Manage Office 365 using PowerShell

As someone who’s primary job is being a SharePoint administrator, the Rise of the Cloud (Office 365) was something which scared me in the beginning. Was my job doomed? Well, not exactly. You see, Office 365 is complex and it evolves constantly. Yes, a lot of stuff you do as an administrator on-premise is taken off your hands by Microsoft engineers at the datacenters but there’s plenty of stuff to “administer” in a cloud environment. You still need to manage users and their habits of losing passwords. You still need to create site collections, manage mailboxes, set up retention policies, and so on. Microsoft did a great job of providing a nice administration portal for all of these tasks but they also provide PowerShell management modules for all of the services in Office 365 to allow administrators to manage their tenant locally from their machine. This post gives an overview of the things you need to manage the different areas (services) in your Office 365 tenant.

Users/Licenses/Subscriptions 

A few weeks ago, the Azure AD PowerShell v2.0 module hit general availability and is now the recommended module to use when you want to do Azure AD management using PowerShell. At the time of this update, the latest stable version is 2.0.0.33. The old module (msonline) will be deprecated in the near future.

To use this new module, you need to install it from the PowerShell Gallery. To install a module from the PS Gallery, you need to install PowerShellGet on your machine. If you have a Windows 10 machine, this will already be installed and you can proceed with the installation of the module itself. If you have Windows 7 or 8.x, you have to install PowerShellGet first. You can find a link to the .MSI on the link below.

Once this package is installed, you can proceed with the installation of the AzureAD module.

The first line will set the PowerShell Gallery as a trusted repository. If you don’t set it as a trusted repository, you will see a warning when you run the Install-Module command.
If you have already an earlier version of this module (ex. 2.0.0.30), you can update it to a newer version by specifying the -Force parameter with the Install-Module command.

After the module has been installed, you can use it to manage your users, groups, licenses, and so on.

Skype for Business Online

To manage Skype for Business Online, you need to install the following package:

Once the package is installed, you can open a PowerShell console and connect to Skype for Business Online.

SharePoint Online

To manage SharePoint Online, you need to install the following package:

Once the package is installed, you can open a PowerShell console and connect to SharePoint Online.

The URL you need to provide to connect to SharePoint Online, is the URL of the SharePoint admin center in the Office 365 portal. For instance: https://mytenant-admin.sharepoint.com.

Exchange Online

To manage Exchange Online, you don’t need to install additional packages. You can execute the lines of PowerShell below to get started. When these lines are executed, the Exchange Online cmdlets are imported in your session. When you change Management Roles in Exchange Online however, you need to relaunch the session because changing roles also means that the cmdlets you CAN use, will change.

Rights Management

To manage Azure RMS in your Office 365 tenant, you need to install the following package:

When this package is installed, the PowerShell module will be installed on your machine.

 

Add a SQL Alias using PowerShell

Setting a SQL alias on every SharePoint server is a common task when you are installing SharePoint. You use the SQL Server Client Network Utility (cliconfg.exe) for this. This tool is available on every SharePoint server because it’s part of the SQL Server Native Client prerequisite.

Setting a SQL alias is a best practice because it makes your life a whole lot easier when you want to change the actual database server in some point of time. If you use an alias, the only thing you need to do at that moment, is change the target of your alias and you’re good to go. If you install SharePoint and you reference the database server directly, your only way of pointing SharePoint to the new database server painlessly, is to create an alias at that time, set the name of the alias to the name of the old database server and have it point to the new server. Definately not cool because when someone looks at the Servers in Central Administration, it will list the old name and it’s not clear that this is not a server anymore but an alias.

When you want to set an alias, you run cliconfg.exe on each SharePoint server. In this tool, you have an “Alias” tab, where you can set it. You provide a name, the type of connection (Named Pipes, TCP/IP) and a server name. You can also select a custom port if you use TCP/IP or keep the default.

sql alias - 01

If you don’t want to do this manually, there’s also a way of doing this with PowerShell. The only thing this tool does, is create a string value in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo

sql alias - 01

So, doing this using PowerShell is easy.

You can find this script in my PowerShell Repository on GitHub.

TFS Build agent running but still displayed as offline

A colleague of mine notified me today that there was a problem with the TFS build agent on our TFS server. When he tried to queue a build, the following message popped up:

There are issues with the request or definition that may prevent the build from running:
There are agents that are capable of running the build, but they are not online. If the agent is configured to run as a service, ensure that the “VSO Agent ({agent name})” service is running.

capture20160512133924399

This looked like a no-brainer. Probably the service which was not started. When I looked at the service, I noticed that it was running.

snip_20160512155042

I checked the Agent pools in the TFS Control Panel and this was showing a red status while it should be green. Not good.

snip_20160512155235

To see what was going on, I went to the folder where the agent was installed. In that folder, a _diag folder exists with logging. After opening one of the log files, I noticed this error:

System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:8080

(IP is replaced with xxx in the message above).

The IP which was listed, was the IP of the TFS server. What got me thinking in the right direction for a solution, is a part of the logfile above the message where the settings are loaded:

VsoAgent.exe was run with the following command line: “C:\BuildAgent\agent\vsoagent.exe” /runningAsService
12:04:06.109768 SettingsFileHelper.Load – settings[AutoUpdate]=True
12:04:06.109768 SettingsFileHelper.Load – settings[RootFolder]=C:\BuildAgent
12:04:06.109768 SettingsFileHelper.Load – settings[WorkFolder]=c:\BuildAgent\_work
12:04:06.109768 SettingsFileHelper.Load – settings[ServerUrl]=http://tfs.mydomain.com:8080/tfs
12:04:06.109768 SettingsFileHelper.Load – settings[AgentName]=xxxxx
12:04:06.109768 SettingsFileHelper.Load – settings[PoolId]=1
12:04:06.109768 SettingsFileHelper.Load – settings[PoolName]=default
12:04:06.109768 SettingsFileHelper.Load – settings[AgentId]=2
12:04:06.109768 SettingsFileHelper.Load – settings[RunAsWindowsService]=True
12:04:06.109768 SettingsFileHelper.Load – settings[WindowsServiceName]=vsoagent.tfs.xxxxx
12:04:06.109768 SettingsFileHelper.Load – settings[WindowsServiceDisplayName]=VSO Agent (xxxxx)

The “ServerUrl” setting listed the default URL for TFS. Which is HTTP on port 8080. But I remembered that we changed our configuration to run on HTTPS. So, our TFS was not at 8080, but 443 and then it hit me… I configured the buildagent before we changed to HTTPS.

The solution to this issue was pretty clear, I needed to update the “settings.json” file in the buildagent folder and replace the old URL with the new one.
After changing this file, I restarted the buildagent service, went back to the Agent Pools, refreshed the page and noticed the status changed to green.

snip_20160512161012

Good to go!

Change UPN Suffix using PowerShell

A few weeks ago, I was implementing AD synchronization between an on-prem Active Directory and Office 365. One of the prerequisites is that the UPN (User Principal Name) suffix for the users which are synchronized to Office 365, has to be a public domain name. The domain I was working with, was a local domain (.local). So, I had to change the UPN suffixes for all users to the public domain name. Because I had to change thousands of users, I created a PowerShell script which does it for me. The script does a few checks before it actually tries to update the UPN:

  • It checks if the “ActiveDirectory” module is installed. We need this to interact with the objects in Active Directory. If it’s installed, it’s loaded automatically if not already loaded.
  • It checks if the new UPN suffix, which needs to be provided by means of a parameter, is registered as a UPN suffix in the domain.

The script has 4 parameters:

  • OldUPNSuffix : This is UPN Suffix which is going to be replaced with the new one.
  • NewUPNSuffix : This is the new UPN suffix
  • Filter : This is a filter which is used in the Get-ADUser cmdLet and is used to retrieve all user objects we are working with. For more information on the filters which can be specified, check the documentation for the Get-ADUser cmdLet.
  • Mode : I made the script to run in a “List” and “Modify” mode. When you specify “List” as value for this parameter, the actual change is not done but it’s only logged in a file. Comes in handy when you want to see the results before you actually unleash it with the “Modify” value. And yes, I know… you can do this with the -whatif also. But then again, I prefer my logfile output over a scrolling command console with a massive amount of output.

Now, for the script… here it is. Nothing to fancy really.

 

SharePoint 2013 Trial License – License Upgrade FAIL

I consider myself as someone who knows a lot of SharePoint. I don’t know everything and I’m learning new things every day. Which is good because this motivates me. One of those things I learned (the hard way) in the last couple of weeks is about licensing and the consequence of using a SharePoint TRIAL license. Let me elaborate a bit on this.

Last year, I installed 2 SharePoint farms at a client. When you install SharePoint, the first thing you need to provide, is the license key. Because nobody was able to provide me the key at that time, I used a trial key which is valid for 180 days. You can get this key over here.

A few weeks ago, I was notified that a Microsoft audit was on the way concerning licensing and they ran the Microsoft Assessment and Planning Toolkit to have an overview of the licenses. The result was that all involved SharePoint servers were identified as ENTERPRISE servers. This was a problem since they don’t have Enterprise licenses and were expecting Standard servers.

I was convinced I never activated any Enterprise features in both environments and ran some PowerShell scripts to see on all kind of levels if Enterprise features were active and to my surprise, they were activated on all sites. Since none of those features are used, I proceeded to deactivate all of them.

The report was created again… still Enterprise servers.

Then I remembered that I used a trial key and the Upgrade License page in Central Administration allows you to see the current license and replace that license with a different license.

And there was the culprit… the Trial key for SharePoint 2013 is a “SharePoint Server Trial with Enterprise Client Access License

My first reaction was: “I never saw an option to choose between a Standard and Enterprise Trial”. And that’s correct… there’s only 1 trial and that’s Enterprise!

I checked the page where you can find the evaluation version and you won’t find any reference or notification of the fact that the trial version is an Enterprise license!!!! Come on!? Why not? The only possible hint of this being an Enterprise version is the mentioning of “full-featured” in the Preinstall Information section. But that’s interpretation, right?

One would think that you could simply put in your Standard license key and “upgrade” that Enterprise trial to a Standard server license, right? Well, I wish it was that simple. enterprisetrial

It’s simply not possible. You cannot replace the Trial license with a Standard Server license. It expects an Enterprise server license key. Somehow this makes sense. When you look at SQL Server, the same thing applies. You can’t downgrade an Enterprise Edition to a Standard Edition either.

Options?

Well, not many I’m afraid. The only viable option I found was to uninstall SharePoint completely. And by uninstalling, I’m referring to this. That’s removing the binaries from the servers and reinstalling them. Upon installation, provide the Standard Server License key and get that show on the road. Luckily, you can hook up the databases from the old trial environment without issues.
This is such a situation where having a detailed installation/configuration documentation pays off. I make a habit of documenting everything in full detail with screenshots in OneNote, with the scripts I use and the parameters which are used for them. This makes it very easy to redo it if needed. So, doing this reinstallation was a breeze for me.

But I can imagine that if you don’t have such documentation or you have it but some wannabe professionals came in and started modifying things manually, not documenting a thing… you might be in a world of hurt.

As a seasoned SharePoint professional, I have to admit that I was a bit shocked of the fact I didn’t know this. This seems like a “Duh! Basic knowledge!” kind of thing. Definitely not my best day when I found out about this. 😳

 

OneDrive Sync Engine Host Crash on Win 8.1 solved at last

For a while now, I have been experiencing issues with OneDrive on my Windows 8.1 machine. I don’t know when it started but it’s at least going on for a month or 2. Everytime my Windows is started, the OneDrive synchronization service (SkyDrive Sync Engine Host) is started and after a short period of time, it just stops working. It restarts after a while but it crashes again… this goes on and on… really annoying because I have to sync everything manually by going to OneDrive and upload it there.

When you use Google and Bing, you get tons of people experiencing the same issue. What really annoys me about it is the fact that there’s NO fix from Microsoft for this. Really! If you post your issue, they just tell you to run a diagnostic tool to “fix” OneDrive. For some people this works, for others it doesn’t.

Well, I’m one of those people where it doesn’t work and who clicked like every link on Google and Bing and tried everything.

The only thing which works TEMPORARILY is to move my local  OneDrive folder to another location. This works UNTIL my PC is rebooted. Then it just starts crashing again.

Now, Since a few days, my issue is solved. I found a link where somebody (from Microsoft?) hinted about OneDrive needing access to “some” place in the registry. If it can’t access it, it crashes.

Because I was sick and tired of this crashing, I started disabling services which were running… starting with the things which were sitting in my system tray. After each service, I waited until the OneDrive service was started again and checked if it crashed.

And yes, I found the nasty bugger who is responsible for the crashing !!!!!

It’s the SDTray.exe service from Spybot – Search and Destroy. This is started when my PC is booted. When I exit this application in the system tray, my OneDrive start and will not crash anymore.. I guess it blocks access to resources which are needed by OneDrive (registry?).

This worked for me. But if you don’t have this SDTray application and you are experiencing the same issue, checking for running services which might have the same behaviour might be a solution for you.

Close disconnected remote sessions using PowerShell

Do you know this situation? You are responsible for some servers and you planned to do some patching during the weekend. You open a remote desktop to the server with the administrator user and you see that the session is still active. Visual Studio is open with unsaved source code, some config files are open, even somebody’s Facebook is nicely ready for you…
Or you start to install some critical updates and when you want to reboot, Windows tells you that there are other users logged on… you check the users tab in the task manager and you see some “disconnected” sessions. Arggh! 👿

I grew tired of reminding people to log off instead of just closing the session. Some people listened, some are too lazy and won’t listen.

So, I wrote myself a little script which runs every evening and terminates all disconnected sessions, regardless of unsaved shizzle that’s happening in them. Really, people only learn to follow the rules when you hit them where it hurts. Sad, but true.

So, here’s the script…

I created a task in the task scheduler to run this every evening at 9PM.

You can find this script in my GitHub PowerShell repository.

Turning On NumLock at startup in Windows 8

I have been working with Windows 8 and 8.1 for over a year now and I really like it. One thing which annoyed me was the fact that the NumLock is always turned off when you reboot your computer. I have been searching a lot on the internet and you always find the same results… change a registry key “InitialKeyboardIndicaters” to 2. That should fix it. I wonder, did those people actually tried this? On all of the pages where this advice is given, almost everywhere, people comment on it that it doesn’t work.

Well, same for me. Didn’t work. Now, here’s something that DOES work (tested it on 5 machines)

Open up the Control Panel and under “Hardware and Sound”, you will find the “Power Options”. There’s a link “Change what the power buttons do”. Click that one.

ControlPanel

On the next page, click the “Change settings that are currently unavailable” link.

PowerButton1

In the Shutdown settings section on the same window, you see an option “Turn on fast startup (recommended)”.
Turn it off!

FastStartup

It’s this setting which is responsible for the problem with the numlock! Does this mean that your PC will start slower? Probably a little bit, but the difference for me almost nothing.

After doing this, the numlock on my computer stays on. I also noticed that the lockscreen background image now also stays on the image I set it to. I noticed that most of the time I just got the default one from Windows.

Locating SIM Applications in Windows Phone 8

Earlier this week, I bought myself the HTC 8X as a replacement for my Samsung Omnia 7. Being a Microsoft adept, I need to be up to date with my equipement eh. 😎

SIM applications - 1
As soon as I got my HTC, I realized that I also need a new SIM card. The Omnia 7 uses a normal format and the HTC uses a micro SIM. Damned! Had to wait until today to find a store open to get a new one.

So, at last… I can use it. Really not cool if you have laying around a shiny new WP8 and you can’t use it and you still have to use your old WP7.5.

But anyway… I never gave it much attention on my Omnia but I stumbled onto the SIM Applications while checking out the WP8 features. You know, the applications on your SIM card to check your bank account, top up your account and so on. Since these are not between the normal apps, you have to dig into the settings to find them.

So here’s how…

Go to Settings => System => Mobile Network and browse to the bottom. There you will find “sim applications”.

SIM applications - 2  SIM applications - 3

Use a Custom ringtone on WP7 Mango

With Windows Phone 7 Mango, it’s now possible to use a custom ringtone.
However, you have to know how to do this because simply transfering any mp3 to your phone is not going to work. There are some constraints….
Your ringtone has to be:

  • a .WMA or .MP3
  • max 1Mb in size
  • about 30 sec. long (don’t know the correct length, but if you keep it below 30sec, it will definitely work)
  1. Connect your phone to your PC
  2. Load the ringtone to the folder where it’s picked up by Zune.
  3. In Zune, right-click the ringtone and select Edit.
  4. In the Genre field, type “Ringtone”.
  5. Transfer the ringtone to your phone

On your phone, go to Settings => Ringtones + Sounds en there you will find your custom ringtone.