Useful PowerShell cmdlets to administer Office 365 Groups:

11

Howdy Folks! As promised in previous blog  post related to Office groups , I’m back now with some cool PowerShell cmdlets which should ease your work in managing Office 365 groups in your organization . If you’re new to Office 365 groups, I humbly request you to read in detail about Office 365 groups by accessing this link. I’ve tried my best to explain Office 365 groups there. You can read this post on HubFly blog site as well. Alright, let’s get started ….

Note : Before you can run all these PowerShell cmdlets below , you need to load the Exchange Online management shell by following this link .I’ve given a screenshot below for your reference .

1

Listed below are the operations that you can perform by following the PowerShell commands mentioned below

  • Get the list of all the Office 365 groups in your tenant
  • Remove an existing Office 365 group from the tenant
  • To make changes to an existing Office 365 group
  • Get the membership and ownership information of an Office 365 group /all the Office 365 groups in your tenant
  • Get the list of all the Office 365 groups in descending order
  • Get the list of all Private Office 365 groups in your tenant
  • Get the list of deleted Office 365 groups in descending order
  • Get the list of orphaned Office 365 groups in your tenant
  • Retrieve the list of recently created Office 365 groups
  • Update the quota of a new group if a team site exists
  • Create new Directory Settings for Groups template
  • Update the classifications for all the Office 365 groups
  • Update the privacy of an Office 365 group based on its classification
  • Determine where a group was provisioned (Planner, Yammer, Teams etc.)
  • Get the list of Obsolete Office 365 groups in your tenant

So, let’s look into all these operations in detail below….

  1. To get the list of all the Office 365 groups in your tenant:

Get-UnifiedGroup

2

  1. To remove an existing Office 365 group:

This will remove a specific Office 365 group from your tenant.

Remove-UnifiedGroup -Identity “Test Group”

  1. To make changes to an existing Office 365 group in your tenant:

Set-UnifiedGroup

Ex 1: Set-UnifiedGroup -Identity “HR Team” -AccessType Private

This example changes the Office 365 Group named HR Team from a public group to a private group.

Ex 2: Set-UnifiedGroup -Identity “HR Team” -PrimarySmtpAddress hrteam@o365techy.onmicrosoft.com -RequireSenderAuthenticationEnabled $false

This example makes the following changes to the Office 365 Group named HR Team:

i)The primary email address is changed to hrteam@o365techy.onmicrosoft.com.

ii)The Office 365 Group is allowed to receive mail from unauthenticated (external) senders.

  1. To get the membership and ownership information of an Office 365 group/all the Office 365 groups in your tenant:

Get-UnifiedGroupLinks

Ex: Get-UnifiedGroupLinks -Identity “Transport Department” -LinkType Members

This example shows the members of the Office 365 Group named Transport Department

Similarly, you can use the script below to get the list of all the members from all the Office 365 groups in you tenant.

Get Office 365 group members

This will run and display the results as shown in the screenshot below.

3

  1. To get the list of all the Office 365 groups in descending order:

Get-UnifiedGroup | Select Id, DisplayName, ManagedBy, Alias, AccessType, WhenCreated, @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; Label=’Members’} | Sort-Object whencreated | Format-Table displayname, alias, managedby, Members, accesstype, whencreated

4.png

  1. To get the list of all private Office 365 groups in your tenant:

Get-UnifiedGroup | Where-Object {$_.AccessType -eq ‘Private’} | Sort-Object whencreated | Format-Table displayname, alias, managedby, accesstype, whencreated

5.png

  1. To get list of deleted Office 365 groups in descending order:

Get-AzureADMSDeletedGroup | Sort-Object DeletedDateTime -Descending | Format-Table Id, DisplayName, Description, Visibility, DeletedDateTime

Note: To run this command, you need to do the below mentioned steps, else you would end up getting an error as shown in the image below. If you pay close attention to the cmdlet you would notice that this is related to Azure AD and hence you need to load the Azure AD PowerShell module for this.

I’d suggest performing these tasks in a different PowerShell window for ease of use.

  1. Uninstall the production module of Azure AD by running, (Uninstall-Module AzureAD) as this cmdlet works with the preview module of Azure AD.
  2. You cannot have the production module and the preview module running on the same machine as per Microsoft’s documentation mentioned in this link https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
  3. Once done, please go ahead and install the Preview module by running (Install-module AzureADPreview)
  4. After that, please connect to Azure AD by running Connect-AzureAD as shown in the image below

12

5. Once you’re done connecting to Azure AD, please go ahead and run the above-mentioned cmdlet to get the list of deleted Office 365 groups in descending order and you will get the results as shown in the image below. In my case I don’t have any deleted Office 365 group and hence it didn’t return anything.

13

8.To get the list of orphaned Office 365 groups in your tenant:

$Groups = Get-UnifiedGroup | Where-Object {([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count -eq 0} `

| Select Id, DisplayName, ManagedBy, WhenCreated

ForEach ($G in $Groups) {

Write-Host “Warning! The following group has no owner:” $G.DisplayName

}

14

9.To retrieve the list of recently created Office 365 groups:

# Variables:

#   Cutoff date in days

#   Storage quota in MB

#   Storage quota warning level in MB

#………………………………………………………………………………………………………………………………………

$cutoffdate = ((Get-Date).AddDays(-20))

$quota = 500

$warning = 400

$Groups = Get-UnifiedGroup | Where-Object {$_.WhenCreated -ge $cutoffdate} | Sort-Object whencreated | Select DisplayName, WhenCreated, SharePointSiteUrl

15.png

  1. To update the quota of a new group accordingly if a team site exists:

ForEach ($G in $Groups) {

try

{

Set-SPOSite –Identity ($G.SharePointSiteUrl) -StorageQuota $quota -StorageQuotaWarningLevel $warning

Write-Host “The following site quota was updated:” $G.SharePointSiteUrl

}

catch

{

Write-Host “The following Groups does have a site:” $G.DisplayName

}

}

 

This will run and update the quota of the site as shown in the screenshot below.

16

11.To create new Directory Settings for Groups template:

There are multiple templates that are part of your Azure AD tenant.  This template can contain a settings object which has a collection of values.  By using these values, we can set the parameters below.  This needs to be done before you can set any values

Setting Description
·         EnableGroupCreation

·         Type: Boolean

·         Default: True

The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.
·         GroupCreationAllowedGroupId

·         Type: String

·         Default: “”

GUID of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.
·         UsageGuidelinesUrl

·         Type: String

·         Default: “”

A link to the Group Usage Guidelines.
·         ClassificationDescriptions

·         Type: String

·         Default: “”

A comma-delimited list of classification descriptions.
·         DefaultClassification

·         Type: String

·         Default: “”

The classification that is to be used as the default classification for a group if none was specified.
·         PrefixSuffixNamingRequirement

·         Type: String

·         Default: “”

String of a maximum length of 64 characters that defines the naming convention configured for Office 365 groups. For more information, see Enforce a naming policy for Office 365 groups (preview).
·         CustomBlockedWordsList

·         Type: String

·         Default: “”

Comma-separated string of phrases that users will not be permitted to use in group names or aliases. For more information, see Enforce a naming policy for Office 365 groups (preview).
·         EnableMSStandardBlockedWords

·         Type: Boolean

·         Default: “False”

Do not use
·         AllowGuestsToBeGroupOwner

·         Type: Boolean

·         Default: False

Boolean indicating whether or not a guest user can be an owner of groups.
·         AllowGuestsToAccessGroups

·         Type: Boolean

·         Default: True

Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.
·         GuestUsageGuidelinesUrl

·         Type: String

·         Default: “”

The URL of a link to the guest usage guidelines.
·         AllowToAddGuests

·         Type: Boolean

·         Default: True

A Boolean indicating whether or not is allowed to add guests to this directory.
·         ClassificationList

·         Type: String

·         Default: “”

A comma-delimited list of valid classification values that can be applied

Let me walk you through the complete process of creating directory settings here.

  1. Install the Azure AD PowerShell Module V2 from this link
  2. Run “Install-Module -Name AzureADPreview” in the PowerShell window
  3. Once done Connect to Azure AD via PowerShell by running “Connect-AzureAD”
  4. Once done to review if you have any settings already configured in your tenant, please run the below cmdlet.

 Get-AzureADDirectorySetting | ForEach Values

17

Note: If you check the screenshot above you will notice that I have configured few directory settings such as “Usage Guidelines URL “and “Classification List “and I’ll be showing you how to configure that using PowerShell in the examples below.

5. If you do not have any settings configured the value returned will be blank as show in the screenshot below.

18

6. Alright, now let’s see some examples to set group settings.

7. All examples below will use the Get-AzureADDirectorySetting cmdlet and store that in a variable and then use the Set-AzureADDirectorySetting cmdlet with the updated settings. The full command to run a setting update is as follows. Also, I’d suggest to use PowerShell ISE for running these cmdlets for ease of usage.

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“SETTING NAME”] = “”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

19.pngOk, now let’s look into some scenarios here …

Scenario 1:  Restricting Office 365 groups creation for all the users in your organization except for few users who belong to a specific Security group

$group = Get-AzureADGroup -All $True | Where-Object {$_.DisplayName -eq “Office 365 groups creation allowed”}

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“EnableGroupCreation”] = “false”

$settings[“GroupCreationAllowedGroupId”] = $group.ObjectId

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

20In this scenario here, I created a security group named “Office 365 groups creation allowed” and I’ve added few members to it. So, by doing this I can grant access only to those members to create Office 365 groups and not to all the users in my organization. Also, an important point to bear in mind here is, if I’m restricting the creation of Office 365 groups then these users won’t be able to create a Team, a Planner, a Yammer group etc. So, the users will be restricted by creating anything which creates an Office 365 group in the backend. So, from an end user perspective, the “create” button which you see in the screenshot below for creating Office 365 groups won’t be visible to them. The same applies for other services also, users won’t get the “Create Planner “or “Create Team” button once this option is enabled. This is one way to have control on Office 365 groups creation in your organization

6.png

In Teams, the “Create a Team “button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

7.png

In Planner, the “Create a Plan “button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

8

Similarly , as already explained above other services which creates an Office 365 group on the backend won’t be available for end users . By doing this you can have control over who gets to create an Office 365 groups and other services such as Teams and Planner in your organization .

Scenario 2: Setting Office 365 groups classification

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“ClassificationList”] = “Internal,External,Confidential”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

In this scenario, we’re enabling the classification option so that you can classify your groups accordingly. Once this is done whenever you try to create an Office 365 group from the outlook webmail (provided that you have access to create Office 365 groups) you will get an option to choose the classification for that group also as shown in the image below. This could be useful from a compliance and governance perspective.

9.png

Once that’s done you can set the classification for an existing Office 365 by running the below PowerShell command.

Set-UnifiedGroup <TestGroup@o365techy.onmicrosoft.com> -Classification <Internal>

Also, if you want to create a new group with a classification then run the below PowerShell command for that.

New-UnifiedGroup <TestGroup@o365techy.onmicrosoft.com> -Classification <External> -AccessType <Public>

Scenario 3:  Setting Usage Guidelines URL

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$setting[“UsageGuidelinesUrl”] = “<https://o365techy.sharepoint.com/sites/office365groupsgovernance/usageguidelines/SitePages/Home.aspx>&#8221;

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

21

In this scenario, I’ve created a SharePoint subsite named “Usage Guidelines” which speaks about all the guidelines a user must follow while using Office 365 groups in my organization and the user can refer that while creating / using Office 365 groups. Once this has been enabled this what the end user view would be like. Please check the screenshot below.

10

Scenario 4: Restrict all access for guest users to Groups including the ones that were already granted access

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“AllowGuestsToAccessGroups”] = “False”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

22Scenario 5: Restrict the ability to add any new guest users but do not restrict existing guest users

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“AllowToAddGuests”] = “False”

$settings[“AllowGuestsToAccessGroups”] = “True”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

23Finally, if you want to review all the updated settings then please run the below mentioned PowerShell cmdlet as already described above and it will return the updated settings.

Get-AzureADDirectorySetting | ForEach Values

24

 If you want to remove the group settings that we configured in all the scenarios above then please run the below PowerShell command.

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

Remove-AzureADDirectorySetting -Id$settings.Id

25.png12.To update the classifications for all the Office 365 groups:

## Set classifications for all groups

$Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $Null}  | Select DisplayName, Classification

ForEach ($G in $Groups) {

If ($G.Classification -Eq $Null)

{

Write-Host $G.DisplayName

Set-UnifiedGroup -Identity $G.DisplayName -Classification “Internal”

}

}

 

#……………………………..

# Variables:

#   Cut off date in days

#   Classification

#……………………………..

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = “High”

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

$_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq ‘Public’ -and $_.Classification -eq $classification } `

| Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

Set-UnifiedGroup -Identity $G.DisplayName -AccessType ‘Private’

Write-Host “The following Group privacy setting was updated:” $G.DisplayName

}

26This will run and update the classification for all the Office 365 groups as shown in the image below

27

  1. To update the privacy of an Office 365 group based on its classification:

#……………………………..

# Variables:

#   Cutoff date in days

#   Classification

#……………………………..

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = “High”

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

$_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq ‘Public’ -and $_.Classification -eq $classification } `

| Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

Set-UnifiedGroup -Identity $G.DisplayName -AccessType ‘Private’

Write-Host “The following Group privacy setting was updated:” $G.DisplayName

}

30.png

31.png

14.To determine where a group was provisioned (Planner, Yammer, Teams etc.)

To get the list of Yammer integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq ‘YammerProvisioning’} |select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

To get the list of Teams integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq ‘ExchangeProvisioningFlags:481’}|select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

Similarly, we expect MSFT to work on for Planner and other services which create an Office 365 on the backend.

15.To get the list of Obsolete Office 365 groups in your tenant:

This is a PowerShell script from Office 365 fame Tony Redmond and the explanation for the script can be found below.

Note : You need to be connected to Exchange Online PowerShell module as well as the SharePoint Online PowerShell module to run this script

Like any object, an Office 365 Group might become unused over time. No current method exists to detect what groups are underused, so here’s a script that does the job for you by checking audit records to establish whether any SharePoint file activity has occurred in the group document library in the last 90 days and whether any conversations have happened in the group mailbox in the last year. Seeing that it’s all done in simple PowerShell, you can tailor the code to your heart’s content. A HTML report file is generated at the end, which contains some statistics like:

32.jpg

Number of groups scanned: 155

Number of potentially obsolete groups (based on document library activity): 132

Number of potentially obsolete groups (based on conversation activity): 60

Number of Teams-enabled groups: 41

Percentage of Teams-enabled groups: 26.45%

Script:

Check for obsolete Office 365 groups

Thanks for reading this post …. Good luck with Office 365 groups!!!!

Advertisements

PowerShell to on-board list of users to Office 365 and assign them Office 365 licenses:

1.jpgOffice 365 is a SaaS platform which is  being used by many organizations these days and it becomes quite hard for IT administrators to on-board their users to Office 365 manually .Of course , this may not be the case when your user identities gets synced to Azure AD from on-premises AD using AAD connect tool .However, if you’re one of the organizations who totally buried all your IT infrastructure implementation and decided to go with a Cloud implementation completely then possibilities are such that you as an IT administrator should take care of on-boarding your users to Azure AD .As we all know , this is indeed quite a time consuming task if we have to do it manually and then assign the appropriate licenses to all the users . So, to surpass all those manual effort, I’ve put together this PowerShell script which will do the magic for you. Alright, let’s get into the details ….

1.Sign-in to your Office 365 admin center using your global admin account and navigate to the “Active users” section as shown in the image below.

2.png

2.At this moment, you might see only the user account which was used to set-up the Office 365 tenant.

Note: In my case, you might see 3 users as I manually created them using the “Add a user “option.

3.Create a CSV file which has the details of all your users by following the guidelines mentioned in this article. The below mentioned screenshot depicts the CSV file which I’ve prepared which has the list of all my users.

3.png

4. Once done, please login to the PowerShell window and type the below mentioned command as shown in the image below. This will tell you the type of license that your tenant is using and how many licenses have been utilized till now.

4

Note : In my case you can notice that my tenant is on  Office 365 E5 Enterprise E5 plan +EMS  (Enterprise Mobility ) and it also displays how many licenses have been consumed till now .

5. Prior to running the above command, please ensure that you’re connected to your Office 365 tenant via PowerShell, if not please follow the below article to do that first.

https://technet.microsoft.com/library/dn975125.aspx

6. Now, let’s specify the required variables for the PowerShell script.

$UsersToAdd = Import-Csv C:\Users\Vignesh\Documents\Import_User_Sample_en.csv

$LicenseToAdd = “sptech80:ENTERPRISEPREMIUM” à This information can be grabbed from the Get-MsolAccountSKU command which we ran in the above step.

$UsageLocation = “US”

$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $LicenseToAdd

5

7.Once you’re done specifying the required variables, please go ahead and run the below mentioned PowerShell command as shown in the image.

$UsersToAdd | ForEach-Object {

New-MsolUser –UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName

Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation

Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $LicenseToAdd -LicenseOptions $LicenseOptions

}

6.png

8.You may notice that your users are getting created after running the script as shown in the image above and the licensing tab might display the status as “False”. That’s due to the time taken for the script to reflect the licensing details as it first creates the user and then assigns the license to the user’s account. This is quite normal and hence you don’t need to panic about the “isLicensed” column

9. You can verify the status of the users as well as the licenses assigned to them by running the “Get-MsolUser” command. This time it should display the licensing details correctly.

10. Additionally, you can also navigate to the “Active users” section to verify the same.

8.png

Thanks for reading this post ….Good luck with Office 365 !!!

Extending the Retention period of orphaned personal site collections up to a year:

One drive 1.png

Alright , I guess you might have figured out what this post is going to be about by seeing the title .So yes , I’m going to show you how to extend the retention period of the One Drive for business content up to a year even after the user has left the company .

So I guess all the Office 365 folks as well as SharePoint folks out there would be aware of the “My site cleanup policy” that runs in SharePoint once a user’s account has been deleted in AD. If you’re not aware of this yet, please check my article on that. Also to understand how this works on SharePoint Online, you can take a look at the link below. Microsoft has did an awesome job on writing a detailed article about this and hence I’m not going to spend my time writing a detailed article explaining the same stuff once again .

https://support.microsoft.com/en-in/help/3042522/onedrive-for-business-retention-and-deletion

So here in this article I’m going to introduce you to a PowerShell command that will extend the retention period of the contents in the personal site (i.e. One Drive for Business) up to a year so that you have a year’s time to copy the contents from a user’s One Drive for business folder even after he/she has left the company.

I guess scenario’s like this are quite possible when a user has been terminated and his account has been deleted or may be a user left the company and the default retention period was not sufficient for you to copy the important contents from his One Drive for business folder .

So here’s the PowerShell command for that ….

Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 365

You need to run this as a SharePoint Online command as shown in the image below.

one drive 2.png

Once done it will update the retention policy for all the orphaned One Drive for Business sites in your tenant. The other way to do this is by putting a hold on the user’s One Drive for Business as a part of an eDiscovery case and the site won’t get deleted until the hold is removed. But this command will make your life even easier by making the change for the entire tenant.

Happy SharePointing …..I hope this helps someone. Thanks to Chris Bortlik for showing this to us.

 

 

 

 

PowerShell script to configure SQL Server Reporting Services in SharePoint mode

SSRS.png

The below mentioned script will take care of the steps listed below :

  1. Installs Reporting Services service and service proxy, and starts the service.2
  2. Creates a service proxy named “Reporting Services”.
  3. Creates a Reporting Services service application named “Reporting Services Application”.
  4. Enables the Power View feature for a site collection.

 

#Script for SSRS Configuration in SharePoint Integrated mode

$starttime=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime

Write-Host -ForegroundColor Green “Import the SharePoint PowerShell snappin”
Add-PSSnapin Microsoft.Sharepoint.Powershell –EA 0

Write-Host -ForegroundColor Green “Install SSRS Service and Service Proxy, and start the service”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”

Write-Host -ForegroundColor Green “Install the Reporting Services Shared Service”
Install-SPRSService

Write-Host -ForegroundColor Green ” Install the Reporting Services Service Proxy”
Install-SPRSServiceProxy

# Get the ID of the RS Service Instance and start the service
Write-Host -ForegroundColor Green “Start the Reporting Services Service”
$RS = Get-SPServiceInstance | Where {$_.TypeName -eq “SQL Server Reporting Services Service”}
Start-SPServiceInstance -Identity $RS.Id.ToString()

# Wait for the Reporting Services Service to start…
$Status = Get-SPServiceInstance $RS.Id.ToString()
While ($Status.Status -ne “Online”)
{
Write-Host -ForegroundColor Green “SSRS Service Not Online…Current Status = ” $Status.Status
Start-Sleep -Seconds 2
$Status = Get-SPServiceInstance $RS.Id.ToString()
}

$time=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime
write-host -foregroundcolor DarkGray $time

Write-Host -ForegroundColor Green “Create a new application pool and Reporting Services service application”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
Write-Host -ForegroundColor Green “Create a new application pool”
#!!!! update “-Account” with an existing Managed Service Account
New-SPServiceApplicationPool -Name “Reporting Services” -Account “<domain>\User name>”
$appPool = Get-SPServiceApplicationPool “Reporting Services”

Write-Host -ForegroundColor Green ” Create the Reporting Services Service Application”
#!!!! Update “-DatabaseServer”, an instance of the SQL Server database engine
$rsService = New-SPRSServiceApplication -Name “Reporting Services Application” -ApplicationPool $appPool -DatabaseName “Reporting_Services_Application” -DatabaseServer “<server name>”

Write-Host -ForegroundColor Green “Create the Reporting Services Service Application Proxy”
$rsServiceProxy = New-SPRSServiceApplicationProxy -Name “Reporting Services Application Proxy” -ServiceApplication $rsService

Write-Host -ForegroundColor Green “Associate service application proxy to default web site and grant web applications rights to SSRS application pool”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
# Associate the Reporting Services Service Applicatoin Proxy to the default web site…
Get-SPServiceApplicationProxyGroup -default | Add-SPServiceApplicationProxyGroupMember -Member $rsServiceProxy

$time=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime
write-host -foregroundcolor DarkGray $time

Write-Host -ForegroundColor Green “Enable the PowerView and reportserver site features”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
#!!!! update “-url” of the site where you want the features enabled
Enable-SPfeature -identity “powerview” -Url http://server/sites/bi
Enable-SPfeature -identity “reportserver” -Url http://server/sites/bi

####To Verify, you can run the following:
#Get-SPRSServiceApplication
#Get-SPServiceApplicationPool | where {$_.name -like “reporting*”}
#Get-SPRSServiceApplicationProxy

PowerShell script for generating the site collections list with multiple administrators

powershell.png

Running this script will generate a report which displays the list of site collections that has multiple site collection administrators and will also display the total number of users who have access to those site collections.

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

Add-Content “Sites.csv” -Value “SiteCollection Name,SiteCollection URL, SiteCollection Administrators, Users Count,Usage in MB”

$webApp = Get-SPWebApplication

foreach($webapps in $webapp)

{

foreach ($SiteCollection in $webApps.Sites)

{

$url = $SiteCollection.Url

$webs = Get-SPWeb $URL

[boolean] $WriteToFile = $true

$weburl = $SiteCollection.OpenWeb()

$siteowner = “”

foreach ($siteAdmin in $weburl.SiteAdministrators)

{

$siteowner = $siteAdmin.DisplayName + “|” + $siteowner

}

foreach($web in $webs)

{

#Grab all users in the site collections

$siteUserCnt = $web.AllUsers.Count

$Siteurl = $web.Url

$siteTitle = $web.Title

$site = Get-SPSite  $Siteurl

$siteusage = $site.Usage.Storage/1MB

Add-Content -Path “Sites.csv” -Value “$siteTitle,$Siteurl,$siteowner,$siteUserCnt,$siteusage”

$web.Dispose()

}

}

}

Thanks for using this script …..Happy SharePointing!!!!

Part 2: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Followed to my previous article about useful office 365 cmdlets in SharePoint Online, in this article I’ll be showing you some more useful PowerShell cmdlets to generate SharePoint Online reports /SharePoint Online site administration. I see a lot of misconception with my fellow SharePoint workers on understanding the difference between SharePoint on-premises cmdlets and Office 365(SharePoint Online) cmdlets, please note that they all don’t have the same functionality even though they almost look similar. There is a lot of difference in what they exactly do, so please pay close attention while utilizing them.

1

So let’s get into the real meats and potatoes now…

  1. To create a new SPO Site collection:

SyntaxNew-SPOSite -Url https://vigx.sharepoint.com/sites/Vignesh -Title “Vignesh” -Owner “vigganesan89@vigx.onmicrosoft.com” -Template “STS#0” -TimeZoneId 10 -StorageQuota 200

2

Note: In the above mentioned command you need to specify the URL of your new site collection, Title Name, Template ID, Time Zone and Storage quota size. Please check my previous article on SharePoint Online command to get to know about SharePoint Online Template ID’s

Running this command will create a new site collection in SPO and you can verify this in your SPO admin center as shown below.

3

2.To list the groups, and all the group memberships, for all of your SharePoint Online sites.

Syntax:

$x = Get-SPOSite

 

foreach ($y in $x)

    {

        Write-Host $y.Url -ForegroundColor “Yellow”

        $z = Get-SPOSiteGroup -Site $y.Url

        foreach ($a in $z)

            {

                 $b = Get-SPOSiteGroup -Site $y.Url -Group $a.Title

                 Write-Host $b.Title -ForegroundColor “Cyan”

                 $b | Select-Object -ExpandProperty Users

                 Write-Host

            }

    }

Running the above mentioned command will display the results as shown below,

4.png

3.To list the groups, and all the group memberships, for a single site collection:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question.

$siteURL = “https://vigx.sharepoint.com/teams/test&#8221;

$x = Get-SPOSiteGroup -Site $siteURL

foreach ($y in $x)

    {

        Write-Host $y.Title -ForegroundColor “Yellow”

        Get-SPOSiteGroup -Site $siteURL -Group $y.Title | Select-Object -ExpandProperty Users

        Write-Host

    }

Running this command will display the results as shown below .

5

 4.To lock a SharePoint Online site:

SyntaxSet-SPOSite -Identity $site -Lockstate NoAccess

Specify the $site variable to the site which you want to lock.

6

Running this command will lock the site and when you try to access it you will get a 403 Forbidden error.

5.To unlock as SharePoint Online site:

Syntax:  Set-SPOSite -Identity $site -Lockstate Unlock

7.png

This will unlock the site that we just locked in the previous command.

6.To disable external sharing for a SharePoint Online site collection:

Syntax:

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -SharingCapability Disabled

8.png

You can verify this in your SharePoint Online admin center as shown in the image below. The site in question will have external sharing disabled as shown below.

9

7.To enable external user and guest sharing:

Syntax:

Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserandGuestSharing

10.png

Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the screenshot below.

11.png

Note: By default, this feature will be disabled for SPO sites and this has to be enabled if required.

8.To enable only external user sharing:

Syntax:  Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserSharingOnly

12.png

 Running this command will only enable external user sharing in a SPO site collection and you can verify that in the screenshot below.

15.png

9.To get the list of sites where sharing capability has been enabled:

Syntax:    Get-SPOSite | Where {$_.SharingCapability -ne “Disabled”}

13

  1. To get the list of sites where sharing capability is disabled:

Syntax:  Get-SPOSite | Where {$_. SharingCapability -eq “Disabled”}

14.png

 11.To change the owner of site:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -Owner “pritham@vigx.onmicrosoft.com”

16

12.To change the storage and resource quota of a site:

Syntax:

Set-SPOSite -Identity $siteURL -StorgaeQuota 1000 -ResourceQuota 500

13.To change the Title of the site:

Syntax:

Set-SPOSite $siteURL -Title “New Title”

17.png

This will change the title of the site in question. You can verify this below.

18.png

Thanks for reading this article. This is all I have for this post and I’ll be back with Part 3 of this article very soon.

Happy SharePointing !!!

Part 1: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Presentation1.png

In this post I’ll be showing you how to use Office 365 PowerShell cmdlets to generate useful SharePoint Online reports from your SharePoint Online tenant and also I’ll be discussing on certain useful cmdlets that can be used for SharePoint Online site administration. Let’s get started.

Note: Before we get started, please ensure that you’ve configured your PC to run SharePoint Online (Office 365) cmdlets. If not, please take a look on this article which I’ve already written about how to configure that. Also make sure that you’re a member of the SharePoint Online administration role in Office 365.

  1. Get-SPOSite -Detailed

This command will give a detailed list of all the site collections in your SharePoint Online tenant as shown in the screenshot below.

1.png

2. To get a list of SharePoint groups in your tenant.

Syntax:   Get-SPOSite | ForEach-Object {Get-SPOSiteGroup -Site $_.Url} |Format-Table 

Running this command will generate the results as shown in the image below. Also please note that this command will display the default SharePoint groups as well as the custom SharePoint groups that was created manually.

2.png

3.png

3. Adding a user to the Site collection administrators group.

Before I go ahead and show the syntax for this, let me go ahead specify the variables here so that it will be easy for us to use that in the command.

$tenant =  “https://vigx-admin.sharepoint.com “–>This would be my tenant URL

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site collection URL

$user =” kamaleshg@vigx.onmicrosoft.com” –> This will be the UPN for the user who will be added as the SCA.

Since we have already specified all the variables, let’s go ahead and run the syntax.

SyntaxSet-SPOUser -Site $site -LoginName kamaleshg@vigx.onmicrosoft.com -IsSiteCollectionAdmin $true

Check the screenshot below for reference:

4.png

5.png

So this will add the user to the SCA group of  a site collection.

4. To get the list of users in my SharePoint Online Tenant:

Syntax:  Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} 

Running this command will display the results as shown in the screenshot below.

replace.PNG

 

 

5.To get a report of the user’s in a site, their display names, permission levels and other properties:

Before I go ahead and execute the command for this, let me specify the $site variable for the site in question.

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site URL

Note: It’s not necessary that you need to keep specifying the variables every time in a command unless you’re planning to use a different value apart to the one specified for that variable. PowerShell will automatically store it for you till the session is live.

Syntax:  Get-SPOUser -Site $site | select * | Format-table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

8.png

Running this command will generate a report as shown in the screenshot below.

9.png6. To get a report of the all user’s in your SharePoint Online Tenant, their display names, permission levels and other properties

$tenant =  “https://vigx-admin.sharepoint.com “–> This would be my tenant URL

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} | Format-Table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

10.png

Note: PowerShell might throw you some errors while running this command but that can be safely ignored.

Running this command will generate a report as shown below.

11.png

If you want to export the result to a CSV file, try running the below mentioned command.

Command 1 : For setting the headers in the CSV file

“Display Name`tLoginName`tGroups” | Out-File C:\UsersReport.csv

 12.png

Command 2: Once you’re done executing the first line, run the below syntax to get the report in the form a CSV file.

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url -ErrorAction SilentlyContinue | %{ $_.DisplayName + “`t” + $_.LoginName

 + “`t” + $_.Groups | Out-File c:\UsersReport.csv -Force -Append}}

13

This will generate a CSV file as shown in the image below,

14.png

 7. To create a new SharePoint Group in a site collection.

Before I mention the syntax, let’s specify the necessary variables.

$tenant = “https://vigx-admin.sharepoint.com” –>Tenant URL

$site = “https://vigx.sharepoint.com/teams/test “–> Site collection URL

$group = “Test Site Owners2” –>SharePoint Group Name

$level = “Full Control” –> Permission level

Syntax:

New-SPOSiteGroup -Group $group -PermissionLevels $level -Site $site

15.png

Running the above command will create a new SharePoint Group in the targeted site collection and will give the results as shown below.

16.png

8. To create an inventory of all the SharePoint site collections in your Tenant which has the information of the Site Name, URL, Quota, compatibility level and other information etc.… and to export the results to a CSV file:

Syntax:

Get-SPOSite -Limit All | Export-CSV -LiteralPath G:\SiteInventory.csv -NoTypeInformation

17.png

Running this command will generate a CSV file in specified path as shown in the image below.

18.png

 9. To get your SharePoint Online Tenant information

Syntax: Get-SPOTenant

This will give the complete tenant information as shown in the image below.

19.png

  1. To get the list of site templates in your SharePoint Online tenant

Syntax: Get-SPOWebTemplate

Running this command will give the list of site templates in SharePoint Online as shown below

20.png

This concludes part 1 of this article, I’ll be creating part 2 of this article where I’ll be taking you through few more SharePoint Online PowerShell cmdlets that can help us to generate useful reports and also for site administration.

Thanks for reading this post.

Happy SharePointing!!!