Microsoft Office365 Dir Sync Limitation Work Around for ChangePasswordLogon Forc

This topic contains 3 replies, has 2 voices, and was last updated by  Michael ANdreu 3 years ago.

  • Author
  • #26590

    Michael ANdreu

    We are using the Dirsync and have a nery big limitation with DirSync. It will not sync any user if the Local AD server have the check mark User must change password at next log on.
    So we have to do a few things to complete the result that we need.
    1) First we have to import a csv file into powershell. Which has all the AD Import information from every student to create an AD account and password.
    2) We have to search office365 for newly created accounts bu process of Usagelocation equals $Null.
    3) We have to apply a password change to Only those users and also add a license and change the UsageLocation to "US'

    I can do the change to users that have the $null but my problem is that the password that I have to reset it to is located in the csv file.
    I cannot do a csv import Then Get-MsolUser if only UsageLocation is Null then the results of those users I need to reset the password to a csv coloum using the UserPrincipalName as the link. Then Assign a license, Assign the UsageLocation and also strongpasswordrequired to $false and also -Forcechangepassword $true.

    So far this is what I have. I am a noob at powershell.

    #Test 3
    #Set all veriables
    $StudentMailboxes = Get-MsolUser -All | Where-Object {$_.UserPrincipalName -like "*"}
    $UsageLocationNull = Get-MsolUser -All | Where-Object {$_.UsageLocation -eq $Null}
    $ResetAccountPassword = Set-MsolUserPassword -UserPrincipalName $_.userPrincipalName -ForceChangePassword:$true
    $SetUserLocation = Set-MsolUser -UsageLocation "US"
    $RemoveStrongPassword = Get-MsolUser -All | Set-MsolUser -strongpasswordrequired $false
    $AssignLicense = set-msoluserlicense -UserPrincipalName $_.UserPrincipalName -AddLicenses "domain:STANDARDWOFFPACK_STUDENT"

    #Import csv into powershell
    import-csv "C:\PowerShell\CampusSTUExport.csv"

    #For each password in all accounts that have
    foreach ($user in $StudentMailboxes) {
    if($_.UsageLocation -eq $Null){
    $ResetAccountPassword; $SetUserLocation; $RemoveStrongPassword; $AssignLicense
    Write-Host 'UserPassword is Already Changed'

    Any help to point me to the right way or document would be great.
    Thank You.

  • #26612

    Dan Potter

    Is there a reason not to use adfs?

  • #26626

    Michael ANdreu

    The Problem with AD FS is that every log on request will need to Authenticate with our servers. We like that Microsoft has 99.99 up time and we are a smaller growing school. We just don't have the Disaster capability to host it our self. Thank you for the reply.

  • #26655

    Michael ANdreu

    I just found with Microsoft that we can put a simple check mark in Dir sync and also the local AD passwords to sync to office365. So I do not need this script anymore. Thanks.

You must be logged in to reply to this topic.