Finding a list of users who don't have an exchange license

Copper Contributor

I am the O365 admin for my company, and my boss recently asked me to give him a list of all regular users in our AD trees who weren't licensed online for Exchange.  This has turned out to be more complicated than I thought it would be.

 

We are in the process of migrating users from on-prem to the cloud, and we are trying to head off any problems with on-prem users who somehow didn't get a o365 license.  Those cause real problems when a user's on prem email gets migrated to the cloud and it turns out he/she doesn't have a license beforehand.

 

The exchange admin and I have been playing around with powershell, and this is the best command that we have been able to come up with.

Get-MsolUser -All | where {  $_.isLicensed -eq $true} | export-csv -notype -path xxxx ;

 

While that technically works, it gives me a lot of stuff that I don't want.  It gives me all the contractors, who we aren't moving and are not buying licenses for, as well as disabled users, system accounts, and so on.  

 

One good thing about this is that it has shown me that we are syncing more than I thought we were, (like the disabled and service accounts), but now I have to figure out how to remove all that junk from the final report.  

 

Unfortunately there are a LOT of AD fields that don't come across to Azure AD.  I assume this means I'll have to run a couple different commands.  The first one against AAD, and then another against regular AD.

 

Can anyone point me towards a PS command that I could run against AD that I could use to take my current exported csv file, and try to find out if the user is in the OU that has the word "contractors" in it?  (Each of our locations has a users/contractors OU under it where all contractors are placed).  I have the UPN for every user which I assume could be tied back to AD.

 

We also have a separate OU under each location OU for disabled users.  I assume I could filter out that as well somehow.

 

My list of users with no exchange license is several thousand long, and I'd REALLY prefer to not have to do this manually.  I'm kind of lazy that way.  :)

 

Thanks in advance for your help.

Ted

 

6 Replies

MSOLLicenseManagementProvides in the PowerShell Gallery may be what your looking for. It functions to simplify the management of License Assignment, Swapping, Updating, and Reporting in Office 365.
https://www.powershellgallery.com/packages/MSOLLicenseManagement/1.0.12

For what's worth, putting users (special non users accounts) into LostAndFound in AD will make them not to sync to AAD. 

Thanks for your reply and link.   

 

I'm not even remotely a powershell guru, so I'm not familiar with how adding extra modules in will affect things long term.  If I download and install that module, are there any risks to that?

 

Part of my problem is that I got a new computer recently, and I'm having a heck of a time figuring out which modules I had loaded on my last computer.  Some of the commands I used to run no longer work, and I can't figure out what they were from.  I'm a little nervous now about loading any other modules that later I'm not going to remember I loaded.

 

Thanks again for your help.

Thanks for the reply.  I wasn't aware of the L&F feature, but we probably won't be able to use it.  My company has around 50 or so location specific OU's, and under each one is a Users OU, and then under that is a Disabled OU.  Any time a user leaves the company their account is disabled and then they are moved to that OU.

 

I thought we had set up AAD to not sync all of those Disabled OU's, (in fact I vaguely remember how much of a pain it was to configure all of those exceptions), but for some reason that must have changed after it was set up.  We'll have to go back now and figure out what that is no longer happening.

This would probably be a good start for you to review in regards to the modules needed for Office 365. https://docs.microsoft.com/en-us/office365/enterprise/powershell/getting-started-with-office-365-pow...

One example:

Using on-prem Exch PS:

$list = Get-Mailbox  -resultsize unlimited | ?{$_.OrganizationalUnit -notmatch 'Contractors'}

 $list.userprincipalname > list.txt

 

Then using Ex Online PS:

$list = gc .\list.txt

foreach ($id in $list) {get-msoluser -UserPrincipalName $id | ?{$_.IsLicensed -eq $false }}

 

That will give you a list of users not licensed.

 

Manipulate or change search as you see fit.