Administering Microsoft Office 365 using Windows PowerShell

Microsoft Office 365 is a software plus services offering from Microsoft, the successor to the existing offering Business Productivity Online Suite. The following services are included in the initial release of Office 365:

  • Exchange Online
  • Lync Online
  • Sharepoint Online
  • Office Professional Plus 2010

One major advantage in Office 365 compared to the previous version is the ability to offer single sign-on, also referred to as identity federation, which makes  the offering more attractive for enterprises. Another feature that makes it attractive for larger environments is the greatly enhanced support for administration using Windows PowerShell. Many of the PowerShell capabilities are built on the remoting capabilities in PowerShell version 2, while some requires installation of a PowerShell snapin or module.

Office 365 PowerShell Management Interface

The Office 365 PowerShell Management Interface offers the ability to administer service-wide features, and is not limited to a specific service like i.e. Exchange Online. The initial features that can be administered using this interface include the following:

  • Account SKUs
  • Company info
  • Contacts
  • Domains
  • Domain Federation
  • Groups
  • Partner Contracts
  • Role-based Access Control
  • Subscriptions
  • Users

This interface is available through a PowerShell Module available from here:

The Microsoft Online Services Sign-In Assistant 7.0 is a prerequisite for installing the Microsoft Online Services Module for Windows PowerShell, and is available from here:

When installed you can launch Windows PowerShell and perform the following steps:

001
002
003
004
Import-Module msonline
$cred = Get-Credential
Connect-MsolService -cred $cred
Get-Command –Module msonline

1) Import the module.

2) Create a credential-object stored in the variable $cred

3) Create a new remote PowerShell connection against the PowerShell endpoint for Office 365

4) List the cmdlets available

 

A shortcut to the module is also available on the Start-menu (you can skip step 1 if launching this shortcut):

image

Here is an overview of the available cmdlets:

image

You can find a complete reference for the cmdlets here.

Exchange Online

Exchange Online is based on Exchange Server 2010, and thus offers great capabilities for administration through PowerShell remoting. The Role-based Access Control introduced in Exchange Server 2010 also makes it possible to define custom RBAC roles to delegate administration.

To connect to the Exchange Online endpoint for PowerShell remoting we can use the following procedure:

001
002
003
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

1) Create a credential-object stored in the variable $cred

2) Create a new remote PowerShell session against the PowerShell endpoint for Exchange Online

3) Import the cmdlets available in the remote session

 

Before you attempt to connect, make sure that the PowerShell execution policy isn`t set to Restricted which is the default, as this will prevent the remote session from being loaded. A recommended approach is to use RemoteSigned which can be set by running Set-ExecutionPolicy RemoteSigned.

When the above steps are completed the cmdlets for managing Exchange Online is available in a script module:

image

To list the available cmdlets we can use Get-Command –Module tmp*:

image

Due to the fact that there is 290 cmdlets available when authenticating as a Office 365 global administrator the output above is truncated. Based on what RBAC-role the user is a member of, different cmdlets will be available.

A reference to the available cmdlets for administering Exchange Online is available here.

 

Microsoft Online Services Identity Federation Management

The Microsoft Online Services Identity Federation Management tool that was available in the Office 365 beta is now deprecated. The functionality of the tool is now integrated into the Microsoft Online Services Module for Windows PowerShell, which is used to configure Active Directory Federation Services 2.0 when deploying identity federation On-Premises. Instructions on how to manage federated domains is available here.

 

Microsoft Online Services Directory Synchronization tool

The Microsoft Online Services Directory Synchronization tool is used synchronize the On-Premises Active Directory environment with an Office 365 tenant. Instructions for setting up directory synchronization and installing the directory synchronization tool is available here.

Two Windows PowerShell snapins is installed as part of the Directory Synchronization tool:

  • Coexistence-Configuration
  • Coexistence-Install

There is no shortcuts to the snapins either on the Start-menu or the desktop. They can either be launched by using Add-PSSnapin or by launching the PowerShell Console-files in C:Program FilesMicrosoft Online Directory Sync:

image

The available cmdlets:

image

By default the Directory Syncronization Tool performs a delta sync every 3 hours. To perform a sync more often, or as part of a provisioning script, the Start-OnlineCoexistenceSync cmdlet can be invoked (no parameters needed).

The cmdlets available in the Coexistence-Install snapin is primarily needed when using a remote SQL Server database. By default a local SQL Express instance is used as the database, which scales up to approximately 50 000 objects. When the number of contacts, users and groups in the On-Premises Active Directory environment exceeds this limit, it`s recommended to configure the Directory Synchronization Tool to use a full version of SQL Server.

Conclusion

With the new offerings in Office 365 the ability to automate administration using Windows PowerShell is greatly enhanced compared to the previous version. The use of PowerShell remoting makes it a dynamic feature, as Microsoft can add more cmdlets without the need for administrators to download updated administration tools.

To my knowledge there will be no cmdlets available for administering Lync Online and Sharepoint Online when Office 365 is released for general availability, however, this may be a added in the future. This blog-post will be updated when more information on administering Office 365 using Windows PowerShell becomes available.

 

Update 22.05.2010: The blog-post is now updated to reflect the availability of the Microsoft Online Services Module for Windows PowerShell.

17 thoughts on “Administering Microsoft Office 365 using Windows PowerShell

  1. Pingback: erp module: Administering Sap R/3: Mm-Materials Management Module | erp module

  2. Pingback: Office 365: Administración con PowerShell! - Blog del CIIN

  3. Pingback: Office 365: Soporte de PowerShell! - Blog del CIIN

  4. Pingback: Office 365: Soporte de PowerShell! « Pasión por la tecnología…

  5. Pingback: Office 365 Hybrid Deployment / Exchange Rich Coexistence – Sharing Availability (Free/Busy) - Neil Johnson - a rock 'n roll nerd.... - Site Home - TechNet Blogs

  6. Pingback: Office 365 Features and how to configure them « msunified.net

  7. Pingback: Office 365 Features and how to configure them « msunified.net

  8. Pingback: Change the default Calendar AccessRight on all mailboxes to Reviewer « msunified.net

  9. Pingback: Exchange Online .pst importieren - MCSEboard.de MCSE Forum

  10. Pingback: Andrew Zhu | Xhinker | [PowerShell] PowerShell and Office 365

  11. Pingback: ¡Soporte de PowerShell en Office 365! - Blog técnico de Office 365 - Office 365 - Español - Microsoft Office 365 Community

  12. Pingback: Windows PowerShell cmdlets for Office 365 « Mshiyas Blog

  13. Pingback: Blog MUP | Error al instalar Windows Azure Active Directory Module for Windows PowerShell