May 20 2020 08:46 AM - edited May 20 2020 08:47 AM
Hello
To the point:
We are managing clients tenants through Partner Centre - However, there is limited controls. i.e. Cannot properly manage SharePoint, Convert users mailboxes to Shared Mailboxes, manage Teams etc. Therefor the only way around this that I can tell is to create all our service desk users as users in each client tenant. Then assign the appropriate admin roles they require
Through PowerShell, we can create users using Delegated Access, creating a CSV listing:
UserPrincipalName,FirstName,LastName,DisplayName,Password,TenantId,UsageLocation,LicenseAssignment
Then in PowerShell - we can get a list of all our clients "Tenant ID's" then substitute them into the CSV
And we require to add each users UPN to match the clients active domain name. i.e. contoso.onmicrosoft.com
We then can run the following for a single client tenant and it will create the users
Import-Csv .\FILENAME.CSV | foreach {New-MsolUser -UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -Password $_.Password -UsageLocation $_.UsageLocation -LicenseAssignment $_.LicenseAssignment -ForceChangePassword:$true -PasswordNeverExpires:$true -TenantId $_.TenantId}
When a user leaves, we simple run a removal script to remove the service desk user from the client's Microsoft tenant.
The Problem
We have almost 90 clients we are managing from our service desk, we want to be able to have 1 list of our users and run the script to loop through each tenant ID and create the users.
We seem to have this almost down, however the UPN bit is what is catching us.
When creating a New-MsolUser when you get to the -UserPrincipleName we not sure how to automate and append each clients "@contoso.onmicrosoft.com" address to each user in our user list.
-- Currently we have it like this: (may still not be right but just trying to fudge the idea together to perhaps find a way of doing it:
$cred = Get-Credential
Import-Module MsOnline
Connect-MsolService -Credential $cred
Get-MsolPartnerContract -All | ForEach {
Import-Csv -Path <Input CSV File Path and Name> | foreach -TenantId $_.TenantId.Guid {New-MsolUser -DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -UsageLocation $_.UsageLocation -LicenseAssignment $_.AccountSkuId -Password $_.Password -ForceChangePassword:$true -PasswordNeverExpires:$true}
}
any ideas or clues would be great, we've referenced this so far: https://docs.microsoft.com/en-us/office365/enterprise/powershell/manage-office-365-tenants-with-wind...
May 20 2020 09:41 AM
It's been a long time since I had a partner account, but you should be able to get the domain name from the output of Get-MsolPartnerContract, or just call Get-MsolDomain for each tenant? Then append to the UPN.
May 21 2020 01:20 AM
Thanks, @Vasil Michev
I thought this too but I get all the clients domains, if I filter by -Match ".onmicrosoft.com" I get mostly 2 returns.
contoso.mail.onmicrosoft.com and contoso.onmicrosoft.com
May 21 2020 03:08 AM
SolutionWorked it out :D
Get-MsolPartnerContract -All | ForEach {
$tenantprefix = [string]$_.DefaultDomainName
$TenantId = [string]$_.TenantId.Guid
Import-Csv .\users1.csv | foreach {
$newUPN = $_.UserPrincipalName + "@" + $tenantprefix
$newUPN = [string]$newUPN
New-MsolUser -DisplayName $_.DisplayName -UserPrincipalName $newUPN -Password $_.Password -ForceChangePassword:$true -PasswordNeverExpires:$true -TenantId $TenantId
}
}
May 21 2020 03:08 AM
SolutionWorked it out :D
Get-MsolPartnerContract -All | ForEach {
$tenantprefix = [string]$_.DefaultDomainName
$TenantId = [string]$_.TenantId.Guid
Import-Csv .\users1.csv | foreach {
$newUPN = $_.UserPrincipalName + "@" + $tenantprefix
$newUPN = [string]$newUPN
New-MsolUser -DisplayName $_.DisplayName -UserPrincipalName $newUPN -Password $_.Password -ForceChangePassword:$true -PasswordNeverExpires:$true -TenantId $TenantId
}
}