct license - assigning license: " + $LicenseName)

                Set-MSOLUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $LicenseName
                Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -LicenseOptions $License
            }
            else {
                Write-Host ("User has already a correct license assigned: " + $LicenseName)
            }
        }
    }
    }
 
}
 
Import-Module MSOnline
 
$Username = "xxxxx"
$Password = "xxxxx"
 
# Convert the plain text password to a secure string
$SecurePassword=ConvertTo-SecureString –String $Password –AsPlainText –force
$Credential=New-object System.Management.Automation.PSCredential $Username,$SecurePassword
 
# Create new Office 365 license options
$LicenseOfficeProPlus = New-MsolLicenseOptions -AccountSkuId "SUBSCRIPTION_NAME:OFFICESUBSCRIPTION"
$LicenseE3withoutExchange = New-MsolLicenseOptions -AccountSkuId "SUBSCRIPTION_NAME:ENTERPRISEPACK" -DisabledPlans "EXCHANGE_S_ENTERPRISE"
 
# Connect to Microsoft Office 365 tenant
Connect-MsolService -Credential $credential
 
# Assign licenses based on Active Directory group membership
Set-MSOLLicenseToADGroupMembers -GroupName "O365_PROPLUS" -License $LicenseOfficeProPlus -LicenseName "SUBSCRIPTION_NAME:OFFICESUBSCRIPTION" -UsageLocation "DE"
Set-MSOLLicenseToADGroupMembers -GroupName "O365_E3" -License $LicenseE3withoutExchange -LicenseName "SUBSCRIPTION_NAME:ENTERPRISEPACK" -UsageLocation "DE"

Michael Miklis

_

Autor

miklis_michael.jpg

Michael Miklis

Funktion: Senior Systems Engineer
Standort: Bechtle Systemhaus Neckarsulm

Meine Motivation:

Täglich treffe ich bei Kunden auf spannende und komplexe Aufgabenstellungen. Für die Bereiche Desktopvirtualisierung, Microsoft-Infrastruktur und Scripting möchte ich hiermit einen Einblick geben und andere Motivieren, auch Ihr Wissen zu teilen.


Stichwörter

azure  bechtle-blog  cloud  github  office-365  powershell 

 
Diese Seite teilen:   Xing Facebook Twitter
 
 Cookie-Kontrolle.

Dieser Internetauftritt verwendet Cookies um Informationen auf Ihrem Client zu speichern.

Ihre Browsereinstellungen verhindern das Setzen von Cookies.
Ihre Browsereinstellungen erlauben das Setzen von Cookies.
Funktionale Cookies sind deaktiviert.
Funktionale Cookies sind aktiviert.
Zu den Einstellungen