Office 365 Manager

     During my time working at MedX Solutions I wrote this application to assist the helpdesk in more quickly addressing common requests from customers. This application was written 100% in PowerShell with the help of Microsoft Online, Exchange Online, and Azure PowerShell modules. This blog post serves as part of my personal portfolio as well as demonstrating what PowerShell is capable of. I have blurred sensitive information to protect client information.

    Once a customer's account is selected, you can click connect and it will connect to the customers 365 admin account using credentials that are securely stored in a specified local or network location.

Connecting to customer

    This application stores data in .psd1 config files that can be stored in a local directory or a network share location. The initial config file contains the directory for the primary config file and the encryption key that will be used to store credentials for the connections.

    The primary config file holds information of the individual clients. Such as the admin username, encrypted password, primary domain name, and user naming convention. All this information is used through the different functions of the application. It was important that no sensitive information was hard coded into the application.

    If you are adding a new customer, you would put in the customer's name in the list box and connect. If the application was not able to find the customer in the primary config file, it will prompt you to enter the new information for the new customer. The information entered in here will be written to the primary config file with the password encrypted with the key specified as a secure string converted to text.

    So, what does the application actually do? Once we are connected to the customer the functions are no longer greyed out. We can do all sorts of admin tasks from resetting passwords to delegating accounts. The was much faster than logging into an individual customer's account. This post will go through each of the functions this application does in more detail.

    To reset a user's password, you will select the user account, and either type in a new password or generate a random password. The checkbox can be used to force the user to change the password at next login. Once the password is created it will generate a message that tells the user that the password was reset and what that new password is. By clicking the Copy button, you can copy the message and paste it into an email or ticketing system.

        Next up is the create user form. This form will show you a list of current user accounts on the right and fields to create a new user on the left. Department and Phone Number are optional fields. If filled out they will be added to the users 365 account. the actual username that is created depends on the global naming convention we chose when initially creating the customer account. When creating the account, we can choose to generate a random password and / or force the user to reset their password when they login. This form will pull a list of available licenses and add them to the drop down. We will choose what type of license the user should have from that drop down menu.

     If there are no licenses available, this window will pop up with a message that can be copied and pasted into an email or ticketing system to ask the customer if they want to purchase more licenses.

    The Activate / Deactivate User Form is used to disable or re-enable user accounts. When an account is disabled, it will go through everything that is checked, and if a forwarding address is provided it will forward all emails to this account. The forwarding account can be internal or external. This has been crucial for standardizing the offboarding process of user accounts. To re-activate an account, select an available license from the drop-down menu and all the actions of the check boxes will be undone.

    The Alias Form is perfect for managing the alias of the user accounts. Select a user in the left pane, and all aliases currently assigned to that user will populate the list box on the right. If you want to remove an alias, select the alias in the Current Aliases box and click remove Alias. If you want to add an alias type the new alias in the New Alias text box and click Add Alias.

    The Forwarding Form will show if the mail is forwarded to a single user (Not including rules). If you want to disable the forward, select the user account in the left pane and click disable forward after the user account has populated in the "Emails are currently forwarded to" label. If you want to forward the mail (Internal or External) just fill out the Forward To text box and click Forward Email.

    Distribution Groups are managed with this Form. When you select a user in the left pane, a list of all distribution groups will populate in the bottom left pane. All Distribution Groups will display in the Right pane. If you select a Distribution Group, it will show all users currently in that group. The Remove from Group button will become available when you have a user and a distribution group that they are a member of selected. Of course, you can add a user to a distribution group or create a new group with the New Distribution Group text box.

    The Auto Reply form is really useful. Select a user on the left pane and type a message in message text box that you want sent as an auto response. New lines and Tabs are converted in html and will display properly in the user's mailbox auto response message. If you want to disable the auto reply, check the box that says Disable Auto Reply and Submit. This was useful for deactivated mailbox accounts that needed an auto response message.

    The Add to Calendar Form was in response to customers wanting to add other user accounts to their calendar. The "From" section is the host of the calendar, the "To" section is the recipient of the calendar.

    The Delegate Form is used to manage delegates of accounts. "From" section is the account that is being delegated, and the "To" section is who the account is being delegated to. When you select a user in the "From" section, the list box of current delegates will populate. You can remove a delegate by selecting the current delegate and the "From" delegate and clicking Remove Delegate. To add select a user from the "To" list box and click Create Delegate.

    That is all for the admin functions of the application. It is an ongoing project, and more functions will likely be added in the future. There is another section of the application for Auditing. I don't have any screenshots of these because they generate csv files, and the data inside is sensitive so it would need to be blurred. So, to save you from looking at a bunch of blurry rectangles, I'll describe what these reports generate.

    The License Report will generate a csv of all users and what license they currently have assigned to them. The Distribution Group Members Report will generate a report that shows each distribution group and what members are assigned to it. The Last Logon Report shows all users and the Date / Time that user last logged into 365. The Global Admin Report generates a list of all users assigned global admin permissions in 365. The Compare Licenses Audit was a custom report that would take a list of users provided by a client and compare it to active licensed users in 365, it would generate 2 separate csv reports. One to show what users are licensed that were not in the provided list, and the other to show what users in the provided list were not an active licensed 365 account.

    The last section of the application is Help. This just has the versioning information and a nice support form that allows you to send messages to the application support ticketing system.

    Hopefully this will inspire someone out there to get deeper into PowerShell. Being able to pull .Net libraries into scripts is really what makes PowerShell such a powerful language. Thank you for reading, please let me know if you have any comments or suggestions.