Modify access to site in SharePoint Online with PowerShell

Ever tried to modify permissions to a SharePoint site with a huge number of files in it?

You might experience something like this:

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

Managing permissions to a site in SharePoint Online is of course doable with PowerShell! I thought I’d quickly go through the basics.


First of all we need to download the SharePoint Online Management Shell. This can be done by following this link:

But what’s the fun in that when we can use PowerShell?

Disclaimer: This code uses a permanent link to the msi file, this might break in the future!

Invoke-WebRequest -Uri '' -OutFile .\SPOShell.msi
$MSI = Get-Item -Path .\SPOShell.msi
msiexec /i $MSI.FullName /qb
$env:PSModulePath = [System.Environment]::GetEnvironmentVariable("PSModulePath","Machine")
Import-Module -Name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

PowerShell, ActiveDirectory and the elusive Filter parameter

When searching for users in Active Directory using PowerShell, the ActiveDirectory module is often one of the first things that comes in to mind. The module has been around for quite som time now but there is one problem that many users still stumbles on, the Filter parameter. There are basically three methods for searching after a user with Get-ADUser.

tl;dr;** This article explains how use the -Filter parameter when searching AD, if you just want the answer, skip down to the **Solution.

Managing licenses with AzureAD V2 PowerShell module

On november 17th, a new version of the AzureAD PowerShell module was released to the gallery. This can be found here:

In the old MSOnline module there were two commands used to change assigned licenses to a user. First we had the Set-MsolUserLicense with the parameter ObjectID or UserPrincipalName could be combined with AddLicenses, RemoveLicenses and LicenseOptions. Secondly we had New-MsolLicenseOptions which would create a licenseoptions object.

In the new AzureAD module there still is a command called Set-AzureADUserLicense, but it has only two parametrs, ObjectId and AssignedLicenses. There is no command to create licenseoptions.

Now this can be a bit confusing for the unexperienced PowerShell user, but fear not, we’ll get to the bottom of this!

Test GPO read permission with PowerShell (MS16-072 – KB3159398)

Last patch-tuesday, Microsoft released Security Bulletin MS16-072. This update changes how Group Policies are downloaded to a computer which might cause GPOs to fail to apply. A common symptom for this is that users no longer get their drives mapped by GPO. To quote the KB-article KB3159398: This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

Keeping my GitHub Forks up to date

In a previous post I wrote about when Iupdated the command Update-AzureRMto only update modules that has a newer version available and not download and overwrite modules that already are up to date. Unless I use the -Force parameter of course. Once I've done the change and was satisfied I thought that maybe someone else might benefit from this update and since the AzureRM module is available as an open source project on GitHub I requested to have my changes included in the official version of the module.