HOW TO: Connect to O365 and add a user via powershell terminal

Below are the steps required to connect to O365 by using your windows powershell terminal window
June 27, 2015
O365Powershell

Some pre-requisites

First off, you must have at least powershell (PS) 2.0 to finally execute the MSOL commands. In the examples below, I'm executing the commands within Windows 2008 R2, which OOTB comes with vs2.0 so as long as you're running above Windows 2008 R2, then you're good. You can double-check by running the $PSVersionTable command within the terminal to determine the PS version ('PSVersion').


Step 1: Set-ExecutionPolicy

https://technicalconfessions.com/images/postimages/postimages/_400_2_O365 set execution policy .png

The first command you need to execute is the Set-ExecutionPolicy RemoteSigned -Force command. This will allow you to down the O365 scripts to your Windows PS terminal with the assumption that the O365 tenant is signed by Microsoft (as MSFT is the proprietor, it obviously is signed!)


Step 2: Enter your credentials into an environment variable

https://technicalconfessions.com/images/postimages/postimages/_400_3_O365 Enter credentials into enviornment variables.png

The next command, $LiveCred Get-Credential, allows you to store your admin credentials. This doesn't to be specifically $LiveCred. You just need to ensure that the variable used is the same variable within the upcoming commands. You will be presented with a popup window in which you enter in your admin credentials.


Step 3: Create a PSSession

https://technicalconfessions.com/images/postimages/postimages/_400_4_O365 create PSSession.png

The next command $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

https://technicalconfessions.com/images/postimages/postimages/_400_5_AllowCobbler and O365 get Session.png

This command will initiate the authentication between O365 and your computer by using the variable you just created. Because O365 needs to resolve the ps.outlook.com Uri, you must also ensure that you pass the -AllowRedirection parameter within the command. As you can see within the screenshot the connection is redirected, so the yellow warning is in fact a good thing. Assuming the response comes back error-free, it's time to check if the PSSession was successful, which is the second command within the screenshot, Get-PSSession. This command will return all the sessions (regardless if they are active or broken).

https://technicalconfessions.com/images/postimages/postimages/_400_6_O365 Modules imported into local environment.png

By default, you are only allowed to have 3 sessions that are created so from time to time, you may need to remove the sessions by executing, Remove-PSSession -id 6 assuming that the session ID you want to remove is 6. I've seen other blogs that use the connectionUri as -ConnectionUri https://outlook.office365.com/powershell-LiveID/ though both seem to work.


Step 4: Import all the O365 commands

https://technicalconfessions.com/images/postimages/postimages/_400_7_Step 5 import the MSOL modules.png

At the moment, your current powershell windows is not aware of the most updated o365 commands available. So once your O365 session is established, you can in fact import all the O365 commands available into your powershell terminal by running the Import-PSSession $Session -AllowClobber | Out-Null command. this is done by using the Import-PSSession command. You van also use the -AllowCobber to ensure all the commands are imported.


Step 5: Import the MSOL modules

https://technicalconfessions.com/images/postimages/postimages/_400_8_Step 6 Get the available users.png

The other MSOL commands you may want is from the Azure Active Directory, which are different from Step 4. You can do this by executing the Import-Module MSOnline and connect-msolservice -credential $LiveCred respectively.


Step 6: Get-MsolUser -All | measure

Now you're all setup to do whatever you want. The example below is how to view the current users within your O365 environment by executing the Get-MsolUser -All | measure command


Step 7: Create a new user within O365

https://technicalconfessions.com/images/postimages/postimages/_400_10_Step 7 Create User.png

Finally, you can use the active session by creating a new uer within your environment. The cmdlet below is a quick demonstration on how to create the user 'David Redfern' with the UPN of the 'tenant'.onmicrosoft.com suffix. New-MsolUser -UserPrincipalName dredfern2@montgomerytest.onmicrosoft.com -DisplayName "David Redfern" -FirstName "David" -LastName "Redfern"


Collective Commands

Below is the collective commands used throughout this blog post Comments below please

About the author

Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.
Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles

Comments

Other Posts

NameID element must be present as part of the Subject in the Response message

ShibbolethSAML

August 7, 2018
Created by: Daniel Redfern
NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Read More...

HOW TO provision AD group membership from OpenIDM

OpenIDMICFAD-connector

June 15, 2018
Created by: Daniel Redfern
For what I see, there's not too many supportive documentations out there that will demonstrate how provision AD group membership with the ICF connector using OpenIDM. The use of the special ldapGroups attribute is not explained anywhere in the Integrators guides to to the date of this blog. This quick blog identifies the tasks required to provision AD group membership from OpenIDM to AD using the LDAP ICF connector. However this doesn't really explain what ldapGroups actually does and there's no real worked example of how to go from an Assignment to ldapGroups to an assigned group in AD. I wrote up a wiki article for my own reference: AD group memberships automatically to users This is just my view, others may disagree, but I think the implementation experience could be improved with some more documentation and a more detailed example here.
Read More...

ForgeRock OpenIDM - InvalidCredentialException: Remote framework key is invalid

ICFIDMOpenIDMOpenICF

November 8, 2017
Created by: Daniel Redfern
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...

org.forgerock.script.exception.ScriptCompilationException: missing ; before statement

IDMsync.confforgerockopenidm

November 8, 2017
Created by: Daniel Redfern
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...

ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statemen

OpenIDMsync.confForgeRock

September 17, 2017
Created by: Daniel Redfern
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...

Caused by: org.forgerock.json.resource.BadRequestException: Target does not support attribute groups

OpenIDMForgeRockICFConnector

September 17, 2017
Created by: Daniel Redfern
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
Read More...

ForgeRock OpenIDM - InvalidCredentialException: Remote framework key is invalid

OpenIDMForgeRockICFConnectorAD

September 17, 2017
Created by: Daniel Redfern
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...

ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_g

OpenIDMIDMGoogleGoogle-AppsICFreconciliation

September 12, 2017
Created by: Daniel Redfern
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Read More...

forgerock-openidm-encryptedjwt-error

OpenIDMIDMForgeRockJWTIAM

August 29, 2017
Created by: Daniel Redfern
Received the JWT error
Read More...

Unexpected character ('¾' (code 190)): expected a valid value

ForgeRock-OpenIDMOpenIDMIDMKeystore

June 25, 2017
Created by: Daniel Redfern
Unexpected character occurred when the IP addresses changes and the virtual instance was migrated into a separate network subnet.
Read More...