Category: Exam

Powershell Commands to remember for the Microsoft 70-346 Exam

Powershell Commands to remember for the Microsoft 70-346 Exam

70-346
Office 365 70-346

Powershell Cmdlets to remember for the Microsoft 70-346: Managing Office 365 Identities and Requirements Exam

I have recently completed the Microsoft 70-346 ‘Managing Office 365 Identities and Requirements’ Exam. The Exam focuses quite a bit around PowerShell. Below is a list of PowerShell cmdlets which may appear in the exam.

Also, I’ve created a bunch of FlashCards that may be useful for studying for this exam. You can find them here:
http://www.cram.com/flashcards/70-346-8863906

Office 365 Management:

Connecting to Office 365 via PowerShell:
Import-Module MSOnline
$UserCredential = Get-CredentialConnect-MsolService -Credential $UserCredential

Return all the subscriptions that are in the Office 365 Tennant (Licence Type):
Get-MsolSubscription

Returns a list of SKU’s that the company has in their Office 365 Tenant (Licence Count):
Get-MsolAccountSku

Create a New Office 365 User and Assign a license:
New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -UsageLocation

Note – The UsageLocation is required for assigning a license. A user can be created without a license and without the need for defining the UsageLocation

Disable undesirable services of a Licence Subscription for a new user (e.g. Sharepoint):
$LicenceOptions = New-MsolLicenseOptions -AccountSkuId -DisabledPlans "SHAREPOINTENTERPRISE"
New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -LicenseOptions $LO -UsageLocation

Set a license for a specific user:
Set-MsolUserLicense -UserPrincipalName "[email protected]" -AddLicenses

(UsageLocation must be set)

Set the Usage Location for a specific Office 365 User:
Set-MsolUser -UserPrincipalName -UsageLocation

Get a list of Domain Names assigned to your Office 365 Tennant:
Get-MsolDomain

Set a default Office 365 Domain Name:
Set-MsolDomain -Name o365.davidatkin.com -IsDefault

Remove a Domain Name from your Office 365 Tennant:
Remove-MsolDomain -DomainName o365.davidatkin.com -Force

Get the records required for Verifying a domain name in your Office 365 Tennant:
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode DnstxtRecord
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode Dnsmxrecord)

Get Office 365 to check that the Verification DNS Records against a domain are correct:
Confirm-MsolDomain -DomainName o365.davidatkin.com

Set the Office 365 Password Policy:
Set-MsolPasswordPolicy -DomainName -NotificationDays <30> -ValidityPeriod <90>

Set a single users Office 365 account to Password Never Expires:
Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true

Disable the requirement for Strong Passwords for a single Office 365 User:
Set-MsolUser -UserPrincipleName -StrongPasswordRequired $false

Get a list of all Office 365 Users without a license assigned to their account:
Get-MsolUser -UnlicensedUsersOnly

Change an Office 365 Users User Principal Name (logon username):
Set-MsolUserPrincipalName -ObjectID

Get all members of a specific Office 365 Role:
$role = Get-MsolRole -RoleName "name"
Get-MsolRoleMember -RoleObjectId $role.ObjectId

Reset an Office 365 Users Password:
Set-MsolUserPassword -UserPrincipleName -NewPassword -ForceChangePassword $true

Get a list of Soft Deleted Users in the Office 365 Tenancy:
Get-MsolUser -UserPrincipleName -ReturnDeletedUsers

Permanently delete a Soft Deleted User in the Office 365 Tenancy:
Remove-MsolUser -UserPrincipleName -RemoveFromRecycleBin

Change a Domain authentication type to Single Sign On (SSO):
Set-MsolDomainAuthentication

Azure Active Directory Rights Management (AADRM):

Connect to Azure Active Directory Rights Management (AADRM):
Import-Module aadrm
$UserCredential = Get-Credential
Connect-AadrmService -Credential $UserCredential

Control User Onboarding for Azure Active Directory Rights Management:
Set-AadrmOnboardingControlPolicy -SecurityGroupObjectID "ID"

Note: This must be a security group – Not a User

Enable only users with an Azure Active Directory Rights Management licence to protect documents:
Set-aadrmOnboardingControlPolicy -UserRmsUserLicence $true -Scope All

Get a list of all AADRM Administrators:
Get-AadrmRoleBasedAdministrator

Remove administrative rights to the Azure Rights Management service for the user via their email address:
Remove-AadrmRoleBasedAdministrator -EmailAddress "[email protected]"

Enable the AADRM Super User Feature to allow users to encrypt and decrypt documents:
Enable-AadrmSuperUserFeature

Disable the AADRM Super User Feature to allow users to encrypt and decrypt documents:
Disable-AadrmSuperUserFeature

Grant an Office 365 User AADRM Super User rights by Email Address:
Add-AadrmSuperUser -EmailAddress "[email protected]"

Grant an Office 365 Group AADRM Super User rights by Email Address:
Add-AadrmSuperUserGroup -GroupEmailAddress [email protected]

Get a list of current AADRM Super User Users:
Get-AadrmSuperUser

Show the current AADRM Super User Group:
Get-AadrmSuperUserGroup

Remove the AADRM Super User Group:
Clear-AadrmSuperUserGroup

As an Azure Active Directory Rights Management SuperUser, get the status of a file to see if it is protected by RMS:
Get-RMSFileStatus -File ""

Import the RMS Protection Module into PowerShell (For AADRM Super Users):
Import-Module RMSProtection

Protect/UnProtect a file as an AADRM Super User:
Protect-RMSFile -File ""
UnProtect-RMSFile -File ""

Get a list of current RMS Templates:
Get-RMSTemplate

Enable RMS integration with Exchange Online:
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"
Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"
Set-IRMConfiguration -InternalLicensingEnabled $true Test-IRMConfiguration -Sender

Connect to Exchange Online:
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Get a list of Office 365 Global Admins:
$role = Get-MsolRole -RoleName "Company Administrator"
Get-MsolRoleMember -RoleObjectID $role.ObjectId

Add/Remove an Office 365 User from a Role:
Add-MsolRoleMember -RoleName
Remove-MsolRoleMember -RoleName

Azure Active Directory Connect:

Get Configuration Settings about the Azure AD Scheduler:
Get-ADSyncScheduler

Force an Immediate AD Sync Cycle:
Start-ADSyncSyncCycle -Policy Full

Stop a current AD Sync Cycle
Stop-ADSyncSyncCycle

Change the Azure AD Connect Sync Cycle interval:
Set-ADSyncScheduler -CustomizedSyncCycleInterval

Check the status of an ongoing AD Connector Sync:
Get-ADSyncConnectorRunStatus

ADFS:

Install ADFS On Windows Server 2012:
Install-WindowsFeature -Name ADFS-Federation -IncludeManagementTools

Install an Additional Server into an existing ADFS Farm:
Add-AdfsFarmNode -PrimaryComputerName -CertificateThumbprint -GroupServiceAccountIdentifier

Convert an existing Office 365 Managed Domain into a Federated Domain Name:
Convert-MsolDomainToFederated -DomainName o365.davidatkin.com

Convert a Federated Domain back to a ‘Standard’ Office 365 Managed Domain:
Convert-MsolDomainToStandard

Convert a Federated User back to an Office 365 Managed User Account:
Convert-MsolFederatedUser

Specify the Primary Federation Server when installing an additional Server into an Existing Farm (Command to be run if not on the Primary Server):
Set-MsolADFSContect -Computer

Set the ADFS Organization Information Properties by piping infromation from the New-AdfsOrganization command:
$MyOrg = New-AdfsOrganization -DisplayName "Org Name" -OrganizationUrl "http://"
Set-AdfsProperties -OrganizationInfo $MyOrg

Get existing ADFS Settings:
Get-MsolDomainFederationSettings

Set a new SSL Certificate on Federation Servers:
Set-AdfsCertificate -Thumbprint

Set a new SSL Certificate onto ADFS WAP Servers:
Set-WebApplicationProxySslCertificate -Thumbprint

Set a new ADFS Communications Certificate:
Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint

Customise Web Links and wording on the ADFS Logon Web Page:
Set-AdfsGlobalWebContent

Customise the Logo and Illustration on the ADFS Logon Web Page:
Set-AdfsWebTheme

Create a new Theme for the ADFS Logon Web Page:
New-AdfsWebTheme -TargetName "Name"

Set the Active Theme for the ADFS Logon Web Page:
Set-AdfsWebConfig -ActiveThemeName

Enable Modern Authentication in Exchange Online:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Verify the status of Modern Authentication in Exchange Online:
Get-Organizationconfig | FT Name,*Oauth*

Enable Modern Authentication in Skype for Business Online:
Set-CdOAuthConfiguration -ClientAdalAuthOveride Allowed

Verify the status of Modern Authentication in Skype for Business Online:
Get-CdOAuthConfiguration | select *adal*

Change the Authentication of a Domain Name from Federated to Standard temporarily until ADFS can be repaired:
Set-MsolDomainAuthentication -DomainName -Authentication

Enable Multiple Federated Domain support:
Update-MSOLFederatedDomain -SupportMultipeDomain

Office 365 Monitoring:

Enable Exchange Online Mailbox Auditing:
Set-Mailbox -Identity -AuditEnabled $true

Add Owners Actions to the Exchange Online Mailbox Auditing:
Set-Mailbox -AuditOwner

Disable / Enable the Office 365 Admin Audit log:
Set-AdminAuditLogConfig

Get Exchange Online Stale Mailbox Reports (Mailboxes not being used):
Get-StaleMailboxReport
Get-StaleMailboxDetailReport

Get Exchange Online Usage Reports:
Get-MailboxUsageReport
Get-MailboxUsageDetailedReport

Carry out an Exchange Online Message Trace for the past 7-Days:
Get-MessageTrace
Get-MessageTraceDetail

Carry out a Message Trace for Items upto 90 Days Old:
Start-HistoricalSearch
Stop-HistoricalSearch

Show Historical Message Trace history for the past 10 Days:
Get-HistoricalSearch

Thank you for reading. If there are any errors or you feel there should be some addition’s, please comment and I will look at them. You may also be interested in the ‘Powershell Commands to remember for the Microsoft 70-347 Exam’ Article here:
http://davidatkin.com/blog/powershell-commands-remember-microsoft-70-347-exam/

Powershell Commands to remember for the Microsoft 70-347 Exam

Powershell Commands to remember for the Microsoft 70-347 Exam

70-347
Office 365 70-347

Powershell Cmdlets to remember for the Microsoft 70-347: Enabling Office 365 Services Exam

I am currently studying for the Microsoft 70-347: Enabling Office 365 Services exam. Below is a list of PowerShell commands and their purpose for reference. More commands will be added to the below as I learn them.

Also, some useful flashcards for the 70-347 exam can be found here:
Flashcards – Cram.com

Exchange Online PowerShell Cmdlets:

How to check and enable OAuth2 in Exchange Online:
Get-OrganizationConfig | Select *OAuth*
Set-OrganizationConfig -OAuth2ClientProfileEnable $true

How to check and enable OAuth2 in Skype for Business Online:
Get-CsOAuthConfiguration | select *adal*
Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

OAuth Notes:
– Because Skype for Business Online and Exchange Online are linked, its best to have the same OAuth configuration on both services
– The OAuth configuration for Sharepoint Online is enabled by default

Skype for Business Online PowerShell Cmdlets:

The Skype for Business Online PowerShell cmdlet for displaying all policies applied to a particular user:
Get-CsOnlineUser [email protected] | select *policy*

SharePoint Online PowerShell Cmdlets:

How to disable Sharepoint Online External user Sharing Globally:
Set-SPOTenant -SharingCapability Disabled

How to disable Sharepoint Online External user Sharing per Site Collection:
Set-SPOSite -identity 'https://sitecollectionurl' -SharingCapability Disabled

How do you remove an External Users access to SharePoint Online via PowerShell?
Get-SPOExternalUser
$RemoveUser = Get-SPOExternalUser -Filter testuser
Remove-SPOExternalUser -UniqueIds @($RemoveUser.UniqueId)

Grant the Site Collection Administrator Role to a user:
Set-SPOUser -Site -Login -IsSiteCollectionAdmin $true

Change the Primary Site Collection Administrator of a site:
Set-SPOSite -Identity -Owner

Set the Server Resource Quota for a specific site collection:
Set-SPOSite -Identity -ResourceQuota -ResourceQuotaWanrningLevel

set the Storage Quota limits on a Sharepoint Site Collection:
Set-SPOSite -Identity -StorageQuota -StorageQuotaWarningLimit

Create a new Sharepoint Site Collection:
New-SPOSite -Title Test1 -url https://testing.sharepoint.com/sites/Test1 -LocalID 2057 -Template "STS#0" -Owner [email protected] -StorageQuota 1024

*Note(s) on creating a new Site Collection ID*:
– LocalID is the Language ID – See here for a List> Microsoft Local ID Library
– StorageQuota is in MB
– Here is a Link to the different Sharepoint Online Template IDs> Sharepoint Template IDs

Get a list of Sharepoint Online Local ID’s and Templates:
Get-SPOWebTemplate

Remove a Sharepoint online Site:
Remove-SPOSite -Identity

Restore a delete Sharepoint Online Site:
Restore-SPOSite -Identity

Security and Compliance:

Connect to the Office365 Security and Compliance Centre:
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Cred =Authentication Basic -AllowRedirection
Import-PSSession $Session

Create a new eDiscovery Compliance Case:
New-ComplianceCase

Get information on a current eDiscovery Compliance Case:
Get-ComplianceCase

Remove a current eDiscovery Compliance Case:
Remove-ComplianceCase

Make changes to a current eDiscovery Compliance Case:
Set-ComplianceCase