Assign Exchange Online Permissions using PowerShell
You can quickly and easily assign roles to user accounts using Office 365 PowerShell by identifying the user account’s Display Name and the role’s Name.
To start, you first need to establish a session to Office 365 PowerShell, this can be done by a script a created which is published on Microsoft TechNet. Download:
Once the connection to Office 365 PowerShell made, you can move along and determine the current Roles assigned to the user which you want to assign additional permissions.
For the purpose of this post, my user is called Farren and I will first verify which Role groups she is current part of.
First, I will start by running the following cmdlet to connect to Office 365
|
1 |
Connect-MsolService |
Once connected I will, run the following cmdlet to get my test user Farren.
|
1 |
Get-MsolUser | Where DisplayName -like "Farren*" | Sort DisplayName | Select DisplayName | More |
Now that I can view my test user in my tenant, let’s move on and list the available Admin Roles which can be assigned to the user.
To get the list of Admin Roles, you can run the following cmdlet.
|
1 |
Get-MsolRole |Sort Name |Select Name, Description |
As you can see there is a few different types of Admin Roles which can be assigned, but for the purpose of the post we are only focusing on Exchange Online Roles.
To continue, I will be assigning the following two Admin Roles to my test user.
- Exchange Service Administrator
- Mailbox Administrator
These roles can be assigned by running the following cmdlet.
|
1 |
$dispName="Farren Hardneck" |
|
1 |
$roleName="Exchange Service Administrator" |
|
1 |
Add-MsolRoleMember -RoleMemberEmailAddress (Get-MsolUser | Where DisplayName -eq $dispName).UserPrincipalName -RoleName $roleName |
Before I wrap it up let’s verify if the user Farren is now part of the Exchange Service Administrator Role group. This can be done by running the following cmdlet.
|
1 |
$role = Get-MsolRole -RoleName "Exchange Service Administrator" |
|
1 |
Get-MsolRoleMember -RoleObjectId $role.ObjectId |
And finally, to assign multiple roles to multiple user, the following csv example can be used with the following cmdlets.
The csv should look like the below.
|
1 |
DisplayName,RoleName |
|
1 |
"Farren","Mailbox Administrator" |
|
1 |
"Jason YoungOne","SharePoint Service Administrator" |
|
1 |
"Billy Ackers","Lync Service Administrator" |
|
1 |
“Shaun Hardneck ” , ”Exchange Service Administrator ” |
Now that the cv has been created, let’s look at the script which needs to be run.
|
1 |
$fileName C:\Softlib\O365RoleUpdates.CSV" |
|
1 |
$roleChanges=Import-Csv $fileName | ForEach {Add-MsolRoleMember -RoleMemberEmailAddress (Get-MsolUser | Where DisplayName -eq $_.DisplayName).UserPrincipalName -RoleName $_.RoleName } |
Script file and CSV file can be downloaded here.
CSV: O365RoleUpdates
Script: O365RoleUpdateScript
#ThatLazyAdmin
Be First to Comment