I'm trying to do something that I don't think should be too complicated of a fix. My end goal: I have certain users in one AD OU that need to use a certain license in Office 365, and different users in a different OU that get a different license.
The command that I'd like to run is:
Get-ADUser -Filter * -SearchBase "ou=test,dc=our,dc=domain,dc=edu" | Set-MsolUserLicense -AddLicenses ourorg:STANDARDWOFFPACK_IW_STUDENT
but that fails with a response of:
Set-MsolUserLicense : The input object cannot be bound because it did not contain the information required to bind all mandatory parameters: ObjectId At line:1 char:111 + Get-ADUser -Filter * -SearchBase "ou=Test students,ou=Students,dc=campus,dc=org,dc=edu" | Set-MsolUserLicense <<<< -AddLicenses nwcu:STANDARDWOFFPACK_IW_STUDENT
Individually, both of these commands work. I can select all users in the OU, and I can also manually use the Set-MsolUserLicense command with -UserPrincipalName to license a single user.
Is this because Get-ADUser doesn't return ObjectID like Set-MsolUserLicense is looking for? Get-ADUser does return ObjectGUID. If I'm on the right track here, is there a way to map these together for the piped input?
Edit: I'm aware the popular ways of doing this involve uploading a CSV file for this, and I know I could CSV-Export these users, but I already have them so neat and tidy in OUs, so I'd love to do this with now import/export if possible.
Thanks in advance!
Best Answer
You definitely want to use a for-each loop to enumerate each user and apply the license. The loop needs to call up the
.UserPrincipalNamefrom each object returned in yourGet-ADUserquery, as Office365 needs to work with that value when setting licenses:I have created my own answer here to explain a common case that I think you're describing in your question: You don't want to blanket apply the same license options to everyone.
A TechNet Blog on this matter is immensely helpful. You may not want to give your Finance team access to SharePoint Online/OneDrive for Business for data leakage reasons, or you may have a call center who you don't want to enable for Lync/Skype for Business.
To get information on your tenant, start at the top:
Get-MSOLAccountSkuThis will return the license packs you have in your tenant. Some common SKUs are ENTERPRISEPACK and DESKLESSPACK. These will be listed by
yourorg:LICENSEPACKunder AccountSkuId.It is important to note that each of these License packs can have features disabled from them when you apply via PowerShell (similarly, you can choose to check/uncheck option boxes in the Admin Center).
To create this subset of license options, create a new variable and leverage the
New-MSOLLicenseOptionscmdlet:$LicOpt = New-MsolLicenseOptions -AccountSkuId "yourorg:ENTERPRISEPACK" -DisabledPlans OFFICESUBSCRIPTION,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,RMS_S_ENTERPRISE(The above options would correspond to the screenshot above, I'm sure you could guess that I totally pulled it from a provisioning script.)
Finally, we can tie this back to your
Set-MsolUserLicensein your ForEach loop:As always, your tenant may vary. I hope I've given enough info for you to discover the options available and apply appropriately!