Continuously deploying my PowerShell Modules

Continuously building and deploying new versions of my modules to internal repositories (or PowerShell Gallery) is something I really like. That way I can just push my code and let the automation handle the rest. Here are some learnings I’ve made. Deploy on tag Firstly, I usually only trigger a deploy-workflow on tags, this way I can manually decide when to do a release and what version it will have without relying on any complex methods.

Modify access to site in SharePoint Online with PowerShell

Ever tried to modify permissions to a SharePoint site with a huge number of files in it?

You might experience something like this:

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

Managing permissions to a site in SharePoint Online is of course doable with PowerShell! I thought I’d quickly go through the basics.

Prereqs

First of all we need to download the SharePoint Online Management Shell. This can be done by following this link:

http://www.microsoft.com/en-us/download/details.aspx?id=35588

But what’s the fun in that when we can use PowerShell?

Disclaimer: This code uses a permanent link to the msi file, this might break in the future!

Invoke-WebRequest -Uri 'https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_6802-1200_x64_en-us.msi' -OutFile .\SPOShell.msi
$MSI = Get-Item -Path .\SPOShell.msi
msiexec /i $MSI.FullName /qb
$env:PSModulePath = [System.Environment]::GetEnvironmentVariable("PSModulePath","Machine")
Import-Module -Name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

PowerShell, ActiveDirectory and the elusive Filter parameter

When searching for users in Active Directory using PowerShell, the ActiveDirectory module is often one of the first things that comes in to mind. The module has been around for quite som time now but there is one problem that many users still stumbles on, the Filter parameter. There are basically three methods for searching after a user with Get-ADUser.

tl;dr;** This article explains how use the -Filter parameter when searching AD, if you just want the answer, skip down to the **Solution.

Managing licenses with AzureAD V2 PowerShell module

On november 17th, a new version of the AzureAD PowerShell module was released to the gallery. This can be found here: https://www.powershellgallery.com/packages/AzureAD/2.0.0.30

In the old MSOnline module there were two commands used to change assigned licenses to a user. First we had the Set-MsolUserLicense with the parameter ObjectID or UserPrincipalName could be combined with AddLicenses, RemoveLicenses and LicenseOptions. Secondly we had New-MsolLicenseOptions which would create a licenseoptions object.

In the new AzureAD module there still is a command called Set-AzureADUserLicense, but it has only two parametrs, ObjectId and AssignedLicenses. There is no command to create licenseoptions.

Now this can be a bit confusing for the unexperienced PowerShell user, but fear not, we’ll get to the bottom of this!

Test GPO read permission with PowerShell (MS16-072 – KB3159398)

Last patch-tuesday, Microsoft released Security Bulletin MS16-072. This update changes how Group Policies are downloaded to a computer which might cause GPOs to fail to apply. A common symptom for this is that users no longer get their drives mapped by GPO. To quote the KB-article KB3159398: This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.