_________________BEGIN Connect.ps1________________________
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
Import-PSSession $Session -AllowClobber
connect-msolservice -credential $LiveCred
#Remove-PSSession $Session
__________________END Connect.ps1_________________________
The above script connects to two services: (1) Azure Active Directory remote powershell and (2) Exchange Online remote powershell.
This is useful because the former is required to assign and manage licenses to Dirsync’d users in Office 365, and the later is required for managing mailboxes and mailbox moves in Exchange Online.
By combining the two sessions into a single powershell session, it is easier to administer and only have a single powershell window open.
One of the most common misconceptions about mailbox moves to Exchange Online with powershell is that people do not realize that you must run the move in a remote powershell session (see move script below for an example).
One of the most common tasks when getting started with Office 365 is to bulk license users based on a CSV file containing email addresses. The maintenance script below was created to perform multiple actions based on a source CSV file.
___________BEGIN Maintenance.ps1 ___________________
Import-csv c:\users.csv| foreach {
$UPN = $_.email
#The line below is great for testing the CSV file match against Cloud UPN. Helps you understand if your CSV file email addresses are matched up perfectly against cloud UPN addresses.
#get-Msoluser -UserPrincipalName $UPN
#the next line is great for getting unlicensed users. This helps you identify any unlicensed users that need a license applied.
#get-msoluser -UserPrincipalName $UPN | where {$_.IsLicensed -eq $false}
#The line below sets usage location and is required for every user.
#set-msoluser -userprincipalname $UPN -UsageLocation US
#The next two lines assign licenses. In order to get <tenant name> you run this command: get-msolaccountsku (remove the <>)
#$MSOLSKU = “<tenant name>:ENTERPRISEPACK”
#Set-MsolUserLicense -UserPrincipalName $UPN -Addlicenses $MSOLSKU
}
___________END Maintenance.ps1 ___________________
Now that you have licensed your users, it is now time to move mailboxes! (Assumes you have already completed the steps in the Exchange Deployment Assistant for configuring a Hybrid environment).
_______________Move Script.ps1_______________
#When prompted, enter your on-premise AD username and password like Domain\User that is a member of the Exchange Organizational Admins group
#Remember – this script is to be called from within a remote powershell session against Exchange Online, not using your on-premise Exchange Management shell!
$cred = get-credential
Import-csv .\user.csv | foreach {
$UPN = $_.Email
New-MoveRequest -identity $UPN -Remote -RemoteHostname ‘myhybridserver.mydomain.com’ -RemoteCredential $cred -TargetDeliveryDomain ‘mytenantname.mail.onmicrosoft.com’ -BadItemLimit 100 -AcceptLargeDataLoss -LargeItemLimit 100 -SuspendWhenReadyToComplete
}
_______________End Move Script.ps1_______________
Tips and Tricks
- After you’ve completed the tasks you wanted to perform in the Exchange Online organization, you need to disconnect the session between your local computer and the Exchange Online organization.
Use the following command to disconnect remote PowerShell from the Exchange Online organization.
Remove-PSSession $SessionIf you close the remote Windows PowerShell window without following this procedure, the session will have to time out (in approx 15 minutes), and the quota for the maximum number of concurrent connections may prevent you from connecting back to the service on a timely basis (maximum of 3 connections are allowed)
2. If you are setting up a new o365 tenant, and your on-premise AD domain has a default UPN like “myad.local” then you can configure Directory Sync to use an alternate login ID such as the mail attribute so that the email address is mapped to the UPN field in o365. This is beneficial because it saves the effort of changing UPN Id’s on-premise!
Recent change to Dirsync
It is also important to note that starting with DirSync version 6862.0000 released on June 5 2014 there is no longer a DirSyncConfigShell Console file in the Program Files folder. Instead you just start a normal PowerShell window and run Import-Module DirSync. After that the Start-OnlineCoexistenceSync cmdlet is available.
Common Dirsync Questions
- Even though Dirsync is configured to sync by default once every three hours, you can manually force dirsync to run at any time.
- You can also configure the default interval to run in shorter increments
- The default interval for Dirsync is a completely separate interval than password synchronization. Passwords are synced immediately to Azure AD and the average time before they are effective is usually under 3 minutes.
The Cloud Technologist 