Export (0) Print
Expand All

Use remote Windows PowerShell to manage users by using FOPE SFTP files

Exchange 2013

Applies to: Exchange Online Protection

The ability to upload users via Secure File Transfer Protocol (SFTP) is not supported in Microsoft Exchange Online Protection (EOP). However, Microsoft Forefront Online Protection for Exchange (FOPE) tenants who used SFTP to upload users and manage virtual domains can use remote Windows PowerShell in EOP to upload users and add users to distribution groups. Distribution groups are used in EOP to route mail differently for a collection of users or to apply an Exchange Transport rule to a collection of users.

In FOPE, a specially formatted .txt file could be uploaded to FOPE via SFTP, which would result in users being added to FOPE. When using virtual domains, you could also use this method to add users.

In EOP, it's a best practice to use Windows Azure Active Directory synchronization to sync users and groups from your on-premises Active Directory environment. However, if directory synchronization isn’t possible, you can use remote Windows PowerShell to manage users and groups.

The following is a sample script that parses user and virtual domain information from a .txt file in the same format that FOPE used for SFTP uploads. This sample script connects to EOP, creates new mail users with a random 10-digit password, creates distribution groups, and adds users to distribution groups from existing SFTP upload files.

To run the script
  1. Copy the RunCmdletForSFTPUploads.ps1 script at the end of this topic into Notepad, and then save the file to a location (like c:\scripts) that's easy to find.

  2. Run the script by using the following syntax:

    & "<script file path>\RunCmdletForSFTPUploads.ps1" "<text file path>"

    Here’s an example where the script is located in C:\Scripts, and the text files are located in D:\Data.

    & "C:\Scripts\RunCmdletForSFTPUploads.ps1" "D:\Data"
  3. The script will prompt you for credentials to log on to your EOP tenant. If the logon is successful, the script will run the cmdlets that are required to create users and create or update distribution groups.

param([string]$filepath = "FilePath")

# Set up a random number generator.
$rand = New-Object System.Random -ArgumentList (get-date).millisecond

# Get the contents of the SFTP input file.
$content = Get-Content $filepath

# Login to EOP.
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

# Parse the content.
foreach ($line in $content) {
    switch -Wildcard ($line) {
        "#DOMAIN*" {$type = "Domain"}
        "#GROUP*" {
            $type = "Group"
            $groupname = $line.Substring(7,$line.IndexOf('GROUP-ONLY')-7)
            $groupname = $groupname.Trim(" ")

            #Try to add a new distribution group.
            New-DistributionGroup -Name $groupname
        "#END_OF_FILE" {$type = "End"}
        "*@*" {
            # This is a proxy address.
            switch ($type) {
                "Domain" {
                    #Add a new mail user.
                    write-host ("Adding new mail user: $line")
                    # Generate a new 10 character password.
                    $NewPassword = ""
                    1..10 | ForEach { $NewPassword = $NewPassword + [char]$rand.next(40,127) }

                    # Get the alias from the primary email.
                    $tokens = $line.Split("@")
                    $alias = $tokens[0]

                    # Run New-MailUser
                    New-MailUser -Name $line -Alias $alias  -MicrosoftOnlineServicesID $line -Password (ConvertTo-SecureString -String $NewPassword -AsPlainText -Force)
                "Group" {
                    # Add the new user to a group.
                    write-host ("Adding user to group: $line to $groupname")
                    Add-DistributionGroupMember -Identity $groupname -Member $line -Confirm:$false -BypassSecurityGroupManagerCheck

         default {

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft