Skip to content

Instantly share code, notes, and snippets.

@darrenjrobinson
Last active November 17, 2018 22:33
Show Gist options
  • Save darrenjrobinson/2ae7a3c1eefd86dc7fed33c6fb814853 to your computer and use it in GitHub Desktop.
Save darrenjrobinson/2ae7a3c1eefd86dc7fed33c6fb814853 to your computer and use it in GitHub Desktop.
Microsoft Identity Manager Office 365 Licensing PowerShell Management Agent Import Script. Supporting blog post is located here https://blog.darrenjrobinson.com/office365-licensing-management-agent-for-microsoft-identity-manager/
param (
$Username,
$Password,
$Credentials,
$OperationType,
[bool] $usepagedimport,
$pagesize
)
$DebugFilePath = "C:\PROGRA~1\MICROS~2\2010\SYNCHR~1\EXTENS~2\O365LicenseMA\Debug\Debugo365Lic.txt"
if(!(Test-Path $DebugFilePath))
{
$DebugFile = New-Item -Path $DebugFilePath -ItemType File
}
else
{
$DebugFile = Get-Item -Path $DebugFilePath
}
"Starting Import : " + (Get-Date) | Out-File $DebugFile -Append
# the default path to where the ADAL GraphAPI PS Module puts the Libs
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
# Adding the AD library to your PowerShell Session.
# This is the tenant id of you Azure AD. You can use tenant name instead if you want.
# Your Azure tenant name
$tenantID = "customer.com.au"
$authString = "https://login.microsoftonline.com/$tenantID"
# The resource URI for your token.
$resource = "https://graph.windows.net/"
# This is the powershell common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"
# Create a client credential with the above common client id, username and password.
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
-ArgumentList $username,$password
# Create a authentication context with the above authentication string.
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
-ArgumentList $authString
# Acquire access token from server.
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)
# Use the access token to setup headers for your http request.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}
# Object Type (eg. Users, Groups, Contacts)
$object = "users"
# URI to get first 999 objects
$url = "https://graph.windows.net/{0}/$($object)?`$top=999&api-version=1.6"
# URI to page remainder of objects
$url2 = "$resource$tenantId/"
# Get the first 999 objects
$query = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ($url -f $authenticationResult.TenantId)
# An Array for the retuned objects to go into
$tenantObjects = @()
# Add in our first 999 objects
$tenantObjects += $query.value
$moreObjects = $query
$query.value.Count
# Get all the remaining objects in 999 batches
if ($query.'odata.nextLink'){
$moreObjects.'odata.nextLink' = $query.'odata.nextLink'
do
{
$moreObjects = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ($url2+$moreObjects.'odata.nextLink'+'&$top=999&api-version=1.6' -f $authenticationResult.TenantId)
$moreObjects.value.count
$tenantObjects += $moreObjects.value
$tenantObjects.Count
} while ($moreObjects.'odata.nextLink')
}
ForEach($user in $tenantObjects)
{
$obj = @{}
$obj.Add("ID", $user.objectId)
$obj.Add("objectID", $user.objectId)
$obj.Add("objectClass", "user")
$obj.Add("userPrincipalName",$user.userPrincipalName)
$obj.Add("accountEnabled",$user.accountEnabled)
$obj.Add("displayName",$user.displayName)
$obj.Add("givenName",$user.givenName)
$obj.Add("surname",$user.surname)
$obj.Add("mail",$user.mail)
$provisionedPlans = @()
foreach($plan in $user.provisionedPlans) {
$provisionedPlans += $plan.service
}
$obj.Add("provisionedPlans",($provisionedPlans))
$assignedPlans = @()
foreach($assplan in $user.assignedPlans) {
$assignedPlans += $assplan.service
}
$obj.Add("assignedPlans",($assignedPlans))
$assignedLicenses = @()
foreach($license in $user.assignedLicenses) {
$assignedLicenses += $license.skuId
}
$obj.Add("assignedLicenses",($assignedLicenses))
# Pass the User Object to the MA
$user.userPrincipalName | Out-File $DebugFile -Append
$obj
}
# Licenses
$Licenses = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ("https://graph.windows.net/{0}/subscribedSkus?api-version=1.6" -f $authenticationResult.TenantId)
ForEach($sku in $Licenses.value)
{
$obj2 = @{}
$obj2.Add("ID", $sku.objectId)
$obj2.Add("objectID", $sku.objectId)
$obj2.Add("objectClass", "LicensePlans")
$obj2.Add("capabilityStatus", $sku.capabilityStatus)
$obj2.Add("consumedUnits",$sku.consumedUnits)
$obj2.Add("enabled", $sku.prepaidUnits.enabled)
$obj2.Add("suspended", $sku.prepaidUnits.suspended)
$obj2.Add("warning", $sku.prepaidUnits.warning)
$obj2.Add("skuId", $sku.skuId)
$obj2.Add("skuPartNumber", $sku.skuPartNumber)
$obj2
}
#endregion
@mirsa3615
Copy link

Hello darrenjrobinson,
I can't get all users from the tenant, Iget only the first 2000.
If I start the script manually, I have no error but if I start it in MIM I get a missing-anchor-value.
I changed only the TenantID and the default path to for the ADA
can you help please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment