How To connect Office 365 Via On-premises PowerShell

How To connect Office 365 Via On-premises PowerShell

As you might aware of that Office 365 has PowerShell that means you can use PowerShell to manage your tenancy. Also, some jobs require it.

In order to connect to Office 365 from your PC or Server, you need to complete some requirements and install some application.

First thing you need to have an Operating system that is supported such as Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012/R2

Second thing is to install .Net Framework and PowerShell.

Third thing is to download and install Microsoft Online Services Sign-In Assistant for IT Professionals – http://www.microsoft.com/en-us/download/details.aspx?id=39267

After that, you need to install Windows Azure AD Module to your PC or Server

Windows Azure Active Directory Module for Windows PowerShell (32-bit version)

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

After the Module installation, we are ready to go

The installation has created a shortcut on your desktop.

office 365 - 50

Type this

connect-msolservice

If you have internet connection, there must be Username/Password menu appeared

office 365 - 51

Type your Office 365 username and password such as “admin@xyzholding.onmicrosoft.com”

Welcome to Office 365

For Managing User, the following cmdlets will help you

 

Windows PowerShell cmdlet Description
Convert-MsolFederatedUser The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user.
Get-MsolUser The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used.
New-MsolUser The New-MsolUser cmdlet is used to create a new user in Azure AD. In order to give the user access to services, they must also be assigned a license (using the LicenseAssignment parameter).
Remove-MsolUser The Remove-MsolUser cmdlet is used to remove a user from Azure AD. This cmdlet will delete the user, their licenses, and any other associated data.
Restore-MsolUser The Restore-MsolUser cmdlet restores a user that is in the Deleted users view to their original state. Users will remain in the Deleted users view for 30 days.
Set-MsolUser The Set-MsolUser cmdlet is used to update a user object. Note that this cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through Set-MsolUserLicense, Set-MsolUserPassword and Set-MsolUserPrincipalName cmdlets respectively.
Set-MsolUserPassword The Set-MsolUserPassword cmdlet is used to change the password of a user. This cmdlet can only be used for users with standard identities.
Set-MsolUserPrincipalName The Set-MsolUserPrincipalName cmdlet is used to change the User Principal Name () of a user. This cmdlet can be used to move a user between a federated and standard domain, which will result in their authentication type changing to that of the target domain.
Redo-MsolProvisionUser The Redo-MsolProvisionUser cmdlet can be used to retry the provisioning of a user object in Windows Azure Active Directory when a previous attempt to create the user object resulted in a validation error.

 

For Managing Groups and Role Memberships, the following cmdlets will help you

Windows PowerShell cmdlet Description
Add-MsolGroupMember The Add-MsolGroupMember cmdlet is used to add members to a security group. The new members can be either users or other security groups.
Get-MsolGroup The Get-MsolGroup cmdlet is used to retrieve groups from Azure AD. This cmdlet can be used to return a single group (if ObjectId is passed in), or to search within all groups.
Get-MsolGroupMember The Get-MsolGroupMember cmdlet is used to retrieve members of the specified group. The members can be either users or groups.
New-MsolGroup The New-MsolGroup cmdlet is used to add a new security group to Azure AD.
Remove-MsolGroup The Remove-MsolGroup cmdlet is used to delete a group from Azure AD.
Remove-MsolGroupMember The Remove-MsolGroupMember cmdlet is used to remove a member from a security group. This member can be either a user or a group.
Set-MsolGroup The Set-MsolGroup cmdlet is used to update the properties of a security group.
Add-MsolRoleMember The Add-MsolRoleMember cmdlet is used to add a member to a role. Currently, only users can be added to a role (adding a security group is not supported).
Get-MsolRole The Get-MsolRole cmdlet can be used to retrieve a list of administrator roles.
Get-MsolUserRole The Get-MsolUserRole cmdlet is used to retrieve all of the administrator roles that the specified user belongs to. This cmdlet will also return roles that the user is a member of through security group membership.
Get-MsolRoleMember The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role.
Remove-MsolRoleMember The Remove-MsolRoleMember cmdlet is used to remove a user from an administrator role.
Redo-MsolProvisionGroup The Redo-MsolProvisionGroup cmdlet can be used to retry the provisioning of a group object in Windows Azure Active Directory when a previous attempt to create the group object resulted in a validation error.

 

For Managing Service Principals, the following cmdlets will help you

 

Windows PowerShell cmdlet Description
Set-MsolServicePrincipal The Set-MsolServicePrincipal cmdlet updates a service principal in Azure AD. It can be used to update the display name, enable/disable the service principal, trusted for delegation, the service principal names (SPNs) or the addresses.
New-MsolServicePrincipal The New-MsolServicePrincipal cmdlet creates a service principal that can be used to represent a Line Of Business (LOB) application or an on-premises server such as Microsoft Exchange, SharePoint or Lync in Azure AD as “service principal” objects. Adding a new application as a service principal allows that application to authenticate to other Microsoft Online Services.
Get-MsolServicePrincipal The Get-MsolServicePrincipal cmdlet can be used to retrieve a service principal or a list of service principals from Azure AD.
Remove-MsolServicePrincipal The Remove-MsolServicePrincipal cmdlet removes a service principal from Azure AD.
New-MsolServicePrincipalAddresses The New-MsolServicePrincipalAddress cmdlet creates a new service principal address object that can be used to update the addresses for a service principal.
Get-MsolServicePrincipalCredential The Get-MsolServicePrincipalCredential cmdlet can be used to retrieve a list of credentials associated with a service principal.
New-MsolServicePrincipalCredential The New-MsolServicePrincipalCredential cmdlet can be used to add a new credential to a service principal or to add or roll credential keys for an application. The service principal is identified by supplying either the object ID, application ID, or service principal name (SPN).
Remove-MsolServicePrincipalCredential The Remove-MsolServicePrincipalCredential cmdlet can be used to remove a credential key from a service principal in the case of a compromise or as part of credential key rollover expiration. The service principal is identified by supplying either the object ID, application ID, or service principal name (SPN). The credential to be removed is identified by its key ID.

 

For Managing Domains, the following cmdlets will help you

 

Windows PowerShell cmdlet Description
Confirm-MsolDomain The Confirm-MsolDomain cmdlet is used to confirm ownership of a domain. In order to confirm ownership, a custom TXT DNS record must be added for the domain. The domain must first be added using the New-MsolDomain cmdlet, and then the Get-MsolDomainVerificationDNS cmdlet should be called to retrieve the details of the DNS record that must be set.Note that there may be a delay (15 to 60 minutes) between when the DNS update is made and when the cmdlet is able to confirm ownership of a domain.
Get-MsolDomain The Get-MsolDomain cmdlet is used to retrieve company domains.
Get-MsolDomainVerificationDns The Get-MsolDomainVerificationDns cmdlet is used to return the DNS records that need to be set to verify a domain.
New-MsolDomain The New-MsolDomain cmdlet is used to create a new domain object. This cmdlet can be used to create a domain with managed or federated identities, although the New-MsolFederatedDomain cmdlet should be used for federated domains in order to ensure proper setup.
Remove-MsolDomain The Remove-MsolDomain cmdlet is used to delete a domain from Azure AD. The domain being deleted must be empty; that is, there cannot be any users or groups with email addresses in this domain.
Set-MsolDomain The Set-MsolDomain cmdlet is used to update settings for a domain. Using this cmdlet, the default domain can be changed, or the capabilities (Email, Sharepoint, OfficeCommunicationsOnline) can be changed.
Set-MsolDomainAuthentication The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication between standard identity and single sign-on. This cmdlet will only update the settings in Azure AD; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated should be used instead.
Get-MsolPasswordPolicy Retrieves the current password policy for the tenant or the specified domain.
Set-MsolPasswordPolicy Sets the values associated with the password notification window and password validity window for a specified domain or all domains in the tenant.

 

 

For Managing Single Sign-On, the following cmdlets will help you

 

Windows PowerShell cmdlet Description
New-MsolFederatedDomain The New-MsolFederatedDomain cmdlet adds a new single sign-on domain (also known as identity-federated domain) to Azure AD and configures the relying party trust settings between the on-premises Active Directory Federation Services 2.0 server and Azure AD. Due to domain verification requirements, you may need to run this cmdlet several times in order to complete the process of adding the new single sign-on domain.
Convert-MsolDomainToStandard The Convert-MsolDomainToStandard cmdlet converts the specified domain from single sign-on (also known as identity federation) to standard authentication. This process also removes the relying party trust settings in the Active Directory Federation Services 2.0 server and Azure AD. After the conversion, this cmdlet will convert all existing users from single sign-on to standard authentication. Any existing user who was configured for single sign-on will be given a new temporary password as part of the conversion process. Each converted user name and new temporary password will be recorded in a file for reference by the administrator. The administrator can then distribute the new temporary password to each converted user to enable the user to sign in to the cloud service.
Convert-MsolDomainToFederated The Convert-MsolDomainToFederated cmdlet converts the specified domain from standard authentication to single sign-on (also known as identity federation), including configuring the relying party trust settings between the Active Directory Federation Services 2.0 server and Azure AD. As part of converting a domain from standard authentication to single sign-on, each user must also be converted. This conversion happens automatically the next time a user signs in; no action is required by the administrator.
Get-MsolFederationProperty The Get-MsolFederationProperty cmdlet gets key settings from both the Active Directory Federation Services 2.0 server and Azure AD. You can use this information to troubleshoot authentication problems caused by mismatched settings between the Active Directory Federation Services 2.0 server and Azure AD.
Get-MsolDomainFederationSettings The Get-MsolDomainFederationSettings cmdlet gets key settings from Azure AD. Use the Get-MsolFederationProperty cmdlet to get settings for both Azure AD and the Active Directory Federation Services server.
Remove-MsolFederatedDomain The Remove-MsolFederatedDomain cmdlet removes the specified single sign-on domain from Azure AD and the associated relying party trust settings in Active Directory Federation Services 2.0. Note: If the domain specified has objects associated with it, you will not be able to remove the domain.
Set-MsolDomainFederationSettings The Set-MsolDomainFederationSettings cmdlet is used to update the settings of a single sign-on domain.
Set-MsolADFSContext The Set-MsolADFSContext cmdlet sets the credentials to connect to Azure AD and to the Active Directory Federation Services 2.0 (AD FS 2.0) server. This cmdlet must be run before making other single sign-on (also known as identity federation) cmdlet calls. If this cmdlet is called without parameters, the user will be prompted for credentials to connect to the different systems. When the AD FS 2.0 server is used remotely, the user must specify the computer name of the primary AD FS 2.0 server. Note that the specified logfile is shared by all single sign-on cmdlets for the session. A default logfile is created if one is not specified.
Update-MsolFederatedDomain The Update-MsolFederatedDomain cmdlet changes settings in both the Active Directory Federation Services 2.0 server and Azure AD. It is necessary to run this cmdlet whenever the URLs or certificate information within Active Directory Federation Services 2.0 change due to configuration changes or through regular maintenance of the certificates, such as when a certificate is about to expire. This cmdlet should also be run when changes occur in Azure AD. To confirm that the information in the two systems is correct, the Get-MsolFederationProperty cmdlet can be used to retrieve the settings.

 

For Managing Subscriptions and Licenses, the following cmdlets will help you

 

Windows PowerShell cmdlet Description
Get-MsolSubscription The Get-MsolSubscription cmdlet returns all the subscriptions that the company has purchased. When assigning licenses to users, the Get-MsolAccountSku API should be used instead.
Get-MsolAccountSku The Get-MsolAccountSku will return all the SKUs that the company owns.
New-MsolLicenseOptions The New-MsolLicenseOptions cmdlet creates a new License Options object. This cmdlet disables specific service plans when assigning a user a license using the Add-MsolUser and Set-MsolUserLicense cmdlets.
Set-MsolUserLicense The Set-MsolUserLicense cmdlet can be used to adjust the licenses for a user. This can include adding a new license, removing a license, updating the license options, or any combination of these actions.

 

 

Stay Tuned!

Sonat Yaylali

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: