making office365 users by powershell script, with certified domains


It’s been a while since I last added a user to a office 365 subscription that tied back to the IDP in our certified domain.

I failed to make one using the office admin portal (since no drop downs appear for the certified domains, only the *.onmicrosoft.com domain). Similarly, I failed to use the Azure AD portal, for users, for the same reason.

So lets revise what we remember to do, using scripting:

param ($name) $msolcred = Get-Credential -UserName admin@netmagic.onmicrosoft.com -Message "password for netmagic is FRED!" Connect-MsolService -Credential $msolcred Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" -Verbose $upn = $name + "@rapmlsqa.com" $displayname = $name + "_at_Rapattoni" $guid = [GUID]::NewGuid() $guidstring = $guid.ToString(); $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) $base64ofstring = [System.Convert]::ToBase64String( [System.Text.Encoding]::Ascii.GetBytes($guidstring)) echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential $false"

A variant:

1 param([string[]]$args) 2 3 $msolcred = Get-Credential -UserName admin@netmagic.onmicrosoft.com ` 4 -Message "password for netmagic is Fred!" 5 Connect-MsolService -Credential $msolcred 6 7 $setfed = Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" 8 $alog = $setfed.ActiveLogOnUri 9 10 $strarr = $alog.Split('/') 11 $len = $strarr.Length 12 13 $linkid = $strarr[$len - 1] 14 $tenant = $strarr[$len - 2] 15 16 17 Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" -Verbose 18 19 20 echo $linkid 21 echo $tenant 22 echo "" 23 24 foreach ($name in $args) { 25 26 $upn = $name + "@rapmlsqa.com" 27 28 $displayname = $name + "_at_Rapattoni" 29 30 $guid = [GUID]::NewGuid() 31 $guidstring = $guid.ToString(); 32 $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) 33 $base64ofstring = [System.Convert]::ToBase64String( 34 [System.Text.Encoding]::Ascii.GetBytes($guidstring)) 35 echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring 36 -lastname At_Rapattoni –firstname $name 37 –Displayname $displayname 38 -BlockCredential $false" 39 } 40 41

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in office365. Bookmark the permalink.