Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <# .SYNOPSIS Script that assigns Office 365 licenses based on Group membership in WAAD. .DESCRIPTION The script assigns of licenses for new users based on groups/licenseSKUs in the $licenses hashtable. It switch licensetype if a user is moved from one group to Another. It removes the license if the user no longer is a member in any of the license assignment Groups. Updated 2015-03-25 to support multiple skus for each user. The script REQUIRES PowerShell 3.0 or later! .NOTES Author: Johan Dahlbom Blog: 365lab.net Email: johan[at]dahlbom.eu The script are provided βAS ISβ with no guarantees, no warranties, and they confer no rights. #>
- #Import Required PowerShell Modules
- Import-Module MSOnline
- #Office 365 Admin Credentials
- $CloudUsername = 'admin@365lab.net'
- $CloudPassword = ConvertTo-SecureString 'Password' -AsPlainText -Force
- $CloudCred = New-Object System.Management.Automation.PSCredential $CloudUsername, $CloudPassword
- #Connect to Office 365
- Connect-MsolService -Credential $CloudCred
- $Licenses = @{
- 'E1' = @{
- LicenseSKU = 'mstlabs:STANDARDPACK'
- Group = 'E1_Users'
- }
- 'E3' = @{
- LicenseSKU = 'mstlabs:ENTERPRISEPACK'
- Group = 'E3_Users'
- }
- }
- $UsageLocation = 'SE'
- #Get all currently licensed users and put them in a custom object
- $LicensedUserDetails = Get-MsolUser -All | Where-Object {$_.IsLicensed -eq 'True'} | ForEach-Object {
- [pscustomobject]@{
- UserPrincipalName = $_.UserPrincipalName
- License = $_.Licenses.AccountSkuId
- }
- }
- #Create array for users to change or delete
- $UsersToChangeOrDelete = @()
- foreach ($license in $Licenses.Keys) {
- #Get current group name and ObjectID from Hashtable
- $GroupName = $Licenses[$license].Group
- $GroupID = (Get-MsolGroup -All | Where-Object {$_.DisplayName -eq $GroupName}).ObjectId
- $AccountSKU = Get-MsolAccountSku | Where-Object {$_.AccountSKUID -eq $Licenses[$license].LicenseSKU}
- Write-Output "Checking for unlicensed $license users in group $GroupName with ObjectGuid $GroupID..."
- #Get all members of the group in current scope
- $GroupMembers = (Get-MsolGroupMember -GroupObjectId $GroupID -All).EmailAddress
- #Get all already licensed users in current scope
- $ActiveUsers = ($LicensedUserDetails | Where-Object {$_.License -eq $licenses[$license].LicenseSKU}).UserPrincipalName
- $UsersToHandle = ''
- if ($GroupMembers) {
- if ($ActiveUsers) {
- #Compare $Groupmembers and $Activeusers
- #Users which are in the group but not licensed, will be added
- #Users licensed, but not, will be evaluated for deletion or change of license
- $UsersToHandle = Compare-Object -ReferenceObject $GroupMembers -DifferenceObject $ActiveUsers -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
- $UsersToAdd = ($UsersToHandle | Where-Object {$_.SideIndicator -eq '<='}).InputObject $UsersToChangeOrDelete += ($UsersToHandle | Where-Object {$_.SideIndicator -eq '=>'}).InputObject
- } else {
- #No licenses currently assigned for the license in scope, assign licenses to all group members.
- $UsersToAdd = $GroupMembers
- }
- } else {
- Write-Warning "Group $GroupName is empty - will process removal or move of all users with license $($AccountSKU.AccountSkuId)"
- #If no users are a member in the group, add them for deletion or change of license.
- $UsersToChangeOrDelete += $ActiveUsers
- }
- #Check the amount of licenses left...
- if ($AccountSKU.ActiveUnits - $AccountSKU.consumedunits -lt $UsersToAdd.Count) {
- Write-Warning 'Not enough licenses for all users, please remove user licenses or buy more licenses'
- }
- foreach ($User in $UsersToAdd){
- #Process all users for license assignment, if not already licensed with the SKU in order.
- if ((Get-MsolUser -UserPrincipalName $User).Licenses.AccountSkuId -notcontains $AccountSku.AccountSkuId) {
- try {
- #Assign UsageLocation and License.
- Set-MsolUser -UserPrincipalName $User -UsageLocation $UsageLocation -ErrorAction Stop -WarningAction Stop
- Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $AccountSKU.AccountSkuId -ErrorAction Stop -WarningAction Stop
- Write-Output "SUCCESS: Licensed $User with $license"
- } catch {
- Write-Warning "Error when licensing $User"
- }
- }
- }
- }
- #Process users for change or deletion
- if ($UsersToChangeOrDelete -ne $null) {
- foreach ($User in $UsersToChangeOrDelete) {
- if ($user -ne $null) {
- #Fetch users old license for later usage
- $OldLicense = ($LicensedUserDetails | Where-Object {$_.UserPrincipalName -eq $User}).License
- #Loop through to check if the user group assignment has been changed, and put the old and the new license in a custom object.
- #Only one license group per user is currently supported.
- $ChangeLicense = $Licenses.Keys | ForEach-Object {
- $GroupName = $Licenses[$_].Group
- if (Get-MsolGroupMember -All -GroupObjectId (Get-MsolGroup -All | Where-Object {$_.DisplayName -eq $GroupName}).ObjectId | Where-Object {$_.EmailAddress -eq $User}) {
- [pscustomobject]@{
- OldLicense = $OldLicense
- NewLicense = $Licenses[$_].LicenseSKU
- }
- }
- }
- if ($ChangeLicense) {
- #The user were assigned to another group, switch license to the new one.
- try {
- Set-MsolUserLicense -UserPrincipalName $User -RemoveLicenses $ChangeLicense.OldLicense -AddLicenses $ChangeLicense.NewLicense -ErrorAction Stop -WarningAction Stop
- Write-Output "SUCCESS: Changed license for user $User from $($ChangeLicense.OldLicense) to $($ChangeLicense.NewLicense)"
- } catch {
- Write-Warning "Error when changing license on $User`r`n$_"
- }
- } else {
- #The user is no longer a member of any license group, remove license
- Write-Warning "$User is not a member of any group, license will be removed... "
- try {
- Set-MsolUserLicense -UserPrincipalName $User -RemoveLicenses $OldLicense -ErrorAction Stop -WarningAction Stop
- Write-Output "SUCCESS: Removed $OldLicense for $User"
- } catch {
- Write-Warning "Error when removing license on user`r`n$_"
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement