0 votes

Hello,

I'm looking for a way to receive a notification/approval request when a new user is created and the business rule attempts to assign O365 licensing, however there are no available licenses. Typically we purchase these licenses as needed so we're not paying monthly for something that we aren't using. I understand there is no PowerShell way to script the purchase of a license and I don't want to cancel the new user operation due to the missing license. Is it possible to detect this and send the job for approval. I have a screenshot of our business rule below. Basically what I want to happen is pause at the activate O365 license step and wait for a license to be purchased, before continuing as the other remaining steps like assigning a Microsoft Teams phone number will be dependent on the license being assigned.

Looking for any suggestions!
Thanks so much!

by (920 points)
0

Hello Ryan,

You can configure the Active an Office 365 account for the user action to always be submitted for approval. However, the approval request notification will contain the action description which does not explain why the operation was sent for approval and the approver might not check whether a license purchase is required. If you want to add the explanation to the notification, you can specify Custom Action Description for the action.
Alternatively, you can create a Business Rule to send the operation for approval if there is attempt to assign a license which ran out. Unfortunately, there will be no possibility to specify a hint for approvers in this case rather than changing the description of the Active an Office 365 account for the user action in the Business Rule you already have.
Please, specify which approach meets your needs best and we will provide you with detailed instructions.

0

Hi Support,

I've been giving this some thought as to how I want to handle. In the log output as shown below it tells me there is no available license. Is it possible to catch that error and trigger an email to someone telling them a license needs purchased? Being able to add additional information to the email like the license name, and the user that needs the licensed assigned would be great.


Also, I have 4 different licenses added to a new user. It attempts the MCOPSTN1 license first and finds no available licenses but doesn't attempt the others, even though they do in fact have available licenses. Any way to allow the job to continue trying the additional licenses?

Thanks so much!
Ryan

0

Hello Ryan,

I have 4 different licenses added to a new user. It attempts the MCOPSTN1 license first and finds no available licenses but doesn't attempt the others, even though they do in fact have available licenses. Any way to allow the job to continue trying the additional licenses?

It can be done by assigning the licenses in a PowerShell script. The missing licenses should be assigned manually after their replenishment.

Is it possible to catch that error and trigger an email to someone telling them a license needs purchased? Being able to add additional information to the email like the license name, and the user that needs the licensed assigned would be great.

It can be done only via a script. The script will check the licenses availability and assign the licenses whose amount is sufficient. If one or more licenses are not available, the script will send an email notification about the licenses lack to the recipients specified in the script. If the solution meets your needs, we will provide you with the script.

Also, you can use s Scheduled Task to send notifications when the number of unused Office 365 licenses falls below a limit using the following script from our repository: https://www.adaxes.com/script-repositor ... t-s446.htm.

0

That sounds perfect. If you would be able to provide a script that can apply the licenses for multiple SKUs, skipping if no licenses available, and then for any of the SKUs where a license is not available trigger an email notification that would be awesome!

Thank you so much!!
Ryan

0

Hello Ryan,

Could you, please, clarify if the email notifications should be sent for each SKU where a license is not available or there should be one notification for all the unavailable licenses?

0

It could be one summary email, but would need to list the individual SKUs in the email body for which additional licenses need purchased. Would also be helpful if the email body could have some other details like the username for which the script is assigning licensing to as well as the initiator that triggered the script to run.

Thanks!

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Ryan,

Thank you for the clarification. The script should be used in a Business Rule triggering Before modifying Office 365 properties of a user. To create the rule:

  1. Launch Adaxes Administration Console.

  2. In the Console Tree, right-click your Adaxes service node.

  3. In the context menu, navigate to New and click Business Rule.

  4. On step 2 of the Create Business Rule wizard, select the User object type.

  5. Select Before modifying Office 365 properties of a user and click Next.

  6. Click Add an action.

  7. Select Run a program or PowerShell script.

  8. Paste the below script into the Script field. In the script:

    • $to – specifies email addresses of the recipient(s) of the report;
    • $subject – specifies the email message subject;
    • $reportHeader – specifies the email message header;
    • $reportFooter – specifies the email message footer.
     # E-mail settings
     $to = "recipient@domain.com" # TODO: modify me
     $subject = "List of Office 365 plans that have no licenses available" # TODO: modify me
     $reportHeader = "<h2>List of Office 365 plans that have no licenses available</h2>" # TODO: add username and initiator to the report
     $reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
    
     # Get the licenses whose modification was requested
     $requestedLicenses = $Context.GetModifiedPropertyValues("adm-O365AccountLicenses")
    
     if (-not $requestedLicenses)
     {
         # No licenses modification was requested
         return
     }
    
     # Bind to the associated tenant
     $associatedTenantDN = $Context.TargetObject.AssociatedTenantDN
     if ([System.String]::IsNullOrEmpty($associatedTenantDN))
     {
         $Context.LogMessage("No associated tenant", "Warning")
         return
     }
     $tenant = $Context.BindToObjectByDN($associatedTenantDN)
    
     # Check the requested licenses
     $availableLicenses = New-Object System.Collections.ArrayList
     $unavailableLicenses = New-Object System.Collections.ArrayList
     foreach ($requestedLicense in $requestedLicenses)
     {
         # Get SKU from license string
         $requestedSKU = ($requestedLicense.split(",")[0]).substring(1)
    
         # Get SKU from tenant
         $skuFromTenant = $tenant.Skus | Where{$_.SkuPartNumber -eq $requestedSKU}
    
         # Check available licenses
         if ($skuFromTenant.TotalUnits -eq $skuFromTenant.ConsumedUnits)
         {
             # Add the license to the list of unavailable
             $unavailableLicenses.Add($skuFromTenant.DefaultDisplayName)
             continue
         }
    
         # Add the license to the list for assignment
         $availableLicenses.Add($requestedLicense)
     }
    
     # Update the list of licenses for assignment
     if (-not $unavailableLicenses)
     {
         return
     }
     if($availableLicenses.Count -gt 0)
     {
         $Context.SetModifiedPropertyValues("adm-O365AccountLicenses", $availableLicenses)
     }
    
     # Build report
     $report = $NULL
     $report += "<p>The following licenses are unavailable and were not assigned to %fullname%:</br>"
     foreach ($unavailableLicense in $unavailableLicenses)
     {
         $report += "<b>$unavailableLicense</b></br>"
     }
     $report += "</br>Initiator of the operation: %adm-InitiatorFullName%</p>"
     $html = $reportHeader + $report + $reportFooter
    
     # Send mail
     $Context.SendMail($to, $subject, $NULL, $html)

  9. Enter a short description and click OK.

  10. Click Next and finish creating the Business Rule.

0

This is awesome, it works perfectly!! Thanks so much!! Really appreciate your time to help me with this.

One minor little tweak that I hope would be easy. Is it possible to output the display name of the license instead of the SKU in the email? The people getting this email will be utilizing the O365 admin center to purchase additional licenses and wouldn't know the SKU correlation.


Thanks again!
Ryan

0

Hello Ryan,

That is exactly what the script does. It includes the default display names of unavailable licenses into the report. MCOPSTN1 is a display name of a license, not an SKU Part Number. As a solution, you can specify custom user-friendly display names for all Office 365 licenses in the settings of your tenant and update the script to use the display names. For information on how edit the license display names, have a look at the following help article (point 8): https://www.adaxes.com/help/?HowDoI.Per ... Plans.html.
To update the script, replace the line

$unavailableLicenses.Add($skuFromTenant.DefaultDisplayName)

with the following one

$unavailableLicenses.Add($skuFromTenant.CustomDisplayName)
0

Amazing! Thank you!

Related questions

0 votes
1 answer

We are evaluating the product and would like to let users of AD to change password in self service page. We would like to set a 90 days change password policy, ... self service page? Is it achievable (with customization and batch program)? Thanks in advance.

asked Apr 27, 2020 by eric (20 points)
0 votes
1 answer

I have been searching your site, but could not find a list of access rights needed. --- Morten A. Steien

asked Feb 23, 2021 by Morten A. Steien (300 points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20 by fgmello (40 points)
0 votes
1 answer

When Setting up a Business rule or custom command to send out an email the option to send for approval is greyed out NeverMind I overlooked the option in the Business Rule on before Adding Member to Group the action to send for approval

asked Jul 12 by George.Holden (60 points)
0 votes
1 answer

Hello! I am running a powershell script that takes data and uses that to automatically create New-AdmUser. I want to have that new user send to the approval queue in adaxes, ... user is created, it gets sent to the approval queue. Any help would be amazing!!!

asked Jul 28, 2021 by Monkeyface46 (50 points)
3,588 questions
3,277 answers
8,303 comments
548,090 users