Get list of Office 365 licensed users, mailbox login time and licenses

Using MSOL PowerShell, outputting to CSV:

Get-MsolUser -All | Where-Object {($_.IsLicensed)}| Select UserPrincipalName, DisplayName, @{N="LastLogonDate";E={(Get-MailboxStatistics $_.UserPrincipalName).LastLogonTime}},@{n="Licenses Type";e={$_.Licenses.AccountSKUid}} | Export-Csv c:\temp\output.csv -NoTypeInformation

Change SharePoint Migration Manager temporary file storage location

If using Migration Manager to migrate on-prem files to SharePoint Online, the tool temporarily caches files on the C drive during the copy process. If there's not enough free space on the C drive, the migration will fail.

To change the storage to a different drive:

1. In Command Prompt, navigate to the Migration tool folder:
   
   cd C:\Users\(user)\AppData\Roaming\Microsoft\SPMigration\Logs\Migration
   
   
2. Delete the exiting MigrationToolStorage folder.
3. Create a directory junction to a folder on a different drive:
   
   mklink /J MigrationToolStorage E:\MigrationToolStorage

Compare list of SharePoint files with on-prem file share

If you're migrating files from an on-prem file share to SharePoint, you may need to export a list of files on both sides for comparison:

1. Install PnP PowerShell:
   
   Install-Module -Name "PnP.PowerShell"
   
   
2. Connect to the SharePoint site URL:
   
   Connect-PnPOnline -Url https://company-my.sharepoint.com/sites/SharedFiles -Interactive
   
   
3. Export the SharePoint files/folders in specific directory:
   
   Get-PnPFolderItem -FolderSiteRelativeUrl "Shared Documents/Folder1" -Recursive | Export-Csv -Path C:\temp\Folder1-SharePoint.csv
   
   
4. Export the corresponding on-prem files/folders: In PowerShell on-prem, CD into the directory then:
   
   dir -Recurse | Export-Csv -Path C:\temp\Folder1-OnPrem.csv
   
   

Check a user's Azure AD MFA methods and default

Check which methods a user has registered for MFA and what their default MFA method is:

Connect-MsolService
$User = Get-MsolUser -UserPrincipalName joe.bloggs@microsoft.com
$User.StrongAuthenticationMethods

Remove OneDrive file previous versions

1. Install PnP PowerShell:
   
   Install-Module -Name "PnP.PowerShell"
   
   
2. Connect to the OneDrive URL:
   
   Connect-PnPOnline -Url https://company-my.sharepoint.com/personal/jsmith_company_com -Interactive
   
   
3. List the file versions:
   
   Get-PnPFileVersion -Url "Documents/Documents/myfile.txt"
   
   
4. Remove all the file versions (does not remove file itself):
   
   Remove-PnPFileVersion -Url "Documents/Documents/myfile.txt" -All
   
   

Using PnP PowerShell, you can also get the size of a folder (in MB):

$Folder = Get-PnPFolder -Url "Documents/Documents" -Includes ListItemAllFields Write-host "Size of the Folder:" $([Math]::Round(($Folder.ListItemAllFields.FieldValues.SMTotalSize.LookupId/1MB),2))

Change Exchange calendar permissions via command line

Get a user's current calendar permissions:

Get-MailboxFolderPermission -Identity abc@example.com:\Calendar

Give another user PublishingEditor permissions:

Add-MailboxFolderPermission -Identity abc@example.com:\Calendar -User xyz@example.com -AccessRights PublishingEditor

Remove a user's permissions from the calendar:

Remove-MailboxFolderPermission -Identity abc@example.com:\Calendar -User xyz@example.com

Check and block Office 365 legacy authentication

First connect to Exchange Online PowerShell. Then check if legacy authentication is blocked already:

Get-OrganizationConfig | fl *defaultauth*

If it's still enabled, review the Azure AD sign-in logs to check if legacy authenication is in use (filter by Client App and select all of the legacy methods), and resolve accordingly.

If Conditional Access is available, create a policy to block it using the GUI, or via command:

New-AuthenticationPolicy -Name "Block legacy authentication"
Set-OrganizationConfig -DefaultAuthenticationPolicy "Block legacy authentication"

Assign Full Access and Send As permissions on all mailboxes

Grant user@domain.com Full Access to all mailboxes:

Get-Mailbox | AddMailboxPermission -User user@domain.com -AccessRights FullAccess -AutoMapping $false

Grant user@domain.com Send As on all mailboxes:

Get-Recipient | Add-RecipientPermission -AccessRights SendAs -Trustee user@domain.com

Check license status of Office 365 Shared mailbox

Shared mailboxes don't require an Office 365 licence. But to avoid any Microsoft weirdness after migrating a Shared mailbox to Office 365, check its licensing status via MSOL PowerShell:

Get-MsolUser -UserPrincipalName jbloggs@example.com |fl *lic*

Both IsLicensed and LicenseReconciliationNeeded should be False.

If LicenseReconciliationNeeded is True, fix e.g. try assigning and removing a license, or converting mailbox to User and back to Shared. Otherwise, if LicenseReconciliationNeeded stays True for 30 days the mailbox will be removed.

Check progress of an Exchange mailbox move request

Get-MoveRequestStatistics -Identity jbloggs@example.com -IncludeReport |fl

Set ImmutableID for Office 365 user

From the Azure Active Directory command line:

Set-MsolUser -UserPrincipalName "joe@bloggs.com" -ImmutableId "123xyz"

Set to null:

Set-MsolUser -UserPrincipalName "joe@bloggs.com" -ImmutableId "$null"

Check progress of PST imports in Office 365

First, get the RequestGUID for the import request (because the ImportRequest name is different from the RequestGUID, even though they look similar):

Get-MailboxImportRequest | ft Mailbox,RequestGUID

Then get the detailed report on that import:

Get-MailboxImportRequestStatistics -Id (The RequestGUID) -IncludeReport |fl

Access the Exchange Admin Center for Office 365 Small Business

Because Microsoft couldn't be bothered putting a link to it in the Small Business GUI:

https://outlook.office365.com/ecp/

Connect PowerShell to Office 365

Connect to Office 365 (MSOL) PowerShell:

• $UserCredential = Get-Credential
• Connect-MsolService -Credential $UserCredential

Connect Remote Exchange PowerShell for O365:

• $UserCredential = Get-Credential
• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
• Import-PSSession $Session

       Once finished, remove your session:

• Remove-PSSession $Session

Get ImmutableID for AD user

To get the ImmutableID for an AD user, run the following then look for the ObjectGUID in the output file:

ldifde –d “CN=John Doe,OU=Users,DC=domain,DC=local” –f c:\temp\data.txt

Ta, 4ward.

Or, to get the ImmutableIDs for all AD users, use the following PowerShell script:

Import-Module ActiveDirectory
$Users=Get-ADUser -Filter *
function guidtobase64
{
param($str);
$g = new-object -TypeName System.Guid -ArgumentList $str;
$b64 = [System.Convert]::ToBase64String($g.ToByteArray());
return $b64;
}
$ADUsersDump=$Users | Select SamAccountName,UserPrincipalName,@{Expression={(guidtobase64($_.ObjectGUID))}; Label="ImmutableID"}
$ADUsersDump | Export-CSV -Path C:\temp\ImmutableIDs.csv

Ta, Windows Central.

There's also this PowerShell script to get the ImmutableID for an AD user, and vice-versa.