O365 - Licence check before creating user

Question

Hi,

I need a bit of scripting help within Adaxes. We have a number of o365 licence checks that occur, some on a schedule, some before creating a user.

They are simple enough (and below) they check that there's a free licence for what the user is for before creating the account, if not they email the necessary people to order a licence and manually assign it and create the user.

The schedule jobs do something similar, every day at 9 they check for free licences, if less than 10 they email to order more.

However over the weekend they have stopped working (we have patched the server with Windows updates and restarted), I've got the error, but I'm not sure how to update the scripts to resolve the issue, as MS is retiring basic auth, I'm assuming I can't just put in a getcredentials option and enter the username/password (which would be unsecure as it stores the credentials in plain text)

Script 1) Licence check:

# The condition is met if $Context.ConditionIsMet is set to $True.
$Context.ConditionIsMet = $False
Connect to Exchange Online
$session = $Context.CloudServices.CreateExchangeOnlinePSSession()
Import-PSSession $session -AllowClobber -DisableNameChecking

#Declare available license variable settings
$ActiveUnits = Get-MsolAccountSku | where {$.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | select ActiveUnits
$ConsumedUnits = Get-MsolAccountSku | where {$.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | select ConsumedUnits
Output result to excel
Get-MsolAccountSku | where {$_.AccountSkuId -eq 'OURCOMPANYINFO:SPE_E3'} | Fl AccountSkuid,ActiveUnits,ConsumedUnits > D:\O365_License_Reports\o365Reports.txtGet available license stats'
$AvailableUnits = $ActiveUnits.ActiveUnits - $ConsumedUnits.ConsumedUnits

if ($AvailableUnits -lt 5)
{
$Context.ConditionIsMet = $True
return
}
#Close the remote session and release resources
Remove-PSSession $session

<br> <br> Script 2) Sends Email

Import-Module Adaxes -DisableNameChecking
$exchangeServer = "ouronpremexchangeserver"
Connect to Exchange Server
$session = New-PSSession -Configurationname Microsoft.Exchange –ConnectionUri [http://$exchangeServer/powershell](http://$exchangeServer/powershell)
Import-PSSession $session -DisableNameChecking -AllowClobber
Declare Email Variable settings
$from = "Adaxes"
$to = "Who it needs to go to"
$smtpServer = ""
$messageSubject = "No O365 Licences AVAILABLE - %firstname% %lastname% at - %company%"
$messageBody = "Hi Team,
A new user has been created and there are no available O365 Licence available. Please investigate for any licences that may be able to be freed up, or order more.

Once licences are available you need to manually assign a licence to %firstname% %lastname% - %username%

Thank You"
Send message
Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $messageSubject -Body $messageBody

Remove-PSSession $session

Answer 1

Hello,

The second script looks fine. However, the first one will not work. First of all, it does require using the Connect-MsolService cmdlet. At the same time the cmdlet does not support modern authentication. As such, the only way is to specify the credentials of the user in the Run as section of the Run a program or PowerShell script action and then establish the connection in the script with the credentials. This way you will not have them stored in the script as plain text. For details on the approach, have a look at section Running the script as a specific user of the following article: https://www.adaxes.com/sdk/ServerSideScripting/#running-the-script-as-a-specific-user. You can also check the following examples from our repository: https://www.adaxes.com/script-repository/enabledisable-multi-factor-authentication-for-a-user-in-office-365-s544.htm.

Comments

Hi,

Thanks for the response. the job itself is set to run as the Adaxes account, but I'll take a look at the links you've posted.

Out of curiosity, Do you have any idea why it working until some point over the weekend?

Thanks, Gary

---

Hello Gary,

Most probably, that is exactly when Microsoft disabled basic authentication in your tenant.