I recently converted an Office 365 client from Direct licensing to Group based (this feature is still in preview, but I have been informed by Microsoft that this will stay in production).
Following the configuration of group based licensing I found myself in a situation where I have 2000+ direct license assignments still in place.
In this example, I assigned the Enterprise E3 license to an AD security group called SEC_LIC_O365_E3. Once I added my members to this group and allowed Azure AD Connect to sync, I could see that my users were receiving the license as planned, but, the problem was some had both a Direct and Inherited Assignment Path and was not a true reflection of the group membership.
To get around this I could remove the Direct license assignment manually but that was going to take hours/days to complete or I could use PowerShell to complete the task.
First of all Connect to Office 365:
Connect-MsolService
Then run the blow command but replace TenantName with your tenant name and the ENTERPRISEPACK, with the SKU of the license you are removing:
Get-MsolUser -All | foreach {
if( ($_.isLicensed -eq $true) -and ($_.Licenses.accountskuid -eq "TenantName:ENTERPRISEPACK")) {
write-host "found the user" $_.UserPrincipalName "and actioned!`n"
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses "TenantName:ENTERPRISEPACK"
}
}
Then run the above with any other license type you have within the tenant, to find out which are configured run:
Get-MsolAccountSku
AccountSkuId
------------
TenantName:EMSPREMIUM
TenantName:POWERAPPS_INDIVIDUAL_USER
TenantName:POWER_BI_PRO
TenantName:ENTERPRISEPACKWITHOUTPROPLUS
TenantName:ENTERPRISEPACK
TenantName:SHAREPOINTSTORAGE
TenantName:POWERAPPS_VIRAL
TenantName:EXCHANGESTANDARD
TenantName:SHAREPOINTENTERPRISE
TenantName:POWER_BI_STANDARD
TenantName:EMS
TenantName:MCOIMP
TenantName:SHAREPOINTSTANDARD
TenantName:RIGHTSMANAGEMENT_ADHOC
TenantName:MCOSTANDARD
I hope this helps someone else.
Comments
Post a Comment