Send for approval when O365 license purchase is needed

General discussion of using Adaxes for Active Directory management and administration
ryan_breneman
Posts: 62
Joined: Fri Feb 21, 2014 7:27 am

Send for approval when O365 license purchase is needed

Mon Jul 01, 2019 1:54 pm

Hello,

I'm looking for a way to receive a notification/approval request when a new user is created and the business rule attempts to assign O365 licensing, however there are no available licenses. Typically we purchase these licenses as needed so we're not paying monthly for something that we aren't using. I understand there is no PowerShell way to script the purchase of a license and I don't want to cancel the new user operation due to the missing license. Is it possible to detect this and send the job for approval. I have a screenshot of our business rule below. Basically what I want to happen is pause at the activate O365 license step and wait for a license to be purchased, before continuing as the other remaining steps like assigning a Microsoft Teams phone number will be dependent on the license being assigned.

Looking for any suggestions!
Thanks so much!
Adaxes_NewUserRule.png
Adaxes_NewUserRule.png (158.38 KiB) Viewed 448 times

User avatar
Support
Site Admin
Posts: 2373
Joined: Thu Apr 23, 2009 2:28 am

Re: Send for approval when O365 license purchase is needed

Wed Jul 10, 2019 5:34 am

Hello Ryan,

You can configure the Active an Office 365 account for the user action to always be submitted for approval. However, the approval request notification will contain the action description which does not explain why the operation was sent for approval and the approver might not check whether a license purchase is required. If you want to add the explanation to the notification, you can specify Custom Action Description for the action.
Alternatively, you can create a Business Rule to send the operation for approval if there is attempt to assign a license which ran out. Unfortunately, there will be no possibility to specify a hint for approvers in this case rather than changing the description of the Active an Office 365 account for the user action in the Business Rule you already have.
Please, specify which approach meets your needs best and we will provide you with detailed instructions.
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

ryan_breneman
Posts: 62
Joined: Fri Feb 21, 2014 7:27 am

Re: Send for approval when O365 license purchase is needed

Fri Jul 12, 2019 8:21 am

Hi Support,

I've been giving this some thought as to how I want to handle. In the log output as shown below it tells me there is no available license. Is it possible to catch that error and trigger an email to someone telling them a license needs purchased? Being able to add additional information to the email like the license name, and the user that needs the licensed assigned would be great.
Adaxes_O365License.png
Adaxes_O365License.png (12.09 KiB) Viewed 297 times
Also, I have 4 different licenses added to a new user. It attempts the MCOPSTN1 license first and finds no available licenses but doesn't attempt the others, even though they do in fact have available licenses. Any way to allow the job to continue trying the additional licenses?

Thanks so much!
Ryan

User avatar
Support
Site Admin
Posts: 2373
Joined: Thu Apr 23, 2009 2:28 am

Re: Send for approval when O365 license purchase is needed

Wed Jul 17, 2019 3:42 am

Hello Ryan,
ryan_breneman wrote:
Fri Jul 12, 2019 8:21 am
I have 4 different licenses added to a new user. It attempts the MCOPSTN1 license first and finds no available licenses but doesn't attempt the others, even though they do in fact have available licenses. Any way to allow the job to continue trying the additional licenses?
It can be done by assigning the licenses in a PowerShell script. The missing licenses should be assigned manually after their replenishment.
ryan_breneman wrote:
Fri Jul 12, 2019 8:21 am
Is it possible to catch that error and trigger an email to someone telling them a license needs purchased? Being able to add additional information to the email like the license name, and the user that needs the licensed assigned would be great.
It can be done only via a script. The script will check the licenses availability and assign the licenses whose amount is sufficient. If one or more licenses are not available, the script will send an email notification about the licenses lack to the recipients specified in the script. If the solution meets your needs, we will provide you with the script.

Also, you can use s Scheduled Task to send notifications when the number of unused Office 365 licenses falls below a limit using the following script from our repository: https://www.adaxes.com/script-repositor ... t-s446.htm.
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

ryan_breneman
Posts: 62
Joined: Fri Feb 21, 2014 7:27 am

Re: Send for approval when O365 license purchase is needed

Wed Jul 17, 2019 10:35 am

That sounds perfect. If you would be able to provide a script that can apply the licenses for multiple SKUs, skipping if no licenses available, and then for any of the SKUs where a license is not available trigger an email notification that would be awesome!

Thank you so much!!
Ryan

User avatar
Support
Site Admin
Posts: 2373
Joined: Thu Apr 23, 2009 2:28 am

Re: Send for approval when O365 license purchase is needed

Wed Jul 17, 2019 11:12 am

Hello Ryan,

Could you, please, clarify if the email notifications should be sent for each SKU where a license is not available or there should be one notification for all the unavailable licenses?
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

ryan_breneman
Posts: 62
Joined: Fri Feb 21, 2014 7:27 am

Re: Send for approval when O365 license purchase is needed

Wed Jul 17, 2019 12:51 pm

It could be one summary email, but would need to list the individual SKUs in the email body for which additional licenses need purchased. Would also be helpful if the email body could have some other details like the username for which the script is assigning licensing to as well as the initiator that triggered the script to run.

Thanks!

User avatar
Support
Site Admin
Posts: 2373
Joined: Thu Apr 23, 2009 2:28 am

Re: Send for approval when O365 license purchase is needed

Thu Jul 18, 2019 10:09 am

Hello Ryan,

Thank you for the clarification. The script should be used in a Business Rule triggering Before modifying Office 365 properties of a user. To create the rule:
  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your Adaxes service node.
  3. In the context menu, navigate to New and click Business Rule.
    Create.business.rule.png
    Create.business.rule.png (7.03 KiB) Viewed 145 times
  4. On step 2 of the Create Business Rule wizard, select the User object type.
  5. Select Before modifying Office 365 properties of a user and click Next.
    Before.modifying.office365.properties.png
    Before.modifying.office365.properties.png (14.24 KiB) Viewed 145 times
  6. Click Add an action.
  7. Select Run a program or PowerShell script.
  8. Paste the below script into the Script field. In the script:
    • $to – specifies email addresses of the recipient(s) of the report;
    • $subject – specifies the email message subject;
    • $reportHeader – specifies the email message header;
    • $reportFooter – specifies the email message footer.

    Code: Select all

    # E-mail settings
    $to = "recipient@domain.com" # TODO: modify me
    $subject = "List of Office 365 plans that have no licenses available" # TODO: modify me
    $reportHeader = "<h2>List of Office 365 plans that have no licenses available</h2>" # TODO: add username and initiator to the report
    $reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
    
    # Get the licenses whose modification was requested
    $requestedLicenses = $Context.GetModifiedPropertyValues("adm-O365AccountLicenses")
    
    if (-not $requestedLicenses)
    {
        # No licenses modification was requested
        return
    }
    
    # Bind to the associated tenant
    $associatedTenantDN = $Context.TargetObject.AssociatedTenantDN
    if ([System.String]::IsNullOrEmpty($associatedTenantDN))
    {
        $Context.LogMessage("No associated tenant", "Warning")
        return
    }
    $tenant = $Context.BindToObjectByDN($associatedTenantDN)
    
    # Check the requested licenses
    $availableLicenses = New-Object System.Collections.ArrayList
    $unavailableLicenses = New-Object System.Collections.ArrayList
    foreach ($requestedLicense in $requestedLicenses)
    {
        # Get SKU from license string
        $requestedSKU = ($requestedLicense.split(",")[0]).substring(1)
    
        # Get SKU from tenant
        $skuFromTenant = $tenant.Skus | Where{$_.SkuPartNumber -eq $requestedSKU}
    
        # Check available licenses
        if ($skuFromTenant.TotalUnits -eq $skuFromTenant.ConsumedUnits)
        {
            # Add the license to the list of unavailable
            $unavailableLicenses.Add($skuFromTenant.DefaultDisplayName)
            continue
        }
    
        # Add the license to the list for assignment
        $availableLicenses.Add($requestedLicense)
    }
    
    # Update the list of licenses for assignment
    if (-not $unavailableLicenses)
    {
        return
    }
    if($availableLicenses.Count -gt 0)
    {
        $Context.SetModifiedPropertyValues("adm-O365AccountLicenses", $availableLicenses)
    }
    
    # Build report
    $report = $NULL
    $report += "<p>The following licenses are unavailable and were not assigned to %fullname%:</br>"
    foreach ($unavailableLicense in $unavailableLicenses)
    {
        $report += "<b>$unavailableLicense</b></br>"
    }
    $report += "</br>Initiator of the operation: %adm-InitiatorFullName%</p>"
    $html = $reportHeader + $report + $reportFooter
    
    # Send mail
    $Context.SendMail($to, $subject, $NULL, $html)
    Run.powershell.script.png
    Run.powershell.script.png (9.33 KiB) Viewed 145 times
  9. Enter a short description and click OK.
  10. Click Next and finish creating the Business Rule.
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

ryan_breneman
Posts: 62
Joined: Fri Feb 21, 2014 7:27 am

Re: Send for approval when O365 license purchase is needed

Fri Jul 19, 2019 7:13 am

This is awesome, it works perfectly!! Thanks so much!! Really appreciate your time to help me with this.

One minor little tweak that I hope would be easy. Is it possible to output the display name of the license instead of the SKU in the email? The people getting this email will be utilizing the O365 admin center to purchase additional licenses and wouldn't know the SKU correlation.
Adaxes_O365LicenseEmail.png
Adaxes_O365LicenseEmail.png (23.45 KiB) Viewed 126 times
Thanks again!
Ryan

User avatar
Support
Site Admin
Posts: 2373
Joined: Thu Apr 23, 2009 2:28 am

Re: Send for approval when O365 license purchase is needed

Fri Jul 19, 2019 8:57 am

Hello Ryan,

That is exactly what the script does. It includes the default display names of unavailable licenses into the report. MCOPSTN1 is a display name of a license, not an SKU Part Number. As a solution, you can specify custom user-friendly display names for all Office 365 licenses in the settings of your tenant and update the script to use the display names. For information on how edit the license display names, have a look at the following help article (point 8): https://www.adaxes.com/help/?HowDoI.Per ... Plans.html.
To update the script, replace the line

Code: Select all

$unavailableLicenses.Add($skuFromTenant.DefaultDisplayName)
with the following one

Code: Select all

$unavailableLicenses.Add($skuFromTenant.CustomDisplayName)
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 2 guests