ADD to Exchange online License Group based on User Status

Sharing a script which we have written in one of the customer environment for fixing the issues with Exchange Online licensing.

Scenario:

  • Licensing is handled based on Groups
  • Exchange online license is being applied after the user is migrated to Exchange Online.

It has been noted that License application is sometimes missed and because of that user faces issues after grace period is expired.

Below script resolves this issue and has been scheduled  to run daily.

Scripts accepts below parameters:

$Group1 –> Active Directory group for all users that are using o365(E3 license in this scenario)

$smtpserver –> SMTP server for relay
$from  –> Address from which email or alerts will be sent.
$erroremail  –> Address to which email or alerts will be sent.
$Group2 –> Active Directory group that is used for assigning Exchange online License
$count –> Threshold for the count of additions.

.\EOLLicenseCompliancegroupbased.ps1 -Group1 “O365ALLUsersE3” -Group2 “EOLLicenseADgroup” -smtpserver smtpserver -from donotreply@labtest.com -erroremail logs@labtest.com -count 10

It will auto create Logs folder if it does not exists and will store all the log files in it.

Below is the example what will be displayed on the screen when ran in interactive mode.

 

Script function:

1. Gather all the users from the first group where msExchRecipientTypeDetails -eq “2147483648”

which means that user object is RemoteUserMailbox.

2. Compare the above filtered group members with AD group2.

3. Collect the user objects that needs to be added.

4. ADD the collected users to AD group2.

 

Note: Script is dependent on AD module to function.

Download the script from below link or PowerShell Gallery , add parameters , run it or schedule it as per your requirements.

https://gallery.technet.microsoft.com/scriptcenter/ADD-to-Exchange-online-e37d0909

https://www.powershellgallery.com/packages/EOLLicenseCompliancegroupbased/

<#     
    .NOTES 
    =========================================================================== 
    Created with:     ISE 
    Created on:       5/23/2019 1:46 PM 
    Created by:       Vikas Sukhija 
    Organization:      
    Filename:         EOLLicenseCompliancegroupbased.ps1 
    =========================================================================== 
    .DESCRIPTION 
    This script will check the members of the E3 group nad checkl if Exchnage  
    license group is added or not, if not than it will add the EOL License group. 
#> 
####################Load All Functions############################## 
param ( 
  [string]$Group1 = $(Read-Host "Enter AD group for E3 License"), 
  [string]$smtpserver = $(Read-Host "Enter SMTP Server"), 
  [string]$from = $(Read-Host "Enter From Address"), 
  [string]$erroremail = $(Read-Host "Enter Address for Report and Errors"), 
  [string]$Group2 = $(Read-Host "Enter AD group for E3 EOL License"), 
  $count = $(Read-Host "Enter threshold for addition and removal") 
) 
function Write-Log 
{ 
  [CmdletBinding()] 
  param 
  ( 
    [Parameter(Mandatory = $true,ParameterSetName = 'Create')] 
    [array]$Name, 
    [Parameter(Mandatory = $true,ParameterSetName = 'Create')] 
    [string]$Ext, 
    [Parameter(Mandatory = $true,ParameterSetName = 'Create')] 
    [string]$folder, 
     
    [Parameter(ParameterSetName = 'Create',Position = 0)][switch]$Create, 
     
    [Parameter(Mandatory = $true,ParameterSetName = 'Message')] 
    [String]$Message, 
    [Parameter(Mandatory = $true,ParameterSetName = 'Message')] 
    [String]$path, 
    [Parameter(Mandatory = $false,ParameterSetName = 'Message')] 
    [ValidateSet('Information','Warning','Error')] 
    [string]$Severity = 'Information', 
     
    [Parameter(ParameterSetName = 'Message',Position = 0)][Switch]$MSG 
  ) 
  switch ($PsCmdlet.ParameterSetName) { 
    "Create" 
    { 
      $log = @() 
      $date1 = Get-Date -Format d 
      $date1 = $date1.ToString().Replace("/""-") 
      $time = Get-Date -Format t 
     
      $time = $time.ToString().Replace(":""-") 
      $time = $time.ToString().Replace(" """) 
     
      foreach ($n in $Name) 
      {$log += (Get-Location).Path + "\" + $folder + "\" + $n + "_" + $date1 + "_" + $time + "_.$Ext"} 
      return $log 
    } 
    "Message" 
    { 
      $date = Get-Date 
      $concatmessage = "|$date" + "|   |" + $Message +"|  |" + "$Severity|" 
      switch($Severity){ 
        "Information"{Write-Host -Object $concatmessage -ForegroundColor Green} 
        "Warning"{Write-Host -Object $concatmessage -ForegroundColor Yellow} 
        "Error"{Write-Host -Object $concatmessage -ForegroundColor Red} 
      } 
       
      Add-Content -Path $path -Value $concatmessage 
    } 
  } 
} 
 
function ProgressBar 
{ 
  [CmdletBinding()] 
  param 
  ( 
    [Parameter(Mandatory = $true)] 
    $Title, 
    [Parameter(Mandatory = $true)] 
    [int]$Timer 
  ) 
     
  For ($i = 1; $i -le $Timer$i++) 
  { 
    Start-Sleep -Seconds 1; 
    Write-Progress -Activity $Title -Status "$i" -PercentComplete ($i /10 * 100) 
  } 
} 
#################Check if logs folder is created################## 
$logpath  = (Get-Location).path + "\logs"  
$testlogpath = Test-Path -Path $logpath 
if($testlogpath -eq $false) 
{ 
  ProgressBar -Title "Creating logs folder" -Timer 10 
  New-Item -Path (Get-Location).path -Name Logs -Type directory 
} 
 
 
##########################Load variables & Logs#################### 
 
$log = Write-Log -Name "log_EOLE32ADgroup" -folder logs -Ext log 
 
########################mainScript################################ 
Write-Log -Message "Start Script" -path $log  
Write-Log -Message "E3 O365 group name: $Group1" -path $log  
Write-Log -Message "E3 EOL group name: $Group2" -path $log  
Write-Log -Message "SMTP server: $smtpserver" -path $log  
Write-Log -Message "From Address: $from" -path $log  
Write-Log -Message "Alert Email: $erroremail" -path $log  
Write-Log -Message "Threshhold: $count" -path $log  
try 
{ 
  Import-Module -Name activedirectory 
  Write-Log -Message "AD Module Loaded" -path $log 
} 
catch 
{ 
  $exception = $_.Exception 
  Write-Log -Message "Error loading AD Module Loaded" -path $log -Severity Error  
  Write-Log -Message $exception -path $log -Severity error 
  Send-MailMessage -SmtpServer $smtpserver -To $erroremail -From $from -Subject "Error has occured loading AD Module - EOLLicenseCompliancegroupbased" -Body $($_.Exception.Message) 
  Exit 
} 
Write-Log -Message "Start fetching all users from o365 AD E3 $Group1" -path $log 
$allo365E3users = Get-ADGroup $Group1 -Properties Member | 
Select-Object -Expand Member | 
Get-ADUser -Properties msExchRecipientTypeDetails | 
where{$_.msExchRecipientTypeDetails  -eq "2147483648"| 
select -ExpandProperty UserPrincipalName 
     
Write-Log -Message "Fetched all users from o365 AD E3 $Group1" -path $log 
Write-Log -Message "Start fetching all users from o365 EOL $Group2" -path $log 
$allo365CurrentEOLLicusers = Get-ADGroup $Group2 -Properties Member | 
Select-Object -Expand Member | 
Get-ADUser -Properties msExchRecipientTypeDetails | 
where{$_.msExchRecipientTypeDetails  -eq "2147483648"| 
select -ExpandProperty UserPrincipalName 
     
Write-Log -Message "Fetched all users from o365 EOL $Group2" -path $log 
 
###############Comaore to get adds####################################### 
$change = Compare-Object -ReferenceObject $allo365E3users -DifferenceObject $allo365CurrentEOLLicusers  
 
$Addition = $change | 
Where-Object -FilterScript {$_.SideIndicator -eq "<="| 
Select-Object -ExpandProperty InputObject 
 
$additioncount = $Addition.count 
Write-Log -Message "Count of Addition is $additioncount" -path $log 
if($Addition.count -gt $count) 
{ 
  Write-Log -Message "Count of is greater than $count" -path $log -Severity Warning 
  Write-Log -Message "Script Terminated" -path $log -Severity error 
  Send-MailMessage -SmtpServer $smtpserver -From $from -To $erroremail -Subject "Count of is greater than $count - EOLLicenseCompliancegroupbased" -Body "Count of is greater than $count - EOLLicenseCompliancegroupbased" 
  Exit 
} 
else 
{ 
  Write-Log -Message "Processing ---------------- Additions" -path $log 
  $colladditions = @() 
  $Addition | ForEach-Object -Process { 
    $upn = $_ 
    Write-Log -Message "Adding $upn to $Group2" -path $log 
    $getuser = Get-ADUser -Filter {UserPrincipalName -eq $upn}  
    $colladditions +$getuser.samaccountname 
  } 
  Write-Log -Message "Collected all Additions" -path $log 
   
  $val = 0 
  $colladditionscoll = @() 
  for($i = 0;$i -lt $colladditions.count) 
  { 
    While($val -ne "100") 
    { 
      $colladditionscoll +$colladditions[$val + $i] 
      $val++ 
    } 
    if($val -eq "100") 
    { 
      $val = 0 
      $i = $i+100 
      $colladditionscoll = $colladditionscoll | where{$_} 
      Write-Log -Message "ADD Members ....$colladditionscoll" -path $log 
      ADD-ADGroupMember -identity $Group2 -Members $colladditionscoll -Confirm:$false 
      $colladditionscoll = @() 
    } 
  } 
} 
########################Recycle reports & logs############## 
$path1 = $logpath 
$limit = (Get-Date).AddDays(-60) #for report recycling 
Get-ChildItem -Path $path1 | 
Where-Object -FilterScript {$_.CreationTime -lt $limit| 
Remove-Item -Recurse -Force 
 
Write-Log -Message "Script Finished" -path $log 
Send-MailMessage -SmtpServer $smtpserver -From $from -To $erroremail -Subject "Transcript Log - EOLLicenseCompliancegroupbased" -Body "Transcript Log - EOLLicenseCompliancegroupbased" -Attachments $log 
 
##############################################################
Thanks for Reading and Downloading

 

Sukhija Vikas

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s