0 votes

I asked this question last year, but have just dealt with running the commands manually since as I was unable to work out a solution. https://www.adaxes.com/questions/10506/how-to-connect-to-ms-teams-using-adaxes

It seems this is a common question as it was asked by someone else a short time later - https://www.adaxes.com/questions/10722/is-there-a-way-to-connect-to-ms-teams-via-adaxes-powershell

Has anyone found a proper way to connect to Teams powershell and run basic commands?

I have found this script provided two days ago - https://www.adaxes.com/questions/11982/is-there-a-way-to-add-users-to-ms-teams-groups-from-adaxes and tried to modify it, but no luck so far - I get an error that the user does not have a teams account when manually running the script, and when running the scheduled task nothing happens.

Initially I got an error (didn't realise you had to specify the account to run the task as, even though it's the same as the service account that runs adaxes, seems a bit backwards!) and now the task runs, but does not seem to work. There is no logs as to what the script achieves.

Here is the script as I have made it. I have set it up as a scheduled task, and want it to run after a new user has been created - I can flesh it out later on and make it only run on users with some attribute set somewhere, but for now I just want it to run at all (and work!) For now I have set it to run over a test OU, and both users in it are definitely synced up to Office 365.

# Get saved credentials
$username = $Context.RunAs.UserName
$password = $Context.RunAs.Password | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($username, $password)

try
{
    # Get the object ID in Microsoft 365
    $objectId = ([Guid]$Context.TargetObject.Get("adm-O365ObjectId")).ToString()
}
catch
{
    return # The user doesn't have a Microsoft 365 account
}

try
{
    # Get the user in Microsoft Teams
    Connect-MicrosoftTeams -Credential $credential
    $user = Get-CsOnlineUser -Filter "Identity -eq '$objectId'"

    if ($NULL -eq $user)
    {
        $Context.LogMessage("The user does not have a Microsoft Teams account", "Information")
        return # User does not exist in Microsoft Teams
    }

   Set-CsUser -Identity $user -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
   Grant-CsOnlineVoiceRoutingPolicy -Identity $user -PolicyName “Worldwide”
   Grant-CsCallingLineIdentity -Identity $user -PolicyName "No DDI Auckland"
}
finally
{
    # Close the connection and release resources
    Disconnect-MicrosoftTeams
}

I'm running Adaxes 2021.1, Version 3.14.18804.0, and I believe I've got Teams powershell 2.3.1 installed

I attempted to follow Adaxes's other suggestion here to swap our service account to an Application Account - https://www.adaxes.com/script-repository/connect-to-microsoft-teams-s615.htm

However they do not specify what permissions to grant here:

"Click Add a permission. Click Microsoft Graph. Click Application permissions. Select the permissions required to accomplish tasks in your script. Click Add permissions "

So I have reverted to the service account setup, as I am desktop support not Azure Magician and do not know what API's teams falls under.

related to an answer for: How to connect to MS Teams using Adaxes
by (180 points)

1 Answer

0 votes
by (7.5k points)

Hello,

Has anyone found a proper way to connect to Teams powershell and run basic commands?

Currently, it is possible to connect to Microsoft Teams using only the credentials of a user account. The credentials can be specified in the Run As section of the Run a program or PowerShell script action using the This account option. image.png

I'm running Adaxes 2021.1, Version 3.14.18804.0, and I believe I've got Teams powershell 2.3.1 installed

You need to update the Microsoft Teams PowerShell module to version 4.0.0 or later. There are known issues in version 2.3.1 of the module.

I attempted to follow Adaxes's other suggestion here to swap our service account to an Application Account

You can register Adaxes as an application in Azure and use the application account to manage your Microsoft 365 tenant in Adaxes. However, according to our tests, the Connect-MicrosoftTeams cmdlet does not work when an application account access token is specified, it looks like there is a bug in the cmdlet. The cmdlet works only when the credentials of a user account are specified.

Here is the script as I have made it.

The Get-CsOnlineUser, Grant-CsOnlineVoiceRoutingPolicy, and Grant-CsCallingLineIdentity cmdlets do not accept a user object in the Identity parameter. To identify a user, the Identity property can be used. In this case, the command should look like this:

Set-CsUser -Identity $user.Identity -EnterpriseVoiceEnabled $true -HostedVoiceMail $true

Additionally, please, note that the following command will not find a user if no Microsoft 365 license is assigned to the user:

Get-CsOnlineUser -Filter "Identity -eq '$objectId'"

We updated the script you provided and tested it, it should work just fine. Please, find it below.

# Get saved credentials
$username = $Context.RunAs.UserName
$password = $Context.RunAs.Password | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($username, $password)

try
{
    # Get the object ID in Microsoft 365
    $objectId = ([Guid]$Context.TargetObject.Get("adm-O365ObjectId")).ToString()
}
catch
{
    return # The user doesn't have a Microsoft 365 account
}

try
{
    # Get the user in Microsoft Teams
    Connect-MicrosoftTeams -Credential $credential
    $user = Get-CsOnlineUser -Filter "Identity -eq '$objectId'"

    if ($NULL -eq $user)
    {
        $Context.LogMessage("The user does not have a Microsoft Teams account", "Information")
        return # User does not exist in Microsoft Teams
    }

   Set-CsUser -Identity $user.Identity -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
   Grant-CsOnlineVoiceRoutingPolicy -Identity $user.Identity -PolicyName "Worldwide"
   Grant-CsCallingLineIdentity -Identity $user.Identity -PolicyName "No DDI Auckland"
}
finally
{
    # Close the connection and release resources
    Disconnect-MicrosoftTeams
}
0

Brilliant answer, thankyou.

I tried the code myself but was getting errors:

Get-CsOnlineUser : Expected literal (number, boolean, or null). Was '<'.
At line:1 char:1
+ Get-CsOnlineUser -identity $user
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-CsOnlineUser], ParserExcepti
    + FullyQualifiedErrorId : Microsoft.Teams.ConfigApi.Cmdlets.GetCsOnlineUser

and I realised that in your solution you provided the answer, but didn't include it in the end script

So the full solution would be to get the user, and then when running the commandto pass the $user.identity instead of just $user:

# Get saved credentials
$username = $Context.RunAs.UserName
$password = $Context.RunAs.Password | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($username, $password)

try
{
    # Get the object ID in Microsoft 365
    $objectId = ([Guid]$Context.TargetObject.Get("adm-O365ObjectId")).ToString()
}
catch
{
    return # The user doesn't have a Microsoft 365 account
}

try
{
    # Get the user in Microsoft Teams
    Connect-MicrosoftTeams -Credential $credential
    $user = Get-CsOnlineUser -Filter "Identity -eq '$objectId'"

    if ($NULL -eq $user)
    {
        $Context.LogMessage("The user does not have a Microsoft Teams account", "Information")
        return # User does not exist in Microsoft Teams
    }

   Set-CsUser -Identity **$user.Identity** -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
   Grant-CsOnlineVoiceRoutingPolicy -Identity **$user.Identity** -PolicyName “Worldwide”
   Grant-CsCallingLineIdentity -Identity **$user.Identity** -PolicyName "No DDI Auckland"
}
finally
{
    # Close the connection and release resources
    Disconnect-MicrosoftTeams
}

Now to just add this to a sheduled task so it runs after a new user is created, and I'm a happy chappy - thankyou!

Related questions

+1 vote
1 answer

Hi all, Just wondering how I would go about connecting to Teams using Adaxes? I need to perform the following modifications to users: Set-CsUser -Identity &lt;UPN&gt ... make Adaxes connect to Teams using the Connect-Microsoftteams command and run the above?

asked Feb 24, 2021 by TheLexicon (180 points)
0 votes
1 answer

Hi, I need to start Adaxes scheduled task from Powershell console running on another host. How can I do that?

asked May 21, 2020 by KIT (570 points)
0 votes
0 answers

I'm trying to setup a quick automations to drop a notification into a Micrsoft Teams feed using their Webhook integration. I've managed to make Webhooks work ... -body $body -ContentType 'application/json' Any assistance with this would be gratefully received

asked Jan 20, 2020 by richarddewis (260 points)
0 votes
1 answer

How to I block users from running custom commands? i can't locate this functionality. :?:

asked Sep 2, 2011 by BeaconlightBoy (80 points)
0 votes
0 answers

Trying to configure a custom launcher in Thycotic Secret Server that will launch Adaxes on the user's local machine with the username and password passed as parameters. Has anyone made this work?

asked May 20 by amillard (20 points)
2,886 questions
2,605 answers
6,768 comments
119,849 users