Sunday, November 6, 2016

Office 365 / Exchange Online: management with PowerShell - review of some basic concepts

Preface: I'm taking a break from my recent Linux CentOS 7 posts. While working on an Office 365 problem, I was asked to retrieve some information about my Office 365 tenant using various PowerShell cmdlets. I don't often connect to Office 365 with PowerShell so I thought I would take this opportunity to review some of the basic concepts here.

***

We can manage our Office 365 subscription with the Office 365 Admin Center and Exchange Online with the Exchange Admin Center.

Note: I will concentrate on Exchange Online. There may be other Admin Centers available depending on your subscription.

Most administrators are probably familiar with the graphic interfaces below.

For example, after connecting to the Office 365 portal, I find myself in the Office 365 Admin Center:




If I go to the icon designated by the red dot in the screenshot (above), I can select Exchange...




And then find myself in the Exchange Admin Center where I can manage the Exchange aspects of my Office 365 subscription :




We can also manage both our Office 365 tenant and Exchange Online in particular via a remote PowerShell connection.

In the lines that follow, we'll see how to establish connections to Office 365 / Exchange Online.


***


First, I'm going to use a Windows 7 SP1 machine with .Net 4.5.2 and PowerShell version 4:

PS C:\> $PSVersionTable.PsVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
4      0      -1     -1


But that is not enough.

Normally, I would enter the following cmdlets:

Import-Module MSOnline

And then...

Connect-MsolService

I would then see the following prompt for credentials:





But this is what I see instead:


Note: click to enlarge.

What is missing?

We need to install the "Microsoft Azure Active Directory module for Windows PowerShell" or simply, the "Azure Active Directory PowerShell Module" (yes, it's the same thing).

Since links may change, I would perform an online search for the module, download it and then install it.

The file was named "AdministrationConfig.msi" when I downloaded it for the last time.

After installation, we may see an icon for "Microsoft Azure Active Directory module for Windows PowerShell". However, once the module is installed, we can use the regular icon for PowerShell also. Both have the Azure Active Directory cmdlets.





We can now connect (we should see the prompt for credentials shown earlier) and can execute Azure Active Directory cmdlets to obtain information about our Office 365 tenant.


Among some of the more useful informational cmdlets (Get-*) are:
  • Get-MsolCompanyInformation
  • Get-MsolDomain 
  • Get-MsolSubscription

I will not post the output here as there is too much information about my tenant.

We can view other MS Online cmdlets with this command:

Get-Command *msol*

or (aliased)

gcm *msol*


For example, we can see users and groups in our Azure Active Directory with these cmdlets:
  • Get-MsolUser
  • Get-MsolGroup
These may be users / groups created in our O365 tenant or synced from on-premises.

We can act on Azure Active Directory objects with the Add-*, New-*, Remove-*, Reset-*, Restore-*, Set-* and other cmdlets.


***


But what about managing Exchange Online with remote PowerShell?

First, we must set the execution policy to "RemoteSigned" if it is not already.

We verify with this cmdlet:

Get-ExecutionPolicy

We set the policy with this cmdlet:

Set-ExecutionPolicy RemoteSigned

If you do not set the policy to RemoteSigned, you will encounter this error:



Otherwise, the set of cmdlets below should allow us to access Exchange Online via remote PowerShell and manage objects (mailboxes, etc.) as needed:

$Cred = Get-credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic 
-AllowRedirection

Import-PSSession $Session -DisableNameChecking -AllowClobber

Note: in the link referenced at the end of this post, the parameters -DisableNameChecking and -AllowClobber are not used. It was someone from Microsoft technical support that suggested them to me. I've included a second link below so the reader can see what these parameters do.


Below is an example of a cmdlet we could run, showing some O365 characteristics such as the database (a reference to "db109"), the server name, the organizational unit and the various Office 365 quotas, notably the 50 GB mailbox size:




It is best practice to close Exchange Online sessions with the cmdlet Remove-PSSession, for example:

Remove-PSSession $Session

Note: we have a limit of three remote sessions.

We can see the number of sessions with this cmdlet:

Get-PSSession

This would close all active sessions:

Get-PSSession | Remove-PSSession


For more information:





1 comment:

  1. Really enjoyed reading your post, big thanks to you for sharing such great information. Exchange online

    ReplyDelete