Business unit for all O365 licensed Users

Question

What would be the best way to create a Business Unit for all users in a domain that have Office 365 licenses assigned to them? I can do it with powershell but I would like to have the Info as a Business Unit and I don't want to re-invent the wheel.

Thanks, Tim

Answer 1

Hello Tim,

To create such a Business Unit, first, you need to somehow mark users who have licenses in Office 365. For this purpose, we suggest using a certain AD property that you don't use for other properties. For example, if yo have Exchange installed on premises, that can be an Exchange Extension Attribute, for example, extensionAttribute1. You can set it to a certain predefined value, for example, licensed. Note that it must be an actual value that exists in your AD to be able to build a Business Unit based on it. You cannot use an Adaxes Custom Attribute here because searching by such attributes is not supported. You won't be able to build a Business Unit based on Adaxes Custom Attributes.

To implement such a solution, you will need to:

• Create a Custom Command that will set the value of extensionAttribute1 depending on whether a user is licensed.
• Create a Business Rule that runs the Custom Command after updating Office 365 properties of a user.
• Create a Scheduled Task that runs the Custom Command periodically. This is required to update the attribute for users whose licenses were assigned / revoked outside of Adaxes (e.g. via the Office 365 Portal). Also, it will mark users who already exist in your AD and have Office 365 licenses by the time you implement this process. We recommend running it a couple of times a day.
• Create a Business Unit that includes all users who have extensionAttribute1 set to licensed.

i. Create Custom Command

To create a the Custom Command that sets the value of extensionAttribute1 depending on whether a user is licensed:

1. Create a new Custom Command.
2. On step 1 of the Create Custom Command Wizard, enter a name and an optional description for the command. Untick the Enabled option so that the Custom Command would be hidden from the UI.
   
3. On step 2, select User.
   
4. On step 3, add the Update the User action and click Add.
   
5. In the Property to modify drop-down list, select Extension Attribute 1.
6. In the New value field, specify licensed and click OK 2 times.
   
7. Right-click the action you've just added and click Add Condition.
   
8. Select If licensed for Office 365 and make sure that is option is selected. When done, click OK.
   
9. Right-click the action and click Add Condition again.
10. Select If <property> <relation> <value>.
11. Specify If Extension Attribute 1 does not equal licensed. When done, click OK.
    
12. Click the Add action to a new set link.
13. Select the Update the User action and click Add.
14. Select Remove the property. And click OK 2 times.
    
15. Right-click the action you've just added and click Add Condition.
16. Select If licensed for Office 365 and select is not. Click OK.
17. Right-click the action and click Add Condition again.
18. Select If <property> <relation> <value>.
19. Specify If Extension Attribute 1 is not empty.
20. When done, click OK. You should receive something like this:
    
21. Click Next, then click Finish.

ii. Create Business Rule

To create a Business Rule that executes the Custom Command after updating Office 365 properties:

1. Create a new Business Rule.
2. On step 2 of the Create Business Rule Wizard, select User and After Modifying Office 365 properties of a User.
   
3. On step 3, add the Execute a Custom Command action.
4. Click Select.
5. Select the Custom Command you created on step i.
   
6. Click OK 2 times and finish creation of the Business Rule.

iii. Create Scheduled Task

To create a Scheduled Task that executes the Custom Command on a periodical basis:

1. Create a new Business Rule.
2. On step 3 of the Create Scheduled Task Wizard, select User.
3. On step 4, add the Execute a Custom Command action.
4. Click Select.
5. Select the Custom Command you created on step i.
6. Click OK 2 times and finish the task creation.

iv. Create Business Unit

Finally, to create a Business Unit that includes all users licensed for Office 365:

1. Create a new Business Unit.

2. On step 2 of the Create Business Unit Wizard, click Add.

3. Select Query Results.

4. In the Filter field, enter the following LDAP filter:
   (&(sAMAccountType=805306368)(extensionAttribute1=licensed))

   

5. Click Finish.

Comments

That is a good detailed guide.

---

Ok, that makes sense. Thanks for the quick reply!

I did get this working but in a different way by making a group and basing the Business Unit on that group. I also setup a scheduled task and custom command to add or remove users from that group. Steps are below.

1. first I made a security group called O365-Licensed Users.
2. Made a custom command that has the following actions, if the user is licensed for office 365 then add that user to the new group, and another action set within that command to remove any user that is not licensed for O365. ( I did this to test and later turned it into a scheduled task that runs twice a day. I keep the custom command to add to my Business rules)
3. Created a Business Unit that the membership rules are to include any user that belongs to that group.

Its another round about way of doing it but seems to working well. I just didn't want to have to add any custom attributes if possible. I thought at first why not be able to query O365 for a business Unit but that could produce a lot of unnecessary calls out to O365.

---

How many users are you accommodating on 0365?