Export (0) Print
Expand All

Six Reasons Why You Might Want to Use Windows PowerShell to Manage Office 365

 

Topic Last Modified: 2014-08-22

Summary: Six reasons Windows PowerShell can help you manage Office 365.

One of the great things about Office 365 (and trust us, there are many great things about Office 365) is the Admin center. The Office 365 Admin center provides one-stop shopping for all your Office 365 management needs. Using this single tool, you can not only manage your Office 365 user accounts and user licenses, but you can also manage your Office 365 server products: Exchange, Lync Online, and SharePoint Online. Once you see the Admin center in action you’ll probably say, “I’ll never need another Office 365 management tool as long as I live!”

But don’t be too hasty. After all, you haven’t seen how you can use Windows PowerShell to manage Office 365.

Wait a second: Windows PowerShell? Isn’t Windows PowerShell replacement for MS-DOS, isn’t Windows PowerShell that old-fashioned command shell language where you type cryptic commands like this:

Get-SPSite -Limit All | Get-SPWeb -Limit All | % {$_.Lists} | ? {$_ -is [Microsoft.SharePoint.SPDocumentLibrary]} | % {$total+= $_.ItemCount}; $total

Well, yes … sort of. Windows PowerShell is a command shell language, and Windows PowerShell did supersede MS-DOS. (The old command shell is still around, so we can’t really say that Windows PowerShell replaced it.) And while you obviously have the ability write cryptic commands in Windows PowerShell, you don’t have to write cryptic commands in Windows PowerShell. For example, you say you’d like to get information about your user mailboxes? No problem:

Get-Mailbox

That doesn’t appear to be too terribly cryptic, at least not to us.

But we don’t care about that anyway, at least not at the moment. At the moment, all we care about is introducing you to some of the ways that Windows PowerShell can complement and augment the Office 365 Admin center.

And yes, we did say “complement and augment;” we didn’t say “dispose of.” People sometimes think that Windows PowerShell is an all-or-nothing proposition: either you use Windows PowerShell exclusively, or you don’t use Windows PowerShell at all. But that’s not true. Instead, you should use Windows PowerShell when it’s the fastest/easiest/most effective way to do something. (Or in some cases, when it’s the only way to do something.) And if Windows PowerShell isn’t the fastest/easiest/most effective way to do something? Here’s one suggestion: then don’t use it in those cases. It’s entirely up to you.

Before you continue reading, have a look at the video below: Six Reasons to use Windows PowerShell to manage Office 365.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

In this article we’ll show you six different scenarios in which it might make sense to use Windows PowerShell to manage Office 365. This article has a simple purpose: to answer the question, “Why would I ever want to use Windows PowerShell to manage Office 365?”

Here are six reasons why:

  1. Windows PowerShell Can Reveal "Hidden" Information Not Available in the Admin Center

  2. Office 365 has Features That You Can Only Configure by Using Windows PowerShell

  3. Windows PowerShell Excels at Carrying Out Bulk Operations

  4. Windows PowerShell is Great at Filtering Data

  5. Windows PowerShell Makes It Easy to Print or Save Data

  6. Windows PowerShell Lets You Do "Cross-Product" Management

Sometimes there’s more to Office 365 than meets the eye. (Or, if you will, more than meets the UI.) For example, the Admin center displays a lot of very useful information, but that doesn’t mean that it displays all the information.

What do we mean by that? Well, suppose you’re in the Office 365 section of the Admin Center and you click users and groups. Do that and, by default, you’ll see information about all your active Office 365 users:

The Office 365 Admin center.

What’s wrong with that? Nothing; that’s very useful information. Of course, it’s also true that the only information shown for each user is the user’s display name, user name, and his or her current status. And what’s wrong with that? Again, nothing’s wrong with that: those are all bits of information you need to know.

Nevertheless, there are other pieces of information that might be useful to know from time-to-time. For example, Office 365 licensing (as well as the Office 365 features available to a user) depend in part on that user’s geographic location: the policies and features you can extend to a user who lives in the US might not be the same as the policies and features you can extend to a user who lives in India or in Belgium. Can you use the Admin Center to determine a user’s geographic location? Of course you can. All you have to do is:

  1. Double-click the user’s Display Name.

  2. In the user properties display pane, click details.

  3. In the details display, click additional details.

  4. Scroll down until you see the heading Country or region:

    Office 365 user settings.
  5. Write the user’s display name and location on a piece of paper, or copy and paste it into Notepad. (Unless you think you can remember the display name and location for all of your users.)

See how easy that is? And then you just have to repeat the process for the next user. And the user after that. And ….

Security noteSecurity Note:
And hope that you have less than 1,000 users. That’s because the Admin Center can only display a maximum of 1,000 user accounts at a time. If you have, say, 2,000 users, you’ll need to figure out a way to display the first thousand users, then figure out a way to display the second thousand users.

Will that work? Yes, it will work. Will that be tedious and time-consuming? Yes, it will be very tedious and time-consuming. But what choice do you?

As it turns out, you have this choice:

Get-MsolUser | Select-Object DisplayName, UsageLocation

That simple Windows PowerShell command (which requires you to install the Windows Azure Active Directory module) will display information similar to this, and display it for all your users (even if you have 2,000 of them):

DisplayName                               UsageLocation
-----------                               -------------
Zrinka Makovac                            US
Bonnie Kearney                            GB
Fabrice Canel                             BR
Brian Johnson (TAILSPIN)                  US
Anne Wallace                              US
Alex Darrow                               US
David Longmuir                            BR

But wait: it gets even better than that. Maybe you’d like to sort these users by their location, grouping all the Brazilian users together, all the US users together, etc. Can Windows PowerShell do that? Do you even have to ask? Try this command:

Get-MsolUser | Select-Object DisplayName, UsageLocation | Sort-Object UsageLocation, DisplayName

That returns data similar to this:

DisplayName                                 UsageLocation
-----------                                 -------------
David Longmuir                              BR
Fabrice Canel                               BR
Bonnie Kearney                              GB
Alex Darrow                                 US
Anne Wallace                                US
Brian Johnson (TAILSPIN)                    US
Zrinka Makovac                              US

And if you only want to see information about users based in Brazil, try this command:

Get-MsolUser | Where-Object {$_.UsageLocation -eq "BR"} | Select-Object DisplayName, UsageLocation 

And here’s what you’ll get back:

DisplayName                                           UsageLocation
-----------                                           -------------
David Longmuir                                        BR
Fabrice Canel                                         BR

We told you it was easy.

A Quick Note Regarding Larger Domains

If you have a very large domain, says with tens of thousands of users, some of the examples we show in this introductory article could lead to “throttling.” That means that, based on things like computing power and available network bandwidth, you’re trying to do a little too much at one time. Because of that, larger organizations might want to split some of these Windows PowerShell commands into two commands. For example, this one command returns all the user accounts and shows the DisplayName and UsageLocation for each user:

Get-MsolUser | Select-Object DisplayName, UsageLocation

That works great for smaller domains. In a large organization, however, you might need to split that into two commands: one command to return the user accounts (and store that user account information in a variable) and the other to then display the returned information:

$x = Get-MsolUser
$x | Select-Object DisplayName, UsageLocation

The Office 365 Admin center was never meant to be all things to all people. Instead, it was meant to be most things to most people. In other words, the Admin center was designed so that the typical administrator could use the tool to carry out the most common management tasks. By definition, that means that there are some tasks that can’t be completed by using the Admin center.

To better explain this, let’s take a look at the Lync Online Admin center. The Lync Online Admin center provides a few options for managing meeting settings. Actually, what it does is allow you to create custom meeting invitations:

Lync Online custom meeting invitations.

That’s a very nice feature: it helps add a touch of personalization and professionalism to meeting invitations.

However, there’s more to meeting configuration settings than simply creating custom meeting invitations. For example, by default meetings allow:

  • Anonymous users to gain automatic entrance to each meeting.

  • Attendees to record the meeting.

  • All users from your organization to be designated as presenters when they join the meeting.

Are these things you need to worry about? That depends on the needs of your organization. For now, what’s important is the fact that these features are entirely under your control: you can enable or disable them as you see fit … provided that you use Windows PowerShell. These additional meeting configuration settings cannot be managed by using the Admin center.

And so it’s Windows PowerShell to the rescue. For example, here’s a Windows PowerShell command (one that requires you to install the Lync Connector module) that disables the three settings we listed a minute ago:

Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $False -AllowConferenceRecording $False -DesignateAsPresenter "None"

That’s all you have to do. If you change your mind and want to restore the default settings then just run this command:

Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $True -AllowConferenceRecording $True -DesignateAsPresenter "Company"

Is this as simple as selecting or deselecting a couple of checkboxes in the Admin center? Maybe not. But, then again, it’s not exactly rocket science, either.

Historically, graphical user interfaces like the Office 365 Admin center have been at their best when you have a one-off operation to perform. Need to disable one user account? It’s usually way faster, way easier, and way less error-prone to simply clear a checkbox than it is to open up Windows PowerShell and type a command that does the exact same thing. You say you need to change a user’s phone number and you’re bound and determined to use the Admin center to do that? We don’t blame you; that’s probably how we’d do it, too.

But that might not be the way we would do things if we had to change thousands of phone numbers, or if we had to perform some other operation in bulk. For example, suppose your boss comes up to you and says, “Hey, we need to remove Ken Myer from all our SharePoint Online sites. How quickly can you do that?”

Well, let’s see. You have several hundred SharePoint Online sites, and you don’t know even know which ones Ken is a member of. That means you’ll have to start at the SharePoint Online Admin center and:

  1. Click the URL of the first site.

  2. In the site collection properties box, click the Web Site Address link to open the site.

  3. On the site, click Share.

  4. In the Share dialog box click the link that shows you all the users who have permissions to the site:

    Viewing the members of a SharePoint Online site.
  5. In the Shared With dialog box, click Advanced.

  6. Scroll down the list of users, find and select Ken Myer (assuming he has permissions to the site), and then click Remove User Permissions.

  7. Repeat for all your other sites.

How long will it take you to do this? Rough estimate: forever.

Unless, of course, you’ve installed the SharePoint Online Windows PowerShell module. In that case, you can run this one little command to remove Ken Myer from all your sites:

Get-SPOSite | ForEach-Object {Remove-SPOUser -Site $_.Url -LoginName "kenmyer@litwareinc.com"}

We should mention that, if you try this, you will get an error message if you happen to hit a site that Ken doesn’t currently have permissions to. (There are ways to avoid that error message, but we aren’t going to deal with them in this article.) However, the command will continue to run and, when it completes, Ken Myer will no longer have permissions to any of your sites. And, best of all, the whole thing might take a minute or two to complete.

Oh, and that’s a minute or two total, not a minute or two per site.

And what if you decide to later reinstate Ken as a member on all your sites? No problem:

Get-SPOSite | ForEach-Object {Add-SPOUser -Site $_.Url -LoginName "kenmyer@litwareinc.com" -Group "Members"}

Is that cool or what?

NoteNote:
Keep in mind that we “cheated” a little but in our previous example: we assumed that you wanted to add Ken back to each of your SharePoint Online sites. That makes for a good example of the cool things you can do using Windows PowerShell, but it might not reflect your real-life needs: in real life, you might want to add Ken back to just some of your sites, the sites he was previously a member of. Can you do that? Yes, you can, although we won’t explain how in this introductory overview. Just note that, before you remove Ken’s membership privileges, you can use Windows PowerShell to record that information in a text file. When the time comes to restore those privileges, you can then add Ken only to the sites specified in that file. For more information, see Creating sites and adding users using Windows PowerShell.

The Office 365 Admin center provides several different ways to filter your data; that is, several different ways to quickly and easily locate a targeted subset of information. For example, Exchange makes it easy to filter on practically any property of a user mailbox. Need a list of mailboxes for all the users who live in the city of Bloomington? No problem:

Exchange Online Advanced search dialog box.

The Exchange Admin center also lets you combine filter criteria; for example, you can find the mailboxes for all the people who live in Bloomington and who work in the Finance department. What more could you want? Nothing, right?

Right. Well, then again, there might be times when you’d like to find the mailboxes of people who live in Bloomington or in San Diego. Or maybe mailboxes for all the people who don’t live in Bloomington. Or – well, you get the idea. But you probably can’t create those kind of filters in the Admin center, can you?

No, you can’t. But you can create those kind of filters by using Windows PowerShell. For example, you say that you want a list of mailboxes for all the people who live in Bloomington or in San Diego? Try this command:

Get-User | Where-Object {$_.RecipientTypeDetails -eq "UserMailbox" -and ($_.City -eq "San Diego" -or $_.City -eq "Bloomington")} | Select DisplayName, City

And, yes, that is a bit more complicated than some of the other commands we’ve seen so far. But that’s OK: once you know what you’re doing commands like that are actually pretty easy to figure out. And best of all, they work:

DisplayName                              City
-----------                              ----
Alex Darrow                              San Diego
Bonnie Kearney                           San Diego
Julian Isla                              Bloomington
Rob Young                                Bloomington
Zrinka Makovac                           San Diego

And what about listing all the mailboxes for people who live anywhere except Bloomington? That’s even easier:

Get-User | Where-Object {$_.RecipientTypeDetails -eq "UserMailbox" -and $_.City -ne "Bloomington"} | Select DisplayName, City

As you can see, not a Bloomington in the bunch:

DisplayName                               City
-----------                               ----
MOD Administrator                         Redmond
Alex Darrow                               San Diego
Allie Bellew                              Bellevue
Anne Wallace                              Louisville
Aziz Hassouneh                            Cairo
Belinda Newman                            Charlotte
Bonnie Kearney                            San Diego
David Longmuir                            Waukesha
Denis Dehenne                             Birmingham
Garret Vargas                             Seattle
Garth Fort                                Tulsa
Janet Schorr                              Bellevue

And here’s something else: with Windows PowerShell you can use wildcard characters in your filters. Is that important? It can be. Suppose you’re looking for a user, and all you can remember is that their last name was Anderson, or maybe Henderson. Or maybe it was Jorgenson. Anyone, it was something like that.

So how do you track down that user? Well, in the Admin center you could use the search tool and carry out three different searches:

  • One for Anderson

  • One for Henderson

  • One for Jorgenson

That works. It will take awhile. But it works.

So are we saying that it would be easier to locate this user by using Windows PowerShell? That’s exactly what we’re saying:

Get-User -Filter '{LastName -like "*son"}'

Very nice.

This probably won’t come as a major surprise, but one of the things that the Lync Online Admin center shows you is a list of all your users who have been enabled for Lync Online:

The Lync Online Admin center.

That’s handy information to have at your disposal, so handy that you might actually want to save that data to a file. So how do you use the Admin center to save data to a file? Short answer: you don’t. The Lync Online Admin center doesn’t provide a way to save, or to print, whatever you’re viewing on screen. And even trying to copy and paste all that data is only minimally useful.

NoteNote:
In all fairness you can copy the data and paste it into Excel. That will work for the most part, although you’ll probably have to clean up the formatting a bit. Plus, you’ll have to do this for each screen of user accounts. Oh, and you’ll have to work around the fact that the Admin center can only display 1,000 users at a time.
But, other than that, it’s a piece of cake.
We should also note that the Exchange Admin center enables you to save some items to a text file. But you can’t save everything, and currently Exchange is the only Office 365 component that offers this capability.

So how do you save this data, or, for that matter, how do you save any of your Office 365 data? The answer is – well, you’re way ahead of us. Yes, the answer – as usual – is to use Windows PowerShell. Want to save your Lync Online user data to a CSV (comma-separated values) file, a file that can be easily opened in Excel? All you had to do was ask:

Get-CsOnlineUser | Select-Object DisplayName, UserPrincipalName, UsageLocation | Export-Csv -Path "C:\Logs\LyncUsers.csv" -NoTypeInformation

Does that work? Would we have picked this example if it wouldn’t work:

Lync Online user data displayed in Excel.

And before you ask, yes, we could also save this as an XML file, or as an HTML page. In fact, with a little additional coding (coding goes beyond the scope of this article) we could save it directly as an Excel file, with any custom formatting we desired.

And what if you wanted to print directly from Windows PowerShell, without having to go through Excel or some other application? Well, it won’t be the fanciest looking printout you’ve ever seen, but this command will do the trick:

Get-CsOnlineUser | Select-Object DisplayName, UserPrincipalName, UsageLocation | Out-Printer

And here’s what your printed document will look like:

Print Lync Online user information.

That might not be a work of art, but it is a printed document. And that’s something you just can’t get from the Admin center.

The different components that make up Office 365 are designed to work together, and, for the most part, they do just that. For example, suppose you add a new user to Office 365 and, when you do, you specify such information as the user’s department and phone number. That information will then be available if you access the user’s information using any of the Office 365 server products: Lync Online, Exchange, or SharePoint Online. You don’t have to set the phone number for Office 365 only to then have to set that phone number again for Lync Online, again for Exchange, and yet again for SharePoint Online.

But that’s for generic information that spans the suite of products. When it comes to product-specific information – for example, information about a user’s Exchange mailbox -- well, information like that is typically not available across the suite. Do you want to know if a user’s mailbox is enabled or not? That information is available only in the Exchange Admin center. And that makes sense: why would you expect the SharePoint Online Admin center to display Exchange information?

That’s all perfectly fine … most of the time. However, suppose you’d like to make a report that shows the following information for all your users:

  • The user’s display name

  • Whether the user is licensed for Office 365

  • Whether the user’s Exchange mailbox has been enabled

  • Whether the user is enabled for Lync

How do you do that quickly and easily compile such a report from within the Office 365 Admin center? To be honest, you don’t. Instead, you’ll have to get all the user names and licensing information from the Office 365 Admin center; then get mailbox information from the Exchange Admin center; then get Lync Online information from the Lync Online Admin center; and then somehow collate and combine that information. A somewhat daunting task, to say the least.

On the other hand, you could just use Windows PowerShell to compile that report for you.

The following little script is, admittedly, a little more complicated than most of the sample code we’ve looked at in this article. But don’t worry about that: remember, our purpose here is to let you know that certain things can be done, not necessarily to explain how to do them. That said, consider the following:

$x = Get-MsolUser

foreach ($i in $x)
    {$y = Get-Mailbox -Identity $i.UserPrincipalName
     $i | Add-Member -MemberType NoteProperty -Name IsMailboxEnabled -Value $y.IsMailboxEnabled

     $y = Get-CsOnlineUser -Identity $i.UserPrincipalName
     $i | Add-Member -MemberType NoteProperty -Name EnabledForLync -Value $y.Enabled}

$x | Select-Object DisplayName, IsLicensed, IsMailboxEnabled, EnabledforLync

Can a simple little script like that really cut across all the Office 365 products and return a report that combines information from three different data sources? See for yourself:

DisplayName             IsLicensed   IsMailboxEnabled   EnabledForLync
-----------             ----------   ----------------   --------------
Zrinka Makovac          True         True               True
Bonnie Kearney          True         True               True
Fabrice Canel           True         True               True
Brian Johnson           False        True               False
Anne Wallace            True         True               True
Alex Darrow             True         True               True
David Longmuir          True         True               True
Katy Jordan             False        True               False
Molly Dempsey           False        True               False

Is That It?

No, not really: in fact,, the sky is the limit when it comes to using Windows PowerShell manage Office 365.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft