Tag Archives: Bechtle-Blog

Bechtle-Blog Office 365 PowerShell

Update: Assign Office 365 licenses based on Active Directory groups (version 1.1)

Several months ago, I published a PowerShell script to assign Office 365 licenses to user accounts based on their on-premises Active Directory group memberships (original post). I received a lot of great feedback for that script and added some bugfixes and support for multiple assigned licenses. Multiple assigned licenses will occur if your users are using multiple Office 365 services, like Intunes and Office 365 E3, or maybe Windows E3 for instance.

Like all my new coding project you’ll also find the PowerShell script on GitHub:
https://github.com/michaelmiklis/Set-MSOLLicenseToADGroupMembers.ps1

You just need to modify the on the end to match your environment (username, password, group names, e.g.):

######################################################################
## (C) 2017 Michael Miklis (michaelmiklis.de)
##
##
## Filename:      Set-MSOLLicenseToADGroupMembers.ps1
##
## Version:       1.1
##
## Release:       Final
##
## Requirements:  -none-
##
## Description:   Assign Office 365 Licenses based on Active Directory
##                Groups.
##
## This script is provided 'AS-IS'.  The author does not provide
## any guarantee or warranty, stated or implied.  Use at your own
## risk. You are free to reproduce, copy & modify the code, but
## please give the author credit.
##
####################################################################
Set-PSDebug -Strict
Set-StrictMode -Version latest
  
 
function Set-MSOLLicenseToADGroupMembers {
    <#
    .SYNOPSIS
    Assigns Office 365 Licenses to Members of AD-Group
  
    .DESCRIPTION
    The Set-MSOLLicenseToADGroupMembers CMDlet gets all users from a
    specified AD-Group and assigns a specified Office 365 License to
    the corresponding Office 365 identities
  
    .PARAMETER GroupName
    Name of the Active Group
  
    .PARAMETER License
    Name of the License
 
    .PARAMETER UsageLocation
    Name of the Location
  
    .EXAMPLE
    Set-MSOLLicenseToADGroupMembers -GroupName "Office365_E3" -License "contoso:ENTERPRISEPACK"
 
    #>
      
    param (
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$GroupName,
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$License,
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$LicenseName,
        [parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]$UsageLocation="DE"
    )
 
    foreach ($User in (Get-ADGroupMember -Identity $GroupName)) {
    $User = Get-ADUser -Identity $User -Properties UserPrincipalName
    $MsOlUser =  Get-MsolUser -UserPrincipalName $User.UserPrincipalName -ErrorAction SilentlyContinue 
 
    $UserLicensePresent = $false

    if ($MsOlUser -ne $null) {
        Write-Host ("Found Office 365 User: " + $MsOlUser.UserPrincipalName)
            Set-MsolUser -UserPrincipalName $User.UserPrincipalName -UsageLocation $UsageLocation
 
        if ($MSOlUser.IsLicensed -eq $false) {
            Write-Host ("User not licensed - assigning license: " + $LicenseName)

            Set-MSOLUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $LicenseName
            Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -LicenseOptions $License
        }
        else {
            foreach ($UserLicense in $MSOLUser.Licenses)
            {
                if ($UserLicense.AccountSkuId -eq $LicenseName)
                {
                    $UserLicensePresent = $true
                    break
                }
            }


            if ($UserLicensePresent -eq $false) {
                Write-Host ("User licensed, but not with correct license - assigning license: " + $LicenseName)

                Set-MSOLUserLicense -UserPrincipalName $User.UserPrincipalName -AddLicenses $LicenseName
                Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName -LicenseOptions $License
            }
            else {
                Write-Host ("User has already a correct license assigned: " + $LicenseName)
            }
        }
    }
    }
 
}
 
Import-Module MSOnline
 
$Username = "xxxxx"
$Password = "xxxxx"
 
# Convert the plain text password to a secure string
$SecurePassword=ConvertTo-SecureString –String $Password –AsPlainText –force
$Credential=New-object System.Management.Automation.PSCredential $Username,$SecurePassword
 
# Create new Office 365 license options
$LicenseOfficeProPlus = New-MsolLicenseOptions -AccountSkuId "SUBSCRIPTION_NAME:OFFICESUBSCRIPTION"
$LicenseE3withoutExchange = New-MsolLicenseOptions -AccountSkuId "SUBSCRIPTION_NAME:ENTERPRISEPACK" -DisabledPlans "EXCHANGE_S_ENTERPRISE"
 
# Connect to Microsoft Office 365 tenant
Connect-MsolService -Credential $credential
 
# Assign licenses based on Active Directory group membership
Set-MSOLLicenseToADGroupMembers -GroupName "O365_PROPLUS" -License $LicenseOfficeProPlus -LicenseName "SUBSCRIPTION_NAME:OFFICESUBSCRIPTION" -UsageLocation "DE"
Set-MSOLLicenseToADGroupMembers -GroupName "O365_E3" -License $LicenseE3withoutExchange -LicenseName "SUBSCRIPTION_NAME:ENTERPRISEPACK" -UsageLocation "DE"
Read More
Bechtle-Blog PowerShell Windows

Using Windows certificate store in Mozilla Firefox

Lots of companies are using Mozilla Firefox in their corporate environment. Firefox came up with a great new feature in the latest version – it will support Windows enterprise trusted root certificates! No more need for adding certificates to Firefox separately using the keytool:

Just use the Windows Active Directory Group Policies to deploy your certificates – most of you already do this for use with Microsoft Internet Explorer and other software. To enable this great new feature Firefox introduced a new configuration parameter named security.enterprise_roots.enabled this needs to be set to true in the about:config page:

Read More
Bechtle-Blog Office 365 PowerShell

Assign Office 365 licenses based on Active Directory groups

Updated version available: https://www.michaelmiklis.de/update-assign-office-365-licenses-based-on-active-directory-groups-version-1-1/

I’ve done several Microsoft Office 365 projects with together with some of our customers. In most implementations, I was asked if there’s a way to assign Office 365 licenses (a.k.a. plans) to users based on their Active Directory group memberships.

Most companies have built their entire permission model on Microsoft Active Directory. With Active Directory Federation Services (ADFS) Microsoft offers a powerful and great tool for synchronizing user and group account from the customer’s on-premise environment into the Office 365 cloud.

Unfortunately, there is no built-in technique to automatically assign licenses. Therefore I wrote a small PowerShell script to complete this task.

Read More
XenDesktop

Citrix XenDesktop SQL Database: Display all client connections

One of my customers came up to me and asked me how to query the Citrix XenDesktop Database using SQL queries to get a list of all connections that have been made.
The first thing to keep in mind is, that XenDesktop stores the information only for a couple of days – depending on your license (Enterprise or Platinum licenses). So if you’re interested in a long-term solution, then you should put the output / result of my query into another database or file for archiving.

Read More
PowerShell Windows

Creating PowerShell scripts with a GUI

I’ve created several PowerShell scripts that utilize Windows Presentation Foundation (WPF) for displaying a graphical user interface (GUI). The ability to use WPF GUIs enables you to combine PowerShell scripting and professional-looking GUIs – not like the old-school HTA GUIs in VBScripts.

WPF-Application

WPF is completely being build on XML / XAML files – and these files can be build using the graphical forms designer in Visual Studio Community Edition

Read More
PowerShell Windows

Disable IPv6 in Windows for a specific network connection only

Sometimes you want to disable IPv6 only on a specified network interface, instead of disabling IPv6 completely:

IPv6_Bind

Microsoft has released a KB article how to disable the individual IPv6 components in Windows – but not for an individual interface:
https://support.microsoft.com/en-us/kb/929852

I wrote a small PowerShell script that unbinds the IPv6 protocol. The PowerShell script is modifying the bindings in the registry – therefore a reboot is needed for this setting to take effect:

$UnbindID = $(Get-WmiObject -Class 'Win32_NetworkAdapter' | Where-Object {$_.NetConnectionID -eq 'Ethernet'}).GUID
$LinkageKey = $(Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetservicesTcpip6Linkage').Bind | Select-String -Pattern $UnbindID -NotMatch -SimpleMatch
Set-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetservicesTcpip6Linkage' -Name 'Bind' -Type MultiString -Value $LinkageKey

Note: According to your environment and operating system version and language, you may need to change the network connection name (‘Ethernet’ in my example’) to fit your interface / connection name.

Read More
Mac OS X Office 365

Microsoft Outlook for Mac 15.x activation error -805240834

I just installed an EFI update on my Apple Mac and figured out, that Outlook for Mac 15 wasn’t activated anymore. I simply tried to reactivate Outlook so I started the activation wizard, entered my email address and password… but there was an error:

Outlook_for_Mac_activation_error
After a little search via google I found the solution – you have to run these commands in the Terminal application:

killall "Office365ServiceV2"
sudo killall "Office365ServiceV2”"
cd ~/Library/Group Containers/UBF8T346G9.Office
ls -a | perl -n -e 'print if m/^[e|c]w/' | xargs rm
Read More
PowerShell Windows XenDesktop

Get running processes including CPU and memory usage

One of my customers needed a PowerShell script to get all running processes with their corresponding CPU load. This was script should be triggered by their monitoring system if the system total CPU usage exceeds a configured threshold.

They’re running a mid-sized Citrix XenDesktop farm with Server-OS (formerly known as XenApp a.k.a. terminal services) and sometimes applications are using a high CPU amount.

This is the small script I wrote for them:

#####################################################################
##
## (C) 2015 Michael Miklis (michaelmiklis.de)
##
##
## Filename:      Get-Tasks.ps1
##
## Version:       1.0
##
## Release:       Final
##
## Requirements:  -none-
##
## Description:   PowerShell Tasklist with CPU usage and memory
##                usage
##
## This script is provided 'AS-IS'.  The author does not provide
## any guarantee or warranty, stated or implied.  Use at your own
## risk. You are free to reproduce, copy & modify the code, but
## please give the author credit.
##
####################################################################

<#
.SYNOPSIS
Lists all running task including cpu and memory usage

.DESCRIPTION
The Get-Tasks function uses Windows Management Instrumentation (WMI) to retrieve process Name, ProcessId, SessionId,
VirtualSizeMB, Handles, Owner, PercentProcessorTime and ThreadCount

.PARAMETER computerName
Computername or IP Adress of the computer to query

.PARAMETER credential
Credentials to query computer as System.Management.Automation.PSCredential

.EXAMPLE
Get-Tasks
Get-Tasks -computerName "server.domain.com" -credential $credential

.NOTES
You need to run this CMDlet with elevated permissions
#>

function Get-Tasks {
    [CmdletBinding()]
    param (
        [parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [string]$computername,

        [parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [System.Management.Automation.PSCredential]$credential      
    )

    PROCESS {
        $colProcs = Get-wmiobject win32_process -computername $computername  -Credential $credential | select *,@{Name=”Owner”;Expression={($_.GetOwner()).User}}
        $colPerfs = Get-wmiobject win32_perfformatteddata_perfproc_process -computername $computername  -Credential $credential 
        $colTasklist = @()

        foreach ($proc in $colProcs) {
            $process = New-Object System.Object

            $perf = $colPerfs | Where-Object { $_.IDProcess -eq $proc.ProcessId }

            $process | Add-Member -type NoteProperty -name "Name" -value $proc.Name       
            $process | Add-Member -type NoteProperty -name "ProcessId" -value $proc.ProcessId
            $process | Add-Member -type NoteProperty -name "SessionId" -value $proc.SessionId
            $process | Add-Member -type NoteProperty -name "VirtualSizeMB" -value ([math]::Round(($proc.VirtualSize / 1024 /1024), 2))
            $process | Add-Member -type NoteProperty -name "Handles" -value $proc.Handles
            $process | Add-Member -type NoteProperty -name "Owner" -value $proc.Owner
            $process | Add-Member -type NoteProperty -name "PercentProcessorTime" -value $perf.PercentProcessorTime
            $process | Add-Member -type NoteProperty -name "ThreadCount" -value $perf.ThreadCount

            $colTasklist += $process
        }

        $colTasklist | Sort-Object PercentProcessorTime -Desc

        return $colTasklist
    }
}
Read More
Programming System Center

SCCM 2012 Extension: Remove a Computer from all Collections

Recently one of our customers wanted to have an extension for his Microsoft System Center Configuration Management 2012 Console to be able to remove a computer from all collections to which it was assigned to.

This was truly my first scripting and programming job regarding SSCM 2012. I did a little research on google and figured out how to do this. And this is how it looks like:

Miklis-SCCM-Extensions

There are two main components:

  • A script or application which will do the work
  • A XML file which actually adds the script or application to the context menu

The XML file needs to be placed in the following folder:
[SCCM-Directory]AdminUIXmlStorageExtensionsActions7ba8bf44-2344-4035-bdb4-16630291dcf6

The script or application can be put anywhere you want – you’ll only need to modify the path within the XML file:

SCCM-Extension-XML
 
 

DOWNLOAD
Miklis-SCCM-Extensions.zip
 

Read More
Windows XenApp XenDesktop

SESSIONID.EXE – Query Terminalserver Session ID

DOWNLOAD
sessionid.exe

I was looking for a way to display the session-ID of my current terminal server session regardless of the protocol I’m using in a batch file. I tried numerous workarounds by parsing the output of qwinsta.exe or quser.exe – but both ways didn’t work in a reliable manner.

After some research, I figured out that the session ID is available as a property within the .NET Framework. Therefore, I decided to write a small executable that will output the session id.

SessionID

Attached to this post you’ll find the SESSIONID.EXE – feel free to use it within your project.

Here are some code snippets how to use the sessionid.exe:

FOR /F "tokens=*" %%A IN ('sessionid.exe') DO SET SESSIONID=%%A
ECHO %SESSIONID%
Read More
1 2 3