CMD 365 Account Mgmt - Neilitlib/MSP-Simple-Commands GitHub Wiki

CMD 365 PowerShell Prerequisites

(https://github.com/Neilitlib/MSP-Simple-Commands/wiki/CMD-365-PowerShell-Prerequisites)

Set Specific Password

PS

  1. Import-Module AzureAD; Connect-AzureAD

  2. $securePassword = ConvertTo-SecureString "TypePASSWORDhere" -AsPlainText -Force; Set-AzureADUserPassword -ObjectId '[email protected]' -Password $securePassword; Write-Output "The specified password has been set"

  3. Disconnect-AzureAD

Replace TypePASSWORDhere with the desired password (must meet complexity requirements)

Replace [email protected] with the target user's address

Set Random Password

PS

  1. Import-Module AzureAD; Connect-AzureAD

  2. $randomPassword = (Get-Random -InputObject ([char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZ")) + ((Get-Random -InputObject ([char[]]"abcdefghijklmnopqrstuvwxyz") -Count 2) -join "") + ((Get-Random -InputObject ([char[]]"0123456789") -Count 5) -join ""); $newPassword = ConvertTo-SecureString $randomPassword -AsPlainText -Force; Set-AzureADUserPassword -ObjectId '[email protected]' -Password $newPassword; Write-Output "$randomPassword"

  3. Disconnect-AzureAD

Replace [email protected] with the target user's address

This PowerShell script performs the following actions:

  1. Generates a random password in the Xyz12345 format: The $randomPassword variable is assigned a string that consists of:
    • One randomly chosen uppercase letter from A to Z.
    • Two randomly chosen lowercase letters from a to z.
    • Five randomly chosen digits from 0 to 9.
  2. Converts the random password to a SecureString: The $newPassword variable is assigned the value of $randomPassword converted to a SecureString object. This is done using the ConvertTo-SecureString cmdlet with -AsPlainText and -Force parameters.
  3. Sets the password for an Azure AD user: The Set-AzureADUserPassword cmdlet is used to set the password of the Azure AD user with the object ID '[email protected]' to the value of $newPassword.
  4. Outputs the random password: The Write-Output cmdlet is used to print the value of $randomPassword to the console. This is the plaintext version of the password that was set for the Azure AD user.
  5. Disconnects from Azure AD: The Disconnect-AzureAD cmdlet is used to terminate the current session with Azure AD.

Set Access & SendAs Permissions

  • Leagues faster than the Azure or 365 Web User Interface
  • Very useful for making large numbers of changes

PS

  1. Import-Module ExchangeOnlineManagement; Connect-ExchangeOnline

  2. Add-MailboxPermission -Identity "[email protected]" -User "[email protected]" -AccessRights FullAccess -InheritanceType All -AutoMapping:$true; Add-RecipientPermission "[email protected]" -Trustee "[email protected]" -AccessRights SendAs -Confirm:$false

  3. Disconnect-ExchangeOnline

Change both instances of [email protected] to the inbox you want your target user to access & send as

Change both instances of [email protected] to the target user that needs access & send as capability

These commands together grant full access to a mailbox and allow the user to send messages as the mailbox:

  1. Add-MailboxPermission -Identity "[email protected]" -User "[email protected]" -AccessRights FullAccess -InheritanceType All -AutoMapping:$true: This command grants "[email protected]" full access to "[email protected]". The -AutoMapping:$true parameter automatically maps the mailbox to the user's Outlook profiles.

  2. Add-RecipientPermission "[email protected]" -Trustee "[email protected]" -AccessRights SendAs -Confirm:$false: This command grants "[email protected]" the SendAs permission for "[email protected]" without asking for confirmation. The SendAs permission allows a user to send messages as if they came directly from the mailbox.

  3. Disconnect-ExchangeOnline: This command disconnects the current session from an Exchange Online tenant.