PS Script: Assign license based on AAD Security Group

So, just to make it easy, here is the Exchange Online assigning script without using it for Unlicensed Users only.

AAD Security Group Name: Exchange_Users

See earlier post for pre reqs and information.

    Script that assigns Office 365 licenses based on Group membership in WAAD.

#The script assigns license Exchange Online Plan 1 or 2 based on Group Membership and that the user doesn't have a license.
#It can seem abit reverse as we enable EnterPrisePack, but disables everything but what we want to keep.
#This is just the way it works when workin with Plan Packages, compared to single Plans.
#Author: Roy Apalnes
#Email: roy.apalnes(a)
#The script are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
#Feel free to contact me for assistance.
#Modifier: Roy Apalnes
#Modified for Customer X

$Office365Credentials = Get-Credential

#Connect to Microsoft Online
 Import-Module MSOnline
 Connect-MsolService -Credential $Office365credentials

write-host "Connecting to Office 365..."

#Disabled Plans for assigning Exchange Online only
 $disabledPlans= @()
 $disabledPlans +="OFFICESUBSCRIPTION"
 $disabledPlans +="SHAREPOINTWAC"
 $disabledPlans +="RMS_S_ENTERPRISE"
 $disabledPlans +="YAMMER_ENTERPRISE"
 $disabledPlans +="MCOSTANDARD"

#Create a LicenseOption with ENTERPRISEPACK and disable all Plans but Exchange Online
 $ExchangeOnly = New-MsolLicenseOptions -AccountSkuId syndication-account:ENTERPRISEPACK -DisabledPlans $disabledPlans

#Country Location is mandatory for license assigning
 $UsageLocation = "NO"

#Find ObjectId of every Security Group
 $Groups = Get-MsolGroup | Select ObjectId,DisplayName

#Placeholder for our Exchange Online Security Group Object Id
 $ExchangeGroupObjectId = $Groups | where {$_.DisplayName -eq "Exchange_Users"} | Select ObjectId

#Placeholder for ObjectIds of every member of Security Group Exchange_Users
 $ExchangeGroup = Get-MsolGroupMember -GroupObjectId $ExchangeGroupObjectId.ObjectId

#Placeholder for ObjectIds of every member without a License.
 #$UnlicensedExchangeUsers = $ExchangeGroup | where {-not $_.islicensed} | Select ObjectId

#Set UsageLocation
 Set-MsolUser -ObjectId $ExchangeGroup.ObjectId -UsageLocation $_.UsageLocation

#Set LicensOption Exchange Online Only
 Set-MsolUserLicense -ObjectId $ExchangeGroup.ObjectId -AddLicenses syndication-account:ENTERPRISEPACK -LicenseOptions $ExchangeOnly



I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts