Get Site collection Administrators for SharePoint Online using PowerShell


SharePoint Online sites can have thousands of users.  There are times when people are asked to get site collection admins using SharePoint Online Management Shell or Get-SPOUser cmdlet with Where $_.IsSiteAdmin.  This will result in timeout if there are lot of users on the site.  Instead I decided to use a different approach.  First get all the users from site into a CSV and then make the check. 

image

$Creds = Get-Credentials

$site = ‘https://sharepoint-admin.sharepoint.com’
Connect-SPOService -Url $site -Credential $Creds

$AllUsers = Get-SPOUser -Site https://site.sharepoint.com -Limit all | select DisplayName, LoginName,IsSiteAdmin
$AllUsers | Export-Csv -Path C:\temp\allusers.csv -NoTypeInformation -Force
$Data = Import-Csv C:\temp\allusers.csv
foreach($aUser in $Data)
{
  if($aUser.IsSiteAdmin -eq “True”)
  {
    Write-Host $aUser.DisplayName $aUser.LoginName
  }
}

“Attachments” folder in OneDrive for Business


In the first week of January, one of our customer rolled out OneDrive for business function to 5000 Users.  After all the sites were provisioned, some users came back and asked question about a “Attachments” folder.  We did not had any details. 

SNAGHTML15249fd

After some research I did found about “Email Attachment” folder.  This folder will be used by Office 365 Outlook App to store attachments to OneDrive.  This feature was introduced back in January 2016. You can find more information from https://blogs.office.com/2015/01/14/save-outlook-com-email-attachments-onedrive-one-click/

After working with Microsoft, we are told that this feature is part a new feature that is being rolled out. 

Focused Inbox for Outlook for Windows, Mac and web

The Focused Inbox helps you focus on the stuff that matters most. Loved on Outlook for iOS & Android, now available on Outlook for Mac. Soon to be available on all Outlook endpoints. More details

SharePoint Online Site Alerts with Mail-Enabled Security Groups


SharePoint alerts are important part of end user functions for SharePoint sites.  Alerts can be created for Lists, Libraries, folders and individual items.  You can create alerts for yourself and others.   In SharePoint Online you can not send alerts to mail-enabled Security Groups by default. You must add the Mail-Enabled security Group one SharePoint group with view permissions.  SharePoint Alerts will work.  If you do not want to add the group to SharePoint then you can use the Outlook Rules to forward email to the group.  SharePoint workflow can also be used to send email as well.

Disable OneDrive Sync for SharePoint Online Site Libraries


https://gallery.technet.microsoft.com/Disable-OneDrive-Sync-for-71f99ceb

Write-Host “Please Enter SharePoint Online Service Administrator Credentials!”
$Creds = Get-Credential

$SuperAdmin = “SCAadmin@tenant.onmicrosoft.com”

$AdminUrl = ‘https://admin.sharepoint.com’

Add-Type -Path “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll”
Add-Type -Path “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll”
Add-Type -Path “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Taxonomy.dll”

Connect-SPOService -Url $AdminUrl -Credential $Creds
$spocredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Creds.UserName , $Creds.Password)

$Sites = Get-SPOSite -Limit All | Select-Object Url
Write-Host “Total Sites are ” $Sites.Count -ForegroundColor Green

foreach($Site in $Sites)
{
    try
    {
        Set-SPOUser -Site $Site.Url -LoginName $SuperAdmin -IsSiteCollectionAdmin $true -Verbose
        $SiteUrl = $Site.Url
        Write-Host $SiteUrl

        #Get the Client Context and Bind the Site Collection
        $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
        $ctx.Credentials = $spocredentials
        #Authenticate
        $Rootweb = $ctx.Site.RootWeb
        $ctx.Load($Rootweb)
        $ctx.Load($Rootweb.Webs)
        $ctx.ExecuteQuery()

        Write-Host $Rootweb.Title
        write-host $Rootweb.ExcludeFromOfflineClient

        $Rootweb.ExcludeFromOfflineClient = $true
        $Rootweb.Update()
        $ctx.ExecuteQuery()

        #Fetch the users in Site Collection
        foreach($web in $Rootweb.Webs)
        {
            try
            {
                $ctx.Load($Web)
                $ctx.ExecuteQuery()
                Write-Host $web.Title
                write-host $web.ExcludeFromOfflineClient
                $web.ExcludeFromOfflineClient = $true
                $web.Update()
                $ctx.ExecuteQuery()
            }
            catch
            {
                Write-Host “Exception at Sub Web. Script will continue” -ForegroundColor Red
            }
        }

    }
    catch
    {
        Write-Host “Exception at Root Web. Script will continue” -ForegroundColor Red
    }
}

Export Office 365 User Roles and Members to Text or CSV file


$Creds = Get-Credential -Message “Please enter SharePoint Online Administrator User and password.”
Connect-MsolService -Credential $Creds

$Roles = Get-MsolRole | ? Name -Like “*”
foreach($Role in $Roles)
{
    $RoleName = $Role.Name
    $Members = Get-MsolRoleMember -RoleObjectId $Role.ObjectId
    if($Members)
    {
        $Role.Name | Out-File -FilePath C:\Scripts\Admins.txt -Append -Encoding default -Force
        $Members | Out-File -FilePath C:\Scripts\Admins.txt -Append -Encoding default -Force
    }
    else
    {
        $Role.Name | Out-File -FilePath C:\Scripts\Admins.txt -Append -Encoding default -Force
        “No Members” | Out-File -FilePath C:\Scripts\Admins.txt -Append -Encoding default -Force
    }

}

# You can also create a better CSV

$UserRoles = @()
$Roles = Get-MsolRole | ? Name -Like “*”
foreach($Role in $Roles)
{
    $RoleName = $Role.Name
    $Members = Get-MsolRoleMember -RoleObjectId $Role.ObjectId
    if($Members)
    {
        foreach($Member in $Members)
        {
            $Role = New-Object PSObject
            Add-Member -input $Role noteproperty ‘RoleName’ $RoleName
            Add-Member -input $Role noteproperty ‘RoleMemberType’ $Member.RoleMemberType
            Add-Member -input $Role noteproperty ‘EmailAddress’ $Member.EmailAddress
            Add-Member -input $Role noteproperty ‘DisplayName’ $Member.DisplayName
            Add-Member -input $Role noteproperty ‘isLicensed’ $Member.isLicensed
            $UserRoles += $Role
        }
    }
    else
    {
        $Role = New-Object PSObject
        Add-Member -input $Role noteproperty ‘RoleName’ $RoleName
        Add-Member -input $Role noteproperty ‘RoleMemberType’ “”
        Add-Member -input $Role noteproperty ‘EmailAddress’ “”
        Add-Member -input $Role noteproperty ‘DisplayName’ “”
        Add-Member -input $Role noteproperty ‘isLicensed’ “”
        $UserRoles += $Role
    }
}
$UserRoles | Out-GridView

Export Office365 User Roles to CSV


$User = “user@tenant.onmicrosoft.com”
#$User = Read-host “Please enter Office365 Admin User name username@domain.onmicrosoft.com. “
$Creds = Get-Credential

#Connect-SPOService -Url https://tenant-admin.sharepoint.com -Credential $Creds
Connect-MsolService -Credential $Creds

$AllUserRoles = @()

$Users = Get-MsolUser -All
foreach($user in $Users)
{
    $UserRoles = Get-MsolUserRole -UserPrincipalName $User.UserPrincipalName
    foreach($role in $UserRoles)
    {
        $aRole = New-Object PSObject
        $UserName = $User.UserPrincipalName
        $RoleName = $role.Name.ToString()

        Add-Member -input $aRole noteproperty ‘UserName’ $UserName
        Add-Member -input $aRole noteproperty ‘RoleName’ $RoleName
        $AllUserRoles += $aRole
    }
}

$AllUserRoles | export-csv -Path C:\Scripts\SPOUserRoles.csv -NoTypeInformation -Force

70-346 347 Exam Links – Office 365


Administration roles in Office 365
http://technet.microsoft.com/en-us/library/hh852528.aspx

Prepare for directory synchronization
http://msdn.microsoft.com/en-us/library/azure/jj151831.aspx

How Active Directory Functional Levels Work
http://technet.microsoft.com/en-us/library/cc739548(v=WS.10).aspx

Identifying Your Functional Level Upgrade
http://technet.microsoft.com/en-us/library/cc754209(v=WS.10).aspx

Microsoft Office 365: Make a Smooth Move to the Cloud
http://technet.microsoft.com/en-us/magazine/gg675925.aspx

Moving to Office 365 has never been easier!
https://office365.useractivation.com/

DirSync: List of attributes that are synced by the Azure Active Directory Sync Tool
http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

Office 365 DirSync Filtering
http://msexchangeguru.com/2012/08/10/office-365-2/

O365 User Roles
https://support.office.com/client/results.aspx?Shownav=true&lcid=1033&ns=O365ENTUSER&version=15&ver=15&HelpID=O365E_AssignAdminRoles&ui=en-US&rs=en-US&ad=US

Get-MsolUser (ReturnDeletedUsers, UnlicensedUsers)
http://technet.microsoft.com/en-us/library/dn194133.aspx

Getting all Licensed Office 365 users with PowerShell
http://adminsnotes.blogspot.in/2013/09/getting-all-licensed-office-365-users.html

Office 365 – User Account Management
http://technet.microsoft.com/en-us/library/office-365-user-account-management.aspx

Assign or remove licenses, or view a list of unlicensed users
https://support.office.com/en-US/Article/Assign-or-remove-licenses-or-view-a-list-of-unlicensed-users-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US

What happens when SharePoint Online subscription expires
http://blogs.technet.com/b/vedant/archive/2009/10/21/what-happens-when-sharepoint-online-subscription-expires.aspx

Checklist: Deploy your federation server farm on Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn528856.aspx

Install the Federation Service Proxy Role Service
http://technet.microsoft.com/en-us/library/dd807096.aspx

AD FS Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc731443(v=WS.10).aspx

configure DirSync and SSO with ADFS and Office 365
https://onedrive.live.com/view.aspx?resid=8D22925062E717B6!328&app=PowerPoint&authkey=!AHUCydKhR9wk7GI

Find your domain registrar or DNS hosting provider (TXT, MX and CNAME, SRV)
https://support.office.com/en-us/article/Find-your-domain-registrar-or-DNS-hosting-provider-b5b633ba-1e56-4a98-8ff5-2acaac63a5c8

MOSDAL and Office 365 Service Health Page
http://www.microsoft.com/en-us/download/details.aspx?id=30716

You can’t connect to Lync Online, or certain features don’t work, because an on-premises firewall blocks the connection
http://support.microsoft.com/kb/2409256
http://community.office365.com/en-us/f/148/t/188592.aspx

Office 365 Service Continuity
http://technet.microsoft.com/en-us/library/office-365-service-continuity.aspx

Convert-MsolDomainToFederated

How to troubleshoot deleted user accounts in Office 365
http://support.microsoft.com/kb/2619308

Exchange admin center in Exchange Online
http://technet.microsoft.com/en-us/library/jj200743%28v=exchg.150%29.aspx

Permissions in Exchange Online
http://technet.microsoft.com/en-us/library/jj200692%28v=exchg.150%29.aspx

MFA for Office 365 and MFA for Azure
http://blogs.technet.com/b/ad/archive/2014/02/11/mfa-for-office-365-and-mfa-for-azure.aspx

Plan for Internet bandwidth usage for Office 365
http://technet.microsoft.com/en-us/library/hh852542.aspx

Delete or Restore User Mailboxes in Exchange Online
http://technet.microsoft.com/en-us/library/dn186233(v=exchg.150).aspx

Getting started with Windows Azure Multi-Factor Authentication
http://blogs.technet.com/b/ad/archive/2013/10/10/getting-started-with-windows-azure-multifactor-authentication.aspx

Under the hood tour on Multi-Factor Authentication in ADFS – Part 1: Policy
http://blogs.msdn.com/b/ramical/archive/2014/01/30/under-the-hood-tour-on-multi-factor-authentication-in-ad-fs-part-1-policy.aspx

Under the hood tour on Multi-Factor Authentication in ADFS – Part 2: MFA aware Relying Parties
http://blogs.msdn.com/b/ramical/archive/2014/02/18/under-the-hood-tour-on-multi-factor-authentication-in-ad-fs-part-2-mfa-aware-relying-parties.aspx

Assign or remove licenses, or view a list of unlicensed users
https://support.office.com/en-ca/article/Assign-or-remove-licenses-or-view-a-list-of-unlicensed-users-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-CA&ad=CA