You definitely want to use a for-each loop to enumerate each user and apply the license. The loop needs to call up the .UserPrincipalName
from each object returned in your Get-ADUser
query, as Office365 needs to work with that value when setting licenses:
Get-ADUser | %{ Set-MSOLUserLicense -UserPrincipalName $_.UserPrincipalName }
I have created my own answer here to explain a common case that I think you're describing in your question: You don't want to blanket apply the same license options to everyone.
A TechNet Blog on this matter is immensely helpful. You may not want to give your Finance team access to SharePoint Online/OneDrive for Business for data leakage reasons, or you may have a call center who you don't want to enable for Lync/Skype for Business.
To get information on your tenant, start at the top:
Get-MSOLAccountSku
This will return the license packs you have in your tenant. Some common SKUs are ENTERPRISEPACK and DESKLESSPACK. These will be listed by yourorg:LICENSEPACK
under AccountSkuId.
It is important to note that each of these License packs can have features disabled from them when you apply via PowerShell (similarly, you can choose to check/uncheck option boxes in the Admin Center).
To create this subset of license options, create a new variable and leverage the New-MSOLLicenseOptions
cmdlet:
$LicOpt = New-MsolLicenseOptions -AccountSkuId "yourorg:ENTERPRISEPACK" -DisabledPlans OFFICESUBSCRIPTION,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,RMS_S_ENTERPRISE
(The above options would correspond to the screenshot above, I'm sure you could guess that I totally pulled it from a provisioning script.)
Finally, we can tie this back to your Set-MsolUserLicense
in your ForEach loop:
$LicOpt = New-MsolLicenseOptions -AccountSkuId "yourorg:ENTERPRISEPACK" -DisabledPlans OFFICESUBSCRIPTION,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,RMS_S_ENTERPRISE
Get-ADUser | %{ Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses "yourorg:ENTERPRISEPACK" -LicenseOptions $LicOpt }
As always, your tenant may vary. I hope I've given enough info for you to discover the options available and apply appropriately!
I've the same problem in my domain.
Someone manually create the o365 mailbox for users who already have an on-premise mailbox
I've found this way to fix it:
- Export office 365 mailbox in PST
- Remove office 365 user license (this will remove his cloud mailbox)
- Remove office 365 user from office 365 AD:
Remove-MsolUser -UserPrincipalName youruser@youroffice365domain.com -Force
Remove-MsolUser -UserPrincipalName youruser@youroffice365domain.com -RemoveFromRecycleBin -Force
- DirSync (recreate user in office 365 AD)
- Reassign the office 365 license for the user
- Migrate user to office 365
- Restore PST
I think is more simple and straightforward.
You can also re-migrate your mailbox on-prem (offboarding) if you need it.
Best Answer
I think the closest way to get what you want is the Azure Powershell module. You could use that scripted and locally to check if the user is online. The properties in the local active directory that Azure writes to is limited to group membership and password hashes. I don't believe the information you are looking for is stored on premise.