Office 365 | Powershell

With the migration of many BPOS accounts to Office 365 there have been some major changes to the back-end resulting in a different method connecting via PowerShell in order to use command line syntax.

To use the PowerShell command line syntax for Office 365 you first need to initiate a connection to the 365 servers:

Powershell using “Microsoft Online Services Module for Windows PowerShell”

You may experience the following error when running Powershell Commands:

“File cannot be loaded because the execution of scripts is disabled on this system”

You can run this command to remove the execution restriction.

Set-ExecutionPolicy Unrestricted

Open Connection:

$LiveCred = Get-Credential

Enter admin credentials for required domain:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Lock/Unlock User Account:

Set-MsolUser -UserPrincipalName user@example.com –blockcredential <strong>$false</strong>
Set-MsolUser -UserPrincipalName user@example.com –blockcredential <strong>$true</strong>

Configure Mail Forwarding:

Set-Mailbox -Identity user@example.com -ForwardingAddress admin@example.com -DeliverToMailboxAndForward $true

Configure Send As permissions:

Add-RecipientPermission -Identity user@example.com -Trustee admin@example.com -AccessRights SendAs

In this command line, “admin@example.com” represents the mailbox, contact, or distribution group that you want to grant rights to and is the user who you want to grant Send As rights.

To verify that the permissions are applied:

Get-RecipientPermission -Identity  | Select Trustee, AccessControlType, AccessRights

In the results, you should be able to confirm thathas Send As rights granted. These rights can be assigned to a user, mailbox or group Active Directory objects.

Grant full mailbox access, Grant a user full mailbox access to a user other than the mailbox owner:

Add-MailboxPermission -Identity user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All

In this command line, “user@example.com” represents the mailbox that you want to grant rights to and “admin@example.com” is the mailbox of the user who you want to grant Full Access rights.

I always get this messed up! the “user” is who’s account you want to access i.e. helpdesk@ support@ etc. The “admin” is the users account who needs the access i.e. dom@ user@ etc.
If an administrator wants to grant a user access to a room mailbox, the administrator may want to specify that user as the Owner:

Add-MailboxPermission -Identity  -Owner

Only users that have Exchange mailboxes can be granted access to other mailboxes. Users who do not have mailboxes receive a permissions error when they try  to access the other mailboxes.

Remove Mailbox Access:

Remove-MailboxPermission user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All

To verify that the permissions are applied to the mailbox:

Get-MailboxPermission -Identity user@example.com | Select User, AccessRights, Deny

In the results, you should be able to confirm that <Mailbox2> has Full Access rights granted.

Configure “Send on behalf” permissions, Grant a user the ability to send mail on behalf of another user:

Set-Mailbox -Identity user@example.com -GrantSendOnBehalfTo admin@example.com

In this command line, user@example.com represents the mailbox that you want to grant permissions to and admin@example.com is the mailbox of the user who you want to grant access.

To verify that the “SendOnBehalf” permissions are applied:

Get-Mailbox&nbsp; -Identity admin@example.com | Select GrantSendOnBehalfTo

Find out whether a password is set to never expire:

Get-MSOLUser -UserPrincipalName admin@example.com | Select PasswordNeverExpires
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

Set a password to never expire (Individual)

Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires <strong>$true</strong>
Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires <strong>$false</strong>

Set a password expiry (All Users)

Get-MSOLUser | Set-MsolUser -PasswordNeverExpires <strong>$true</strong>
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires <strong>$false</strong>

Powershell Commands

Useful URLs:

Links:

Created Shared mailboxes:
Note: This code needs some further work in order to actually create a shared mailbox, but it provides enough of the command line to google a guide.

Add-MailboxPermission "support@domain.com" -User supportMailbox_SG@domain.com -AccessRights FullAccess

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.