This script can be used to assign users a license who are member of a specific Office365-Security Group.
The password in this script is encrypted!
Please note that this script only works for users who do not have a license assigned yet.
There are a couple of variables used in this script. Please adjust them if necessary:
| Variable | Description |
| GName | Name of the Office 365 Security Group |
| LicenseN | Name of the license that will be assigned to the users Make sure you fill in the license in the correct format! For example: a P1 license is: EXCHANGESTANDARD |
| UsageLocation | Set user location Make sure you use the correct format! For example: Netherlands = NL |
| AdminUser | Username of the admin user in Office 365 to run this script Use the UID of the user. For example: AssignLicenses@wortelltechready.com |
Script
Here’s the code for the script:
#### Set Variable
Set-Variable -name GName -value "AssignLicenses@wortelltechready.com"
Set-Variable -name LicenseN -value EXCHANGESTANDARD
Set-Variable -name UsageLocation -value NL
Set-Variable -name AdminUser -value "admin@wortelltechready.com"
#### Set Encrypted Password
$Password = "01000000d08c9ddf0115d1118c7a00c04fc297eb010000000ec5c2fd088ac741a6882556fafff2bd0000000002000000000003660000c00000001000000040e00f5a263e04689f6499394c5c6bbe0000000004800000a000000010000000bd5dea3f12458d5030966c7c2cbd0f5528000000474330610cdcc62da9e80a3f19a1eb3b144b1c819ee6d6457906ddbad33baa9cd0944e904bf50000140000003974ffe84f0b9fa5df07c79eaeb3b2b84e5d0023"
$PasswordSecure = ConvertTo-SecureString -String $Password
$cred = New-Object system.Management.Automation.PSCredential($AdminUser, $PasswordSecure)
#### Create Function Logon to Office365
function Logon {
Import-Module MSOnline
Connect-MsolService -Credential $cred
}
############################################################################################################################
############################################################################################################################
#### Logon to Office 365
Logon
#### Create Log File + Start Logging
$Log = "AssignLicenseByGroup.ps1" + ".log"
$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path $Log -append
#### Get DistributionGroupMembers
$GUIDT = Get-MsolGroup -SearchString $GName
$GUID = $GUIDT.ObjectId
#### Set License
$CompanyInfo=Get-MsolAccountSKU
$CompanyName=$CompanyInfo.AccountName
$LicenseName=$CompanyName+":"+$LicenseN.ToUpper()
#Get-MsolGroupMember -GroupObjectId $GUID -All | Set-MsolUser -UsageLocation $UsageLocation
Get-MsolGroupMember -GroupObjectId $GUID -All | ForEach-Object {
Set-MsolUser -ObjectId $_.ObjectId -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.EmailAddress -AddLicenses $LicenseName
}
#### Stop Logging
Stop-Transcript
Copy and paste the code in notepad (for example) and save it as “AssignLicenseByGroup.ps1”. Go through the following steps to use the script.
Steps
- Make sure you have the following tools installed before running the script:
Microsoft Online Services Sign-In Assistant (IDCRL7) – 32 bit version
Microsoft Online Services Sign-In Assistant (IDCRL7) – 64 bit version
Microsoft Online Services Module for Windows PowerShell (32-bit version)
Microsoft Online Services Module for Windows PowerShell (64-bit version)
See: http://onlinehelp.microsoft.com/Office365-enterprises/ff652560.aspx - Create an encrypted password using the following script and paste the output as the $Password variable in the “AssignLicenseByGroup” script:
# Path to the script to be created: $path = 'Password.txt' # Create empty template script: New-Item -ItemType File $path -Force -ErrorAction SilentlyContinue | Out-Null $pwd = Read-Host 'Enter Password' -AsSecureString $pwdencrypted = $pwd | ConvertFrom-SecureString $private:ofs = ' ' ('$password = "{0}"' -f $pwdencrypted) | Out-File $path notepad $path - If necessary, edit the script (with notepad for example) and change the other variables as discussed in the table at the top of this post.
- Run the “AssignLicenseByGroup.ps1” script.
- You will be asked to logon to Office 365. Use an Administrator account for this login.
- A log file will be created with the CSV file name and is given the extension.log.
This is the final part of a series of posts about some PowerShell scripts I created or used and modified for some Office 365/Exchange Online migrations.
An overview of the series can be found here.
Michel van Vliet - IT Blog 
Leave a comment