Below are the steps required to connect to O365 by using your windows powershell terminal window
Some pre-requisites
First off, you must have at least powershell (PS) 2.0 to finally execute the MSOL commands. In the examples below, I'm executing the commands within Windows 2008 R2, which OOTB comes with vs2.0 so as long as you're running above Windows 2008 R2, then you're good. You can double-check by running the $PSVersionTable command within the terminal to determine the PS version ('PSVersion').
Step 1: Set-ExecutionPolicy
The first command you need to execute is the Set-ExecutionPolicy RemoteSigned -Force command. This will allow you to down the O365 scripts to your Windows PS terminal with the assumption that the O365 tenant is signed by Microsoft (as MSFT is the proprietor, it obviously is signed!)
Step 2: Enter your credentials into an environment variable
The next command, $LiveCred Get-Credential, allows you to store your admin credentials. This doesn't to be specifically $LiveCred. You just need to ensure that the variable used is the same variable within the upcoming commands. You will be presented with a popup window in which you enter in your admin credentials.
Step 3: Create a PSSession
The next command $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
This command will initiate the authentication between O365 and your computer by using the variable you just created. Because O365 needs to resolve the ps.outlook.com Uri, you must also ensure that you pass the -AllowRedirection parameter within the command. As you can see within the screenshot the connection is redirected, so the yellow warning is in fact a good thing. Assuming the response comes back error-free, it's time to check if the PSSession was successful, which is the second command within the screenshot, Get-PSSession. This command will return all the sessions (regardless if they are active or broken).
By default, you are only allowed to have 3 sessions that are created so from time to time, you may need to remove the sessions by executing, Remove-PSSession -id 6 assuming that the session ID you want to remove is 6. I've seen other blogs that use the connectionUri as -ConnectionUri https://outlook.office365.com/powershell-LiveID/ though both seem to work.
Step 4: Import all the O365 commands
At the moment, your current powershell windows is not aware of the most updated o365 commands available. So once your O365 session is established, you can in fact import all the O365 commands available into your powershell terminal by running the Import-PSSession $Session -AllowClobber | Out-Null command. this is done by using the Import-PSSession command. You van also use the -AllowCobber to ensure all the commands are imported.
Step 5: Import the MSOL modules
The other MSOL commands you may want is from the Azure Active Directory, which are different from Step 4. You can do this by executing the Import-Module MSOnline and connect-msolservice -credential $LiveCred respectively.
Step 6: Get-MsolUser -All | measure
Now you're all setup to do whatever you want. The example below is how to view the current users within your O365 environment by executing the Get-MsolUser -All | measure command
Step 7: Create a new user within O365
Finally, you can use the active session by creating a new uer within your environment. The cmdlet below is a quick demonstration on how to create the user 'David Redfern' with the UPN of the 'tenant'.onmicrosoft.com suffix. New-MsolUser -UserPrincipalName dredfern2@montgomerytest.onmicrosoft.com -DisplayName "David Redfern" -FirstName "David" -LastName "Redfern"
Collective Commands
Below is the collective commands used throughout this blog post Comments below please
About the author
Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles
Comments
Other Posts
AS I was migrating my environment into an S3 environment, I wanted to leverage off the SES services that AWS provide, more specifically, to leverage the off the SMTP functionality by sending an email via PHP
Read More...
The WeMos D1 is a ESP8266 WiFi based board is an extension to the current out-of-the-box library that comes with the Arduino installation. Because of this, you need to import in the libraries as well as acknowledging the specific board. This process is highly confusion with a number of different individuals talking about a number of different ways to integrate.
Read More...
NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Read More...
For what I see, there's not too many supportive documentations out there that will demonstrate how provision AD group membership with the ICF connector using OpenIDM. The use of the special ldapGroups attribute is not explained anywhere in the Integrators guides to to the date of this blog. This quick blog identifies the tasks required to provision AD group membership from OpenIDM to AD using the LDAP ICF connector. However this doesn't really explain what ldapGroups actually does and there's no real worked example of how to go from an Assignment to ldapGroups to an assigned group in AD. I wrote up a wiki article for my own reference: AD group memberships automatically to users This is just my view, others may disagree, but I think the implementation experience could be improved with some more documentation and a more detailed example here.
Read More...
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
Read More...
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Read More...