New ResponseCancelCopy to Archive Copy to ArchiveMove to Archive Move to Archive

Document Library
Main Topic

Kurt Tomicich
2011/09/07


Procedure
Reference
Subject:1. PowerShell Stuff for Office 365
Category:Software\ Microsoft Office365
Version:7
Revision Date:2019/03/26 Modified: 2019/03/26
 
OriginatorReviewers
Kurt Tomicich
Starting to try to split off individual pieces and organize this better. All pieces to refer back to this doc for pre-req's and standardized items.
      Hide details for OLD PreReq infoOLD PreReq info
      WTF... Archived this in a collapsed section 12/10/12 Right now, it's possible to set password expiration to 2 years via the console

      is accomplished with PowerShell - The Microsoft Online Services Module is necessary. Complete list of Commandlets compatible with MSOL is attached below

      I had some issues getting Method3 to run as a batch file, but it seems to work fine if the three lines are copied and pasted into the Command Shell.

      UPDATE:
      9/18/2012 - The download link now downloads Transporter.msi - the MSOnline module is not present. Creating collapsed Section for MSOL Migration Tool and adding links to Microsoft Online Services Module which I eventually found

      Microsoft Online Services Sign-In Assistant may be necessary

      This is what I ended up using in the MOLS Command Shell:
          import-module MSOnline
          connect-msolservice
          Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

      Method-1
        For single user in Domain
        Set-MSOnlineUserPasswordNeverExpire –Identity jane.dow@contoso.com –PasswordNeverExpire $true –Credential $companyAdminCred

      Method-2
        For List of users in Domain
            · Create a CSV file that is named "Users.csv". The CSV file must have column header that are named "Identity"
        #-------------------------------------------------------------------------------
        $users = Import-Csv -Path "users.csv"
        If (!$tcred) {$tcred = Get-Credential "MSOL Admin Cred"}
        $users | ForEach-Object {
        $Identity = $_.Identity
        $TrustedUser = $_.TrustedUser
        Set-MSOnlineUserPasswordNeverExpire –Identity $Identity –PasswordNeverExpire $true –Credential $tcred -Verbose
        }
            · Start Notepad, and then copy and paste the following PowerShell script code to Notepad
            1. Save the file as AddMSOnlineMailPermission.ps1.
            2. Click Start, point to All Programs, point to Microsoft Online Services, point to Migration, and then click Migration Command Shell.
            3. At the PowerShell prompt, move to the folder that contains the script, type .\AddMSOnlineMailPermission.ps1, and then press ENTER.

      Method-3
        For All users in Domain
        If the users are more than 250 use the below script.
        (You can copy the text in a notepad file and then save it as .PS1 file and then run it) .
        #-------------------------------------------------------------------------------
        $admincredential = get-credential
        $colUsers = get-msonlineUser -Credential $admincredential -enabled -ResultSize 10000
        $colusers | ForEach-Object{Set-MSOnlineUserPasswordNeverExpire –Identity $_.identity –PasswordNeverExpire $true –Credential $admincredential}
        ---------------------------------------------------------------------------------------
      Hide details for One box gives one user accessOne box gives one user access
      Add-MailboxPermission -Identity user@company.onmicrosoft.com -User "Mail Readers" -AccessRights 'FullAccess' -AutoMapping $False
      Hide details for OLD: Set all mailboxes to be accessible to mail administrators:OLD: Set all mailboxes to be accessible to mail administrators:
      LINK: Give an Administrator the Ability to Open and View the Contents of a User's Mailbox
      Global Administrators will all automatically have the Organization Management role. Can apply the role to others in Exchange Admin Center / Permissions

      Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User "Organization Management" -AccessRights fullaccess -InheritanceType all -AutoMapping $False
        Hide details for Trying a Security Group instead of the Organization Management roleTrying a Security Group instead of the Organization Management role
        2018-06-18
        Everything stopped working. We've been beating up on it for hours. Currently, there is a mail-enabled security group named Mail Readers

        Working on CDA 9/13/16
        Got this working using a new Permissions - Admin Role: Copied the Organization Management role into a new one named mailbox.readers

        9/12/2016 but it kept saying there's no such User or Group. Maybe a timing issue? IDK, but I gave it a ton of time and verified that the group showed in Admin Console before trying to run the script.
        Create a new Security Group named Mailbox Readers
        Run this powershell script:
          Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User "mailbox.readers" -AccessRights fullaccess -InheritanceType all -AutoMapping $False

        This script that was used to REVOKE access of Organization Management role :
        Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Remove-MailboxPermission -User "Organization Management" -AccessRights fullaccess



All Documents   By Author   By Category   By Alternate Name   Review Status   Help