0 votes

Hi,

I need a bit of scripting help within Adaxes. We have a number of o365 licence checks that occur, some on a schedule, some before creating a user.

They are simple enough (and below) they check that there's a free licence for what the user is for before creating the account, if not they email the necessary people to order a licence and manually assign it and create the user.

The schedule jobs do something similar, every day at 9 they check for free licences, if less than 10 they email to order more.

However over the weekend they have stopped working (we have patched the server with Windows updates and restarted), I've got the error, but I'm not sure how to update the scripts to resolve the issue, as MS is retiring basic auth, I'm assuming I can't just put in a getcredentials option and enter the username/password (which would be unsecure as it stores the credentials in plain text)

Script 1) Licence check:

# The condition is met if $Context.ConditionIsMet is set to $True.
$Context.ConditionIsMet = $False
Connect to Exchange Online
$session = $Context.CloudServices.CreateExchangeOnlinePSSession()
Import-PSSession $session -AllowClobber -DisableNameChecking

#Declare available license variable settings
$ActiveUnits = Get-MsolAccountSku | where {$.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | select ActiveUnits
$ConsumedUnits = Get-MsolAccountSku | where {$.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | select ConsumedUnits
Output result to excel
Get-MsolAccountSku | where {$_.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | Fl AccountSkuid,ActiveUnits,ConsumedUnits > D:\O365_License_Reports\o365Reports.txtGet available license stats'
$AvailableUnits = $ActiveUnits.ActiveUnits - $ConsumedUnits.ConsumedUnits

if ($AvailableUnits -lt 5)
{
$Context.ConditionIsMet = $True
return
}
#Close the remote session and release resources
Remove-PSSession $session

<br> <br> Script 2) Sends Email

Import-Module Adaxes -DisableNameChecking
$exchangeServer = "ouronpremexchangeserver"
Connect to Exchange Server
$session = New-PSSession -Configurationname Microsoft.Exchange –ConnectionUri [http://$exchangeServer/powershell](http://$exchangeServer/powershell)
Import-PSSession $session -DisableNameChecking -AllowClobber
Declare Email Variable settings
$from = "Adaxes"
$to = "Who it needs to go to"
$smtpServer = ""
$messageSubject = "No O365 Licences AVAILABLE - %firstname% %lastname% at - %company%"
$messageBody = "Hi Team,
A new user has been created and there are no available O365 Licence available. Please investigate for any licences that may be able to be freed up, or order more.

Once licences are available you need to manually assign a licence to %firstname% %lastname% - %username%

Thank You"
Send message
Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $messageSubject -Body $messageBody

Remove-PSSession $session

adaxeserror.png

by (490 points)

1 Answer

0 votes
by (288k points)

Hello,

The second script looks fine. However, the first one will not work. First of all, it does require using the Connect-MsolService cmdlet. At the same time the cmdlet does not support modern authentication. As such, the only way is to specify the credentials of the user in the Run as section of the Run a program or PowerShell script action and then establish the connection in the script with the credentials. This way you will not have them stored in the script as plain text. For details on the approach, have a look at section Running the script as a specific user of the following article: https://www.adaxes.com/sdk/ServerSideScripting/#running-the-script-as-a-specific-user. You can also check the following examples from our repository: https://www.adaxes.com/script-repository/enabledisable-multi-factor-authentication-for-a-user-in-office-365-s544.htm.

0

Hi,

Thanks for the response. the job itself is set to run as the Adaxes account, but I'll take a look at the links you've posted.

Out of curiosity, Do you have any idea why it working until some point over the weekend?

Thanks, Gary

adaxes1.png

0

Hello Gary,

Most probably, that is exactly when Microsoft disabled basic authentication in your tenant.

Related questions

0 votes
1 answer

Hi there we use personal identity number in one of our customattribute. How would you script this so it checks that the number that we specify when filling out the form ... process should be interupted and we then know that that user already has an account.

asked Jun 19, 2019 by ahok (50 points)
0 votes
1 answer

Hi, I used this script from the repository https://www.adaxes.com/script-repository/check-if-number-of-unused-microsoft-365-licenses-is-below-limit-s594.htm which works fine, but ... creation form, so I can see if whether it makes sense to fill out the form

asked Apr 3 by boris (530 points)
0 votes
1 answer

I used this script from the repository https://www.adaxes.com/script-repository/check-if-number-of-unused-microsoft-365-licenses-is-below-limit-s594.htm I have amended to include ... count is below what I specify. Please can you advise what I am doing wrong.

asked Jan 31 by MikeBeattie (110 points)
0 votes
1 answer

Hi Team, We are using a set of form/business rules/custom commands for user creation that move user account to the right OU given the Office attribute value. I would ... , but can't find valuable information on the web site. Thanks in advance Regards Stephen

asked Dec 12, 2012 by sroux (800 points)
0 votes
1 answer

I have a scheduled task that runs the following PowerShell script. $user = New-AdmUser -Server $domain -AdaxesService localhost -Path $workdayDn -ChangePasswordAtLogon $true -PassThru - ... ) over all objects. I'm stumped! Any help would be super appreciated.

asked Sep 5 by emeisner (100 points)
3,541 questions
3,232 answers
8,225 comments
547,805 users