Office 365 Automate User Licensing

Recently working with a client they wanted to automate the licensing of Office 365 accounts, this client had multiple Active Directory forests being sync and cloud users in their Office 365 tenant. For those that have to assign licenses to users in Office 365 know it’s a two step process:

1. Set user location
2. Assign Office 365 license

To do this requires you to login to Office 365 and assign the information, We all know to run a local scheduled task, credentials can be stored in the task, however this is not possible (…Not that I’ve found) to store Office 365 credentials and pass them thru PowerShell from the scheduled task. For this reason you need to store the password on the local system. Before we get to this you need to make sure the user account your using has the correct permissions to assign licenses. Office 365 has a number of Admin roles Office 365 Admin Roles

So the only roles that can assign licenses are Global Admin and User Management Admin.

I’ve broken the PowerShell into five sections:

1. Get Office 365 Credentials
2. Connect to Office 365
3. Set user usage location
4. Get Office 365 license SKU
5. Assign License

Get Office 365 Credentials

To be able to pass the password from the schedule task to PowerShell the password needs to be stored in plain text, to store passwords in plain text is never recommend. For this reason I’ve not used a domain account, I’ve used a cloud only account with a complex password. The location of the password is a local domain server which has restricted logons and additional NTFS permissions can be added to the location.

## MSOL Credentials
$MsolAdmUser = “MSOL@yourdomain.onmicrosoft.com” 
$pwd = Get-Content C:\Common\msol.txt | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential $MsolAdmUser, $pwd

Connect to Office 365

To connect to Office 365 you need the follow these instructions Manage Azure AD using Windows PowerShell as Prerequisites. Once these steps have been completed. you will be able to connect:

## Connect To Office 365
Import-Module MSOnline
Connect-MsolService -Credential $cred

Set user usage location

A colleague of mine pointed me to this script in the TechNet Gallery, this script makes the local Active Directory country/region field to the Office 365 usage. Download and store this script.

## Set Usage Location for MSOl Users
C:\Common\Set-MSOLUsageLocation.ps1

Get Office 365 license SKU

Before a license can be assigned, we need to get the correct SKU.

## Get Office 365 Account SKUs
$AccountSku = Get-MsolAccountSku

Its possible that you will have a number of different SKU’s on your tenant, you can list individual SKU:

## Account SKU Array
$AccountSku[0].AccountSkuId
$AccountSku[1].AccountSkuId
$AccountSku[2].AccountSkuId

For this project we’re only assign one type of SKU to all users, I’ll post another blog later how to assign different SKU’s within the same script.

Assign Licenses

Last but not least is to assign the license to the users. This takes data from the previous steps and assigns licenses:

## Set License for MSOL Users
$Users = Get-MsolUser -All -UnlicensedUsersOnly
$users = $users | ? {$_.Country -ne $null}

ForEach ($User in $Users)
    {
        Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -AddLicenses $AccountSku[0].AccountSkuId
    }

Put all of these steps together in a PS1 script and set a scheduled task. Next steps are to put a query/variable into the Set-MsolUSerLicense this will allow different types of SKU’s to be applied in the same script, I’ll post this once complete…

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Exchange 2016 Installation…

Here are my notes of deploying Exchange 2016 into my home lab for testing, My current Exchange deployment is 2013 connected to Office 365 with a hybrid configuration. I plan to deploy two Exchange 2016 servers in Database Availability Group. This post will deal with the initial upgrade to the Schema, Configuration and Domain, then the installation of the first Exchange 2016 server.

Prerequisites

Download Exchange 2016 Download Link, and extract the setup files to local on the Exchange Server. To upgrade the Schema, Configuration and Domain this can be done from a 64-Bit Domain Controller or from an Exchange Server with the Remote Tools Administration Pack feature installed, The Server also requires .NET Framework 4.5.2,  To install this feature:

1. Download and install .NET Framework 4.5.2 (If Windows Update has been run this may already be installed)
2. Open Windows PowerShell (Run as Administrator)
3. Install the Remote Tools Administration Pack using the following command
   
   Install-WindowsFeature RSAT-ADDS

To upgrade the Schema, Configuration and Domain(s) open a command window (Run as Administrator) and run the following commands:

1. Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
2. Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
3. Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

If you you have multiple domains to in the Active Directory Forest you can use the /PrepareAllDomains.

Note: To prepare The Schema the service account used must be a member of Schema Admins and Enterprise Admins, To update the Configuration and Domain(s) the service account used must be a member of Enterprise Admins.

Reference: TechNet Prepare Active Directory and Domains

PrepareSchema, PrepareAD, PrepareDomain

Server Preparation

Before Exchange 2016 is installed a number of Windows Features need to be installed, To install these features:

Reference: TechNet Exchange 2016 Prerequisites

1. Open Windows PowerShell (Run as Administrator)
2. Install required features:
   
   

   Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
   

3. Restart Server

4. Install Additional Software:
1. .NET Framework 4.5.2
2. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
5. Run Windows Update

Graphical User Interface Installation

The following screenshots are taken from the Graphical User Interface Installation (GUI) of Exchange 2016.

Reference: TechNet Install the Exchange 2016 Mailbox role using the Setup wizard

Note: Please note these installation requirements:

• If you're installing the first Exchange 2016 server in the organization, the account you use needs to be a member of the Enterprise Admins group
• If you haven't previously prepared the Active Directory schema, the account you use also needs to be a member of the Schema Admins group
• If you've already prepared the schema and aren't installing the first Exchange 2016 server in the organization, the account you use needs to be a member of the Exchange 2016 Organization Management role group

1. 
   First window will ask Check for Updates? This the RTM of Exchange 2016 and currently no updates, click Next
2. 
   Click Next
3. 
   The file setup will display Copying Files…
4. 
   The setup will display Initializing Setup… 
5. 
   The setup will display Introduction with links to Exchange 2016 technical information, click Next
6. 
   The License Agreement will be displayed, Once read… Select the radio I accept the terms in the license agreement, and click Next
7. 
   Then select Recommend Settings that you want, the links will display information on these settings, I leave this set on Use Recommended Settings but some clients I work with prefer this to changed, once selected click Next
8. 
   Now there is just a single role to install, check Mailbox Role, and click Next
9. 
   This screen allows you to change the installation directory, please not that Exchange 2016 is still installed in V15, this is the same as Exchange 2013, once installation path has been confirmed click Next
10. 
    Leave the default Malware Protection Settings enabled unless you requirement for them to be turn off, and click Next
11. 
    The setup will run Readiness Checks… to ensure the server and infrastructure is ready for Exchange 2016 to be installed.
12. 
    Any errors and warnings will be displayed, for instance in my environment it warned me that “MAPI over HTTP is the preferred Outlook desktop connectivity…” Now I thought this was default in Exchange 2016 need to check the release notes, this might just be for New/Greenfield installations, if there is no errors and only warnings, click Install to begin the installation.
13. 
    Setup will go through all of the required steps to install Exchange 2016
14. 
    Once complete the last screen will be displayed, click Finish to close the setup window
15. The server should be restarted post installation

Unattended Installation

The over method of installing Exchange 2016 is through a Unattended Installation, this installs Exchange 2016 through the command window, this method uses switches to configure all the options of the Exchange 2016 installation.

Reference: TechNet Install Exchange 2016 using unattended mode

1. Open a command window (Run as Administrator)
2. For a basic Exchange 2016 installation, enter the following command:
   
   Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /IAcceptExchangeServerLicenseTerms

This will install Exchange 2016 with a random mailbox database, you can use the switches to change the installation directory and database name and paths etc. The following screen is a completed unattended installation of Exchange 2016.

This completes the basic installation of Exchange 2016, all in all the setup process is very similar as Exchange 2013. Next up will be the configuration of Exchange 2016 including Mailbox Databases, Database Availability Group, Virtual Directories, Office Online Server… and much much more.

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Exchange 2013 Cumulative Update

The latest Exchange 2013 Cumulative Update (CU) 10 was released on 15th September 2015. There was no schema changes compared to CU9 , in fact the last schema change was in CU7.

Download the CU10 Download Link, and extract the setup files to local on the Exchange Server. To upgrade the Schema, Configuration and Domain this can be done from a 64-Bit Domain Controller or from an Exchange Server with the Remote Tools Administration Pack feature installed. To install this feature:

1. Open Windows PowerShell (Run as Administrator)
2. Install the Remote Tools Administration Pack using the following command
   
   Install-WindowsFeature RSAT-ADDS

To upgrade the Schema, Configuration and Domain(s) open a command window (Run as Administrator) and run the following commands:

1. Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
2. Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
3. Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

If you you have multiple domains to in the Active Directory Forest you can use the /PrepareAllDomains.

Note: To prepare The Schema the service account used must be a member of Schema Admins and Enterprise Admins, To update the Configuration and Domain(s) the service account used must be a member of Enterprise Admins.

Reference: TechNet Prepare Active Directory and Domains

PrepareSchema, PrepareAD, PrepareDomain

Unattended Installation

Once the Schema, Configuration and Domain has been updated, allow time for this to replicate to all Domain Controllers in the forest, The easiest way to upgrade a Exchange 2013 server is with an Unattended Installation. Open a command window (Run as Administrator) and run the following command:

1. Setup.com /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

The setup will check the environment to ensure that it’s ready to install, any warnings will be displayed, for instance my installation warned that I didn’t have a send connector for ‘*’, this is because my lab sits behind a dynamic IP address and I can’t send external SMTP.

Note: This upgrade was on a standalone Exchange server that was not a member of a Database Availability Group(DAG), If a server is a member of a DAG it needs to removed/suspended from the load balanced environment and put into maintenance mode, I’ll get this posted on another day.

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.