Script Repository


Assign/Revoke Office 365 licenses based on user group membership

November 13, 2018
462

The script assigns and revokes Office 365 licenses for a user based on the AD groups the user is a member of. If a user is a member of multiple groups or group memberships of a user are changed, the script adjusts assigned Office 365 licenses accordingly.

To assign and revoke licenses with the help of the script, create a Business Rule triggered After Adding or removing a member from a Group and include the groups used for Office 365 license assignment in its Activity Scope.

Parameters:

  • $locationProperty - specifies a property of the user account that will be used as the user location in Office 365. Locations of existing Office 365 accounts will not be modified;
  • $planNamesProperty - specifies a multi-value property of groups that stores SKU Part Numbers of Office 365 licenses that must be assigned to members of each group.
How to get the SKU Part Number of a license plan in Adaxes:
  1. In Adaxes Administration Console, expand the service node that represents your Adaxes service.
  2. Navigate to Configuration \ Cloud Services \ Office 365.
  3. Double-click the Office 365 Tenant to which the license belongs.
  4. Click the necessary license plan. The SKU Part Number is displayed below the Display Name field.
Edit Remove
PowerShell
$locationProperty = "c" # TODO: modify me
$planNamesProperty = "adm-CustomAttributeTextMultiValue1" # TODO: modify me

# Bind to the new member
$member = $Context.BindToObjectEx("Adaxes://%member%", $True)
if ($member.Class -ine "user")
{
    return
}

# Get Office 365 Properties
$office365Properties = $member.GetOffice365Properties()

# Get licenses to enable
try
{
    $planNames = $Context.TargetObject.GetEx($planNamesProperty)
}
catch
{
    $Context.LogMessage("Licenses not specified", "Error")
    return
}

# Check location
$office365Location = $office365Properties.Location
if ([System.String]::IsNullOrEmpty($office365Location))
{
    # Get location from the specified property
    try
    {
        $location = $member.Get($locationProperty)
    }
    catch
    {
        $Context.LogMessage("Location not specified. Office 365 account will not be activated", "Error")
        return
    }
    
    # Set location in Office 365
    $office365Properties.Location = $location
    
    # Save changes
    $member.SetOffice365Properties($office365Properties)
    $member.SetInfo()
}

# Get current groups memberships of the new member
try
{
    $groupGuidsBytes = $member.GetEx("adm-MemberOfGuid")
}
catch
{
    $groupGuidsBytes = @()
}

$planNameSKUs = New-Object "System.Collections.Generic.HashSet[System.String]"
$planNames | %%{[void]$planNameSKUs.Add($_.ToLower())}
$curentGroupGuid = [Guid]"%objectGUID%"
foreach ($guidBytes in $groupGuidsBytes)
{
    # Get group DN
    $guid = [Guid]$guidBytes
    if ($guid -eq $curentGroupGuid)
    {
        continue
    }
    
    $group = $Context.BindToObject("Adaxes://<GUID=$guid>")
    try
    {
        $skus = $group.GetEx($planNamesProperty)
    }
    catch
    {
        continue
    }
    
    $skus | %%{[void]$planNameSKUs.Remove($_.ToLower())}
}

if ($planNameSKUs.Count -eq 0)
{
    return # No licenses to update
}

# Update licenses
$licenses = $office365Properties.Licenses
$enableLicense = $Context.Action.IsOperationOfType($Context.TargetObject, "add group members")
foreach ($license in $licenses)
{
    if ($planNameSKUs.Contains($license.Sku.SkuPartNumber.ToLower()))
    {
        $license.Assigned = $enableLicense
    }
}

# Save changes
$member.SetOffice365Properties($office365Properties)
$member.SetInfo()

Comments ( 0 )
No results found.
Leave a comment