【O365 PowerShell Script】許可Direct&Inherited改成Direct

時間  2020-08-11
標籤 o365 powershell script 許可 direct&inherited direct inherited 改成 简体版
原文   原文鏈接

#在Office365中,有兩種分配許可的方式:
#1.使用admin.microsoft.com直接分配(這樣批量操做起來想多繁瑣),許可類型在Azure AD的許可中心顯示爲Direct
#2.使用portal.azure.com的group based licensing方法(自動根據組員將許可分配給用戶),相關文檔: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign ,許可類型在Azure AD的許可中心顯示爲Inheritedide

#Office 365中會有部分用戶由於管理員使用了以上兩種方式分配許可證,致使用戶一樣的許可證被分配了兩次,許可類型在Azure AD的許可中心顯示爲Direct&Inherited。目前portal.azure.com沒有提供一鍵移除的方法,如下PowerShell腳本能夠達成一鍵移除的功能。ui

#In Office365, there are two ways to assign licenses:
#1. Use admin.microsoft.com to assign directly (so the batch operation is too cumbersome), the license type is displayed as Direct in the license center of Azure AD
#2. Use the group based licensing method of portal.azure.com (automatically assign licenses to users based on group members), related documents: https://docs.microsoft.com/en-us/azure/active-directory/users -groups-roles/licensing-groups-assign, the license type is displayed as Inherited in the license center of Azure ADcode

#There will be some users in #Office 365 because the administrator uses the above two methods to allocate licenses, resulting in the same license being allocated twice for users. The license type is displayed as Direct&Inherited in the license center of Azure AD. Currently portal.azure.com does not provide a one-click removal method. The following PowerShell script can achieve the one-click removal function.ip

#Script start

function Users-LicenseType
{
    Param(
    [System.Management.Automation.PSCredential]$cred
         )
    Connect-MsolService -Credential $cred

    $Gplist= @{}
    $Group =Get-msolgroup
    $licenses =  Get-MsolAccountSku
    #Get all groupname with group objectId
    foreach($gp in $Group)
    {
    $Gplist+=@{$gp.ObjectId.ToString() = $gp.DisplayName}
    }
    $users= Get-MsolUser -All
    $AllUser = @()

    Foreach($license in $licenses)
    {
        foreach($user in $users)
        {   
            # Find Users License Type 
            $UserList = "" | Select-Object "License","UserPrincipalName","LicenseType"
            $Assigneds=$user.Licenses
            $status = ""

            foreach($assigned in $assigneds)
            {
                If($license.accountskuid -eq $assigned.accountskuid)
                {

                    $lic = $user.Licenses.GroupsAssigningLicense.Guid
                    if($lic -ne $null)
                    {
                    $GpName = ''
                    foreach($lc in $lic)
                    {
                        If($GpName) {
                                    if($Gplist.Item($lc.ToString()) -ne $null)
                                    {
                                    $GpName=$GpName + ";" + $Gplist.Item($lc.ToString())
                                    }
                                } 
                            Else {
                                    if($Gplist.Item($lc.ToString()) -ne $null)
                                    {
                                    $GpName=$Gplist.Item($lc.ToString())
                                    }
                                }          
                    }
                    foreach($lc in $lic)
                    {
                        If(Get-MsolUser -objectid $lc -ErrorAction SilentlyContinue)
                        {
                            $status = "Direct&Inherited("+$GpName+")"
                        }

                    }
                    $UserList.UserPrincipalName = $user.UserPrincipalName
                    If($status)
                    {
                        $UserList.LicenseType = $status

                    }else{

                        $UserList.LicenseType = "Inherited("+$GpName+")"

                    }
                    $UserList.License = $assigned.accountskuid
                    $AllUser+= $UserList
                    $UserList =$null

                    }Else{

                    $UserList.UserPrincipalName = $user.UserPrincipalName
                    $UserList.LicenseType = "Direct"
                    $UserList.License = $assigned.accountskuid
                    $AllUser+= $UserList
                    $UserList =$null

                    }
                }

            If($status -like "*Direct&Inherited*")
            {

                Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -RemoveLicenses $Assigned.accountskuid

            }

            }

        }
    }

    $AllUser  | Sort-Object -Property License
}

$cred =Get-Credential

$Listofusers = Users-LicenseType -cred $cred

$Listofusers
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程