[Powershell] Managing O365 with Powershell

1) Installing the O365 online module

• Download Powershell online module from this link : http://aka.ms/t01i1o

• Under Microsoft Online Services Sign-In Assistant for IT Professionals RTW, click Download.

• select the en\msoidcl_64.msi check box, click Next, and then click Save.Wait for the download to finish.When the download finishes, click Run.

• In the Microsoft Online Services Sign-in Assistant Setup wizard, click I accept the terms in the license Agreement and Privacy Statement, and then click Install.If a User Account Control dialog box appears, click Yes.

• On the Completed the Microsoft Online Services Sign-in Assistant Setup Wizard page, click Finish.

• Then Right click on Start and click Windows PowerShell (Admin)

• At the prompt, type Install-ModuleMSOnline command.

• If prompted to install the NuGet provider, type Y and press ENTER.

• If prompted to install the module from PSGallery, type Y and press ENTER

2) Create new users and assign licenses

• At the Powershell, type the following command to connect

Connect-MsolService

• In the Enter Credentials dialog box sign in

2.1) Create New User

New-MsolUser -UserPrincipalName Catherine@LODSA904072.onmicrosoft.com -DisplayName "Catherine Richard" -FirstName "Catherine" -LastName"Richard" -Password 'Pa55w.rd' -ForceChangePassword $false -UsageLocation "CH" 

2.2) Checking the un-licensed user

Get-MsolUser -UnlicensedUsersOnly

2.3) View the available licenses

Get-MsolAccountSku

2.4) Add Licenses to a user

Set-MsolUserLicense –UserPrincipalName  catherine@LODSA904072.onmicrosoft.com - AddLicenses "LODSAxxxxxx:ENTERPRISEPREMIUM"

2.5) Prevent a user from signing in

Set-MsolUser -UserPrincipalNameCatherine@LODSA904072.onmicrosoft.com -BlockCredential $true

2.6) To allow a user to sign in

Set-MsolUser -UserPrincipalNameCatherine@LODSA904072.onmicrosoft.com -BlockCredential $false

2.7) Delete a user

Remove-MsolUser -UserPrincipalNameCatherine@LODSA904072.onmicrosoft.com -Force

2.8) view the Deleted Users 

Get-MsolUser -ReturnDeletedUsers

2.9) Restore a deleted user

Restore-MsolUser -UserPrincipalNameCatherine@LODSA904072.onmicrosoft.com

2.10) view the active users list

Get-MsolUser


3) Modify user accounts

3.1) To bulk import several users from a comma-separated value (CSV) file

Import-Csv -PathC:\labfiles\O365Users.csv | ForEach-Object { New-MsolUser -UserPrincipalName$_."UPN" -FirstName $_."FirstName" -LastName $_."LastName" -DisplayName$_."DisplayName" -BlockCredential $False-ForceChangePassword $False -Password$_."Password" -PasswordNeverExpires$True -Title $_."Title" -Department$_."Department" -Office $_."Office" -PhoneNumber $_."PhoneNumber" -MobilePhone $_."MobilePhone" -StreetAddress $_."StreetAddress" -City$_."City" -State $_."State" -PostalCode$_."PostalCode" -Country $_."Country" }

It is recommended that you use the type/text feature in a Notepad first and from there to copy and then paste this code into your PowerShell session.

4) Configure groups and group membership


4.1) Create a group

New-MsolGroup -DisplayName "Marketing" -Description "Marketing department users"

4.2) Configure a variable for the group add user to the group

$MktGrp = Get-MsolGroup | Where-Object{$_.DisplayName -eq "Marketing"}

$Catherine = Get-MsolUser | Where-Object{$_.DisplayName -eq "Catherine Richard"}

Add-MsolGroupMember -GroupObjectId$MktGrp.ObjectId -GroupMemberType "User"-GroupMemberObjectId $Catherine.ObjectId

4.3) To verify the members of the group

Get-MsolGroupMember -GroupObjectId$MktGrp.ObjectId

5) Configure user passwords

5.1) Set Passwords

Set-MsolUserPassword -UserPrincipalName"Tameka@LODSA904072.onmicrosoft.com" -NewPassword 'Pa55w.rd'

5.2) Set password to never expire

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $false

6) Manage service administration 

6.1) Assigning Roles

Add-MsolRoleMember -RoleName "Service Support Administrator" -RoleMemberEmailAddress"Sallie@LODSA904072.onmicrosoft.com"

Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberEmailAddress"Amy@LODSA904072.onmicrosoft.com"

6.2) Get the members who has Service Support Administrator role assigned

$role = Get-MsolRole -RoleName "Service Support Administrator"

Get-MsolRoleMember -RoleObjectId$role.ObjectId

Kerberos Token Bloat (MaxTokenSize)

How to reduce Kerberos token bloat

To reduce the Kerberos Ticket Size you can:

•  Reduce group membership(No need to reduce DLs , Mostly security groups)
• Clean up SID History
• Limit the number of users that are configured to use "trusted for delegation". The account that are configured  to use "trusted   for delegation" the buffer requirements for each SID may double

          How to prevent Kerberos login errors due to token bloat

To allow a user to be a member of more than 900 groups you can increase the size of the MaxTokenSize by modify the following registry key on all workstations.

 To use this parameter:

1. Start Registry Editor (Regedt32.exe).

2. Locate and click the following key in the registry: System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

3. If this key is not present, create the key. To do so:
   1. Click the following key in the registry: System\CurrentControlSet\Control\Lsa\Kerberos
   2. On the Edit menu, click Add Key.
   3. Create a Parameters key.
   4. Click the new Parameters key.

4. On the Edit menu, click Add Value, and then add the following registry value: 
   Value name: MaxTokenSizeData type: REG_DWORDRadix: DecimalValue data: 48000

Windows Server Installation in Vmware

VM Configurations

Step 1: Please create a VM machine as below configurations

Step 2: Initial  Installation

Step 3: Select the operating system to install

Step 4: You will have to accept the agreement first before proceed further

Step 5: Now It will ask you for the drive (or partition) you want to install Windows on. Here I'm installing it on the one partition I have here. NOTE: This will remove the content of the partition. Either you create a partition to install windows on, or you can test this on a testing machine

When you click next setup screen will appear and it might take a while to complete

Step 6 :

Once the setup is done, it will restart and start your Windows Server 2012 for the first time. It will ask you then to set up a password for the Administrator user

Step 7 : Once the setup is done, you can log in for the first time to your Windows Server, as the screen says, press Ctrl+Alt+Delete to log in, and use the password you set in the setup process

Configure RAID 5 and Install VMWARE ESXI 6.0 on dell T320 Server

Configure RAID 5 on Dell T320 Server with 3 hard disks


1) Go to the raid configuration utility first (Ctrl + R).  You can see the buttons you have to pressed when bios screen comes

You will get the bios configuration utility like below. Since I have installed 3 hard disks with 2T capacity ,you can see a window like below ()

2) As you can see above window currently there are no any physical disk configured.
So we have to create a new virtual hard disk 

3) In this window you have below options to configure raid and other  basic & advance settings 

• RAID Level
• PD Per Scan
• Physical Disks Section
• Basic Settings
  • VD Size
  • VD Name
• Advanced Settings
• Stripe Element Size
• Read Policy
• Write Policy
• Force WB with no battery
• Initialize
• Configure Hot Spare

3) Select the raid 5 from the level selection window

4)Select the physical discs that you want to add to the raid array

(You can use Tab & Space bar to do the selection)

5)Set The basic Settings . Since i have installed 3 x 2T disks i got 3725GB as total size. And we can assign a name to the array as well.

6) In advance settings do not change any values and leave them as it is. 

7) Jump to ok button and press ok

8) Ok now we are done with the creating an array of VD
before start we have to initialized it.

9) There are 2 options you have to select
i) Normal initialization - This will take a lot of time (Depend on the size)
ii)Fast initialization - This will complete within seconds

So i have selected 2nd option to speed up the process

10) Once initialization done you will get a message like below

11) Ok now you are done with raid 5 configurations. now restart the server. You will see the configured raid in bios menu

Now its time to ROCK !! :)

Configure RAID 5 on dell T320 Server

Configure RAID 5 on Dell T320 Server with 3 hard disks


1) Go to the raid configuration utility first (Ctrl + R).  You can see the buttons you have to pressed when bios screen comes

You will get the bios configuration utility like below. Since I have installed 3 hard disks with 2T capacity ,you can see a window like below ()

2) As you can see above window currently there are no any physical disk configured.
So we have to create a new virtual hard disk 

3) In this window you have below options to configure raid and other  basic & advance settings 

• RAID Level
• PD Per Scan
• Physical Disks Section
• Basic Settings
  • VD Size
  • VD Name
• Advanced Settings
• Stripe Element Size
• Read Policy
• Write Policy
• Force WB with no battery
• Initialize
• Configure Hot Spare

3) Select the raid 5 from the level selection window

4)Select the physical discs that you want to add to the raid array

(You can use Tab & Space bar to do the selection)

5)Set The basic Settings . Since i have installed 3 x 2T disks i got 3725GB as total size. And we can assign a name to the array as well.

6) In advance settings do not change any values and leave them as it is. 

7) Jump to ok button and press ok

8) Ok now we are done with the creating an array of VD
before start we have to initialized it.

9) There are 2 options you have to select
i) Normal initialization - This will take a lot of time (Depend on the size)
ii)Fast initialization - This will complete within seconds

So i have selected 2nd option to speed up the process

10) Once initialization done you will get a message like below

11) Ok now you are done with raid 5 configurations. now restart the server. You will see the configured raid in bios menu

Now its time to ROCK !! :)