0 votes

What would be the best way to create a Business Unit for all users in a domain that have Office 365 licenses assigned to them? I can do it with powershell but I would like to have the Info as a Business Unit and I don't want to re-invent the wheel.

Thanks, Tim

by (150 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Tim,

To create such a Business Unit, first, you need to somehow mark users who have licenses in Office 365. For this purpose, we suggest using a certain AD property that you don't use for other properties. For example, if yo have Exchange installed on premises, that can be an Exchange Extension Attribute, for example, extensionAttribute1. You can set it to a certain predefined value, for example, licensed. Note that it must be an actual value that exists in your AD to be able to build a Business Unit based on it. You cannot use an Adaxes Custom Attribute here because searching by such attributes is not supported. You won't be able to build a Business Unit based on Adaxes Custom Attributes.

To implement such a solution, you will need to:

  • Create a Custom Command that will set the value of extensionAttribute1 depending on whether a user is licensed.
  • Create a Business Rule that runs the Custom Command after updating Office 365 properties of a user.
  • Create a Scheduled Task that runs the Custom Command periodically. This is required to update the attribute for users whose licenses were assigned / revoked outside of Adaxes (e.g. via the Office 365 Portal). Also, it will mark users who already exist in your AD and have Office 365 licenses by the time you implement this process. We recommend running it a couple of times a day.
  • Create a Business Unit that includes all users who have extensionAttribute1 set to licensed.

i. Create Custom Command

To create a the Custom Command that sets the value of extensionAttribute1 depending on whether a user is licensed:

  1. Create a new Custom Command.
  2. On step 1 of the Create Custom Command Wizard, enter a name and an optional description for the command. Untick the Enabled option so that the Custom Command would be hidden from the UI.
  3. On step 2, select User.
  4. On step 3, add the Update the User action and click Add.
  5. In the Property to modify drop-down list, select Extension Attribute 1.
  6. In the New value field, specify licensed and click OK 2 times.
  7. Right-click the action you've just added and click Add Condition.
  8. Select If licensed for Office 365 and make sure that is option is selected. When done, click OK.
  9. Right-click the action and click Add Condition again.
  10. Select If <property> <relation> <value>.
  11. Specify If Extension Attribute 1 does not equal licensed. When done, click OK.
  12. Click the Add action to a new set link.
  13. Select the Update the User action and click Add.
  14. Select Remove the property. And click OK 2 times.
  15. Right-click the action you've just added and click Add Condition.
  16. Select If licensed for Office 365 and select is not. Click OK.
  17. Right-click the action and click Add Condition again.
  18. Select If <property> <relation> <value>.
  19. Specify If Extension Attribute 1 is not empty.
  20. When done, click OK. You should receive something like this:
  21. Click Next, then click Finish.

ii. Create Business Rule

To create a Business Rule that executes the Custom Command after updating Office 365 properties:

  1. Create a new Business Rule.
  2. On step 2 of the Create Business Rule Wizard, select User and After Modifying Office 365 properties of a User.
  3. On step 3, add the Execute a Custom Command action.
  4. Click Select.
  5. Select the Custom Command you created on step i.
  6. Click OK 2 times and finish creation of the Business Rule.

iii. Create Scheduled Task

To create a Scheduled Task that executes the Custom Command on a periodical basis:

  1. Create a new Business Rule.
  2. On step 3 of the Create Scheduled Task Wizard, select User.
  3. On step 4, add the Execute a Custom Command action.
  4. Click Select.
  5. Select the Custom Command you created on step i.
  6. Click OK 2 times and finish the task creation.

iv. Create Business Unit

Finally, to create a Business Unit that includes all users licensed for Office 365:

  1. Create a new Business Unit.

  2. On step 2 of the Create Business Unit Wizard, click Add.

  3. Select Query Results.

  4. In the Filter field, enter the following LDAP filter:
    (&(sAMAccountType=805306368)(extensionAttribute1=licensed))

  5. Click Finish.

0

That is a good detailed guide.

0

Ok, that makes sense. Thanks for the quick reply!

I did get this working but in a different way by making a group and basing the Business Unit on that group. I also setup a scheduled task and custom command to add or remove users from that group. Steps are below.

1. first I made a security group called O365-Licensed Users.
2. Made a custom command that has the following actions, if the user is licensed for office 365 then add that user to the new group, and another action set within that command to remove any user that is not licensed for O365. ( I did this to test and later turned it into a scheduled task that runs twice a day. I keep the custom command to add to my Business rules)
3. Created a Business Unit that the membership rules are to include any user that belongs to that group.

Its another round about way of doing it but seems to working well. I just didn't want to have to add any custom attributes if possible. I thought at first why not be able to query O365 for a business Unit but that could produce a lot of unnecessary calls out to O365.

0

How many users are you accommodating on 0365?

Related questions

0 votes
1 answer

Hello, we manage 20 Domains with Adaxes. How can we create a Business Unit that holds all objects within OU's /Builtin and Users of all managed Domains without adding each OU seperately? regards Helmut

asked Jan 21, 2021 by a423385 (510 points)
0 votes
1 answer

Greetings. When I create the parameters to make a business rule that looks for users whose Email Proxy Adresses does not contain 'SMTP:%userPrincipalName%', it still generates profiles ... and primary SMTP address don't match. Version is 2023 How rule is set

asked Dec 19, 2022 by MShep (80 points)
0 votes
1 answer

New to Adaxes and I'm working on creating Business Units. However, I noticed that when I create a new BU and select all objects in an OU for users, not ... Domain Admin. Any help with understanding why this is occurring would be greatly appreciated. Thanks!

asked Sep 18, 2014 by GeorgeM (100 points)
0 votes
1 answer

Hi All, I am looking for a script i can use in adaxes, that removes all delegates for an exchange O365 mailbox, and reset their MFA tokens as well. I ... ($mailbox.Identity)" } } } # Disconnect from Exchange Online Disconnect-ExchangeOnline -Confirm:$false

asked Apr 18 by Brobertson92594 (20 points)
0 votes
1 answer

This is the query I am using (basically if "Photo" is empty): (&amp;(sAMAccountType=805306368)(!(photo=*))) which returns everyone in AD, not just users without photos. ... sAMAccountType=805306368)(!(manager=*))) What am I doing wrong? Can my query be fixed?

asked Jun 11, 2012 by MarkManley (90 points)
3,588 questions
3,277 answers
8,303 comments
548,090 users