Author Posts

June 17, 2015 at 12:54 pm

We are using the Dirsync and have a nery big limitation with DirSync. It will not sync any user if the Local AD server have the check mark User must change password at next log on.
So we have to do a few things to complete the result that we need.
1) First we have to import a csv file into powershell. Which has all the AD Import information from every student to create an AD account and password.
2) We have to search office365 for newly created accounts bu process of Usagelocation equals $Null.
3) We have to apply a password change to Only those users and also add a license and change the UsageLocation to "US'

I can do the change to users that have the $null but my problem is that the password that I have to reset it to is located in the csv file.
I cannot do a csv import Then Get-MsolUser if only UsageLocation is Null then the results of those users I need to reset the password to a csv coloum using the UserPrincipalName as the link. Then Assign a license, Assign the UsageLocation and also strongpasswordrequired to $false and also -Forcechangepassword $true.

So far this is what I have. I am a noob at powershell.

#Test 3
#Set all veriables
$StudentMailboxes = Get-MsolUser -All | Where-Object {$_.UserPrincipalName -like "*@domain.edu"}
$UsageLocationNull = Get-MsolUser -All | Where-Object {$_.UsageLocation -eq $Null}
$ResetAccountPassword = Set-MsolUserPassword -UserPrincipalName $_.userPrincipalName -ForceChangePassword:$true
$SetUserLocation = Set-MsolUser -UsageLocation "US"
$RemoveStrongPassword = Get-MsolUser -All | Set-MsolUser -strongpasswordrequired $false
$AssignLicense = set-msoluserlicense -UserPrincipalName $_.UserPrincipalName -AddLicenses "domain:STANDARDWOFFPACK_STUDENT"

#Import csv into powershell
import-csv "C:\PowerShell\CampusSTUExport.csv"

#For each password in all accounts that have @domain.edu
foreach ($user in $StudentMailboxes) {
if($_.UsageLocation -eq $Null){
$ResetAccountPassword; $SetUserLocation; $RemoveStrongPassword; $AssignLicense
}else{
Write-Host 'UserPassword is Already Changed'
}
}

Any help to point me to the right way or document would be great.
Thank You.

June 18, 2015 at 5:03 am

Is there a reason not to use adfs?

June 18, 2015 at 7:23 am

The Problem with AD FS is that every log on request will need to Authenticate with our servers. We like that Microsoft has 99.99 up time and we are a smaller growing school. We just don't have the Disaster capability to host it our self. Thank you for the reply.

June 19, 2015 at 5:28 am

I just found with Microsoft that we can put a simple check mark in Dir sync and also the local AD passwords to sync to office365. So I do not need this script anymore. Thanks.