Office 365 License User and Provision OneDrive via Powershell Scheduled Task

Issue:

Office 365 accounts and Active Directory can be synchronized, but licensing the users and provisioning OneDrive takes some extra steps.  If a user does not have licensing specified they cannot use Office 365 applications.  Licensing 20 users at a time via the online interface is tedious and doing so long term for new users is even more tedious.

If the user does not have OneDrive provisioned they cannot login to Office 365 via the iPad Office applications (Word, Excel, PowerPoint).  The login fails even if the user has a license and correctly specifies their username and password.  OneDrive is provisioned by going to the OneDrive online application for the first time.  Training new users to take this extra step is difficult and tedious.  New users become frustrated quickly and do not understand why it doesn’t just work as expected.

Solution:

Automate the Office 365 user licensing and OneDrive provisioning process for new users:

Generate Encrypted Password File for Office 365 global admin user.  The password is stored and later used.  This is a security risk, but is necessary for automation.  If you don’t want the security risk you can run the second script manually and specify the password at run time.

$passwordfile = 'c:\ScheduledTasks\passwordfile.txt'

$secpasswd = ConvertTo-SecureString "GlobalAdminPassword" -AsPlainText -Force
$secpasswd | ConvertFrom-SecureString | Out-File $passwordfile

Once you have the password file you can bring it into the next script and use it to connect to Office 365.  Run the script from your active directory and Office 365 synchronization server.  Make sure your Office 365 global admin user has a license for Onedrive and is provisioned (you just login to the web interface and click on OneDrive).   Make sure to the items below are installed

Reboot the server after any installs.  Make sure that scripting permissions are allowed for the Office 365 global administrator Tile -> Admin -> Admin -> SharePoint -> Settings.  The script below adds the license for any unlicensed users and provisions their OneDrive as well.  After you test and verify that it is working for you, you can make a scheduled task and have it run automatically.

#This script automatically licenses Office 365 unlicensed users and Provisions OneDrive/Personal Site for the new users

Import-Module MSOnline
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking


#Fix Powershell ISE and powershell to be able to run .net 2.0 and .net 4.0 code and clr version for powershell     
#    or     http://stackoverflow.com/questions/2094694/how-can-i-run-powershell-with-the-net-4-runtime
#Azure AD Module (x64): http://go.microsoft.com/fwlink/p/?linkid=236297  or https://msdn.microsoft.com/en-us/library/jj151815.aspx
#.NET 4.5.1 or 4.5.2
#SharePoint Online SDK? install https://www.microsoft.com/en-us/download/details.aspx?id=42038
#SharePoint Online Management Shell https://www.microsoft.com/en-us/download/details.aspx?id=35588
#Microsoft Online Services Sign-In Assistant https://www.microsoft.com/en-us/download/details.aspx?id=28177
#Powershell 3.0 https://www.microsoft.com/en-us/download/details.aspx?id=34595
#Make sure one drive for admin account already has onedrive provisioned and licensed for onedrive
#Tile -> Admin -> Admin -> SharePoint -> Settings ->
#SharePoint Online Management Shell https://technet.microsoft.com/en-us/library/fp161372.aspx
#Turn Scripting capabilities on in Office365  https://support.office.com/en-us/article/Turn-scripting-capabilities-on-or-off-1f2c515f-5d7e-448a-9fd7-835da935584f

#License Information: https://technet.microsoft.com/en-us/library/dn771773.aspx

#Office 365 Licensing list 
 

#Must be SharePoint Administrator URL
$webUrl = "https://[ORGANIZATION SITE]-admin.sharepoint.com";

#update and store password as necessary
$logfile = 'c:\ScheduledTasks\StudentLicensesAdded.txt';
$passwordfile = 'c:\ScheduledTasks\passwordfile.txt';

$username = "GlobalAdmin@contoso.com";

$secpasswd = Get-Content $passwordfile | ConvertTo-SecureString;

$mycreds = New-Object System.Management.Automation.PSCredential($username, $secpasswd);

#Connect to msolservice
connect-msolservice -credential $mycreds;



#test get user
#Get-MsolUser -UserPrincipalName johns@contoso.com

#testing

#Find and get all unlicensed Student Users and filter as desired
$unlicenseduserList = Get-MsolUser -All -UnlicensedUsersOnly -Synchronized | where { $_.UserPrincipalName -like "8*" };

#License Options to disable    
#View your licenses
#Get-MsolAccountSku
#License Information:   https://technet.microsoft.com/en-us/library/dn771773.aspx
$myO365Sku2 = New-MsolLicenseOptions -AccountSkuId "[ORGANIZATION SITE]:[LICENSE NAME]" -DisabledPlans EXCHANGE_S_STANDARD, MCOSTANDARD;

#Setup/license new users in Office 365
if ($unlicenseduserList)
{
    foreach ($eachuser in $unlicenseduserList)
    {
        Write-Host "Assigning License to user:";
        Write-Host $($eachuser.UserPrincipalName);
		
		#Change your location as necessary
        Set-MsolUser -UserPrincipalName $eachuser.UserPrincipalName -UsageLocation "US";
        
		#This activates the licenses and all plans are active
    	Set-MsolUserLicense -UserPrincipalName $eachuser.UserPrincipalName -AddLicenses "[ORGANIZATION SITE]:[LICENSE NAME]";
        #this disables the plans specified in the license options
    	Set-MsolUserLicense -UserPrincipalName $eachuser.UserPrincipalName -LicenseOptions $myO365Sku2;
    	$nstudent = $($eachuser.UserPrincipalName);
    	Add-Content $logfile $nstudent;
    }
}
else
{
    Write-Host "No Users to License";
}
Write-Host "Licensing Finished";


Write-Host "OneDrive Provisioning";

$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $secpasswd

Connect-SPOService -Url $webUrl -Credential $cred

Write-Host "Connected to site: $webUrl" -ForegroundColor Green;

#Test view all sites, connection working?
#Get-SPOSite

if ($unlicenseduserList)
{
	$usercount = 1;
	$usersToProvision = @();
	foreach ($eachuser in $unlicenseduserList)
	{
	
		#Break up the work into batches of 10 you can try up to 200
		if ($usercount -gt 10)
		{
			Write-Host "Provisioning OneDrive for users:";
			$usersToProvision;
			#CreatePersonalSiteEnqueueBulk does not work! use the code below instead
			Request-SPOPersonalSite -UserEmails $usersToProvision;
			$usersToProvision = @();
			$usercount = 1;
		}
		
		#Add to queue 
		
		$onedriveuser = [string]$($eachuser.UserPrincipalName);
		$usersToProvision += $onedriveuser;
		#Write-Host $onedriveuser;
		$usercount++;
	}
	
	#Run the last batch 
	if ($usercount -gt 1)
	{
		Write-Host "Provisioning OneDrive for users:";
		$usersToProvision;
		#CreatePersonalSiteEnqueueBulk does not work! use the code below instead
		Request-SPOPersonalSite -UserEmails $usersToProvision;
		$usersToProvision = @();
		$usercount = 1;
	}
}
else 
{
	Write-Host "No Users to Provision";
}




Write-Host "One Drive Provisioning Completed" ;
Disconnect-SPOService;

#to Test Provisioning succeeded
#Wait a few hours before testing
#Login to Office 365 using an account then hit the url below replacing username as desired
#https://[ORGANIZATION SITE]-my.sharepoint.com/personal/[UserPrincipalName replace "@" with "_"    and "." with "_"]

2 thoughts on “Office 365 License User and Provision OneDrive via Powershell Scheduled Task

  1. Pingback: Office 365 Mass Provision PersonalSite/OneDrive | Question Driven

  2. Pingback: Move Multiple Mailboxes to Exchange Online via Powershell | Question Driven

Leave a Reply

%d bloggers like this: