none
Office 365 Remote Administration RRS feed

  • Question

  • Hi all,

    One of the things we need to do in our environment is to automate certain functions for user management. We have high turnover in one of our departments and I want to be able to run scheduled tasks that automate assignment of policies, etc. From what I've read, assignment of policies other than default need to be run any time there is a new user or change. I don't want to babysit the system in this way. So... On to Powershell!

    If you've ever tried to use credentials in Powershell non-interactively, you know it is a pain. I've used a solution  that I found on the interwebs that takes a password and converts it to a secure string, then uses an AES encryption key to store it in plain text in a file. The file and key can be called at a later date to be decrypted and passed into a script. Not entirely secure, but better than plain text in a file and I don't have to be present to do tasks. (seriously Microsoft?)

    Trying to connect to O365 via Powershell works interactively for me. I can create a remote session, authenticate and do my admin thing. However, when I try to pass credentials with the code below, I receive the error that follows:

    #Import normalized file system module.
    import-module c:\scripts\o365\normalizepath.ps1

    #Set User Name
    $User = "Username@companyname.onmicrosoft. com"
    # Set path for the Passowrd file and AES key.
    $PWF = "\\123.123.123.123\FolderName\pass.txt"
    $AESKey = "\\123.123.123.123\FolderName\aes.key"
    # Parse the key file for the hash.
    $key = get-content $AESKey
    # Decrypt the contents.
    $UC = new-object -type System.Management.Automation.PSCredential -argumentlist $User, (Get-Content $PWF | ConvertTo-SecureString -key $key)

    $cred = new-object -typename system.management.automation.pscredential -argumentlist $UC

    #Create the session details.
    # Note: I've tried several paths from different posts, they all do the same thing.

    # Link formated incorrectly to get past the forms posting restrictions.

    $o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -connectionURI ht tps ://ps.outlook. com/powershell/?targerServer=grxpr80mb030.lamprd80.prod.outlook. com -Credential $cred -Authentication Basic -AllowRedirection
    #Import the session
    Import-PSSession $o365Session

    # Functional code would go beyond here along with a remove session command.

    Then the whole thing falls apart:

    WARNING: Your connection has been redirected to the following URI:
    "ps.outlook. com/PowerShell-LiveID "
    New-PSSession : [ps.outlook. com] Connecting to remote server ps.outlook. com failed with the following error message : [
    ClientAccessServer=SN1PR0701CA0045,BackEndServer=cy1pr10mb0698.namprd10.prod. outlook. com,RequestId=481fe00a-ad5b-4d60-9
    483-068b72eb451e,TimeStamp=9/3/2015 3:30:52 PM] Access Denied For more information, see the
    about_Remote_Troubleshooting Help topic.
    At C:\Scripts\O365\ConnectTest.ps1:23 char:16
    + $o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -connectionUR ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
    gTransportException
    + FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed
    Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for
    the argument, and then try running the command again.
    At C:\Scripts\O365\ConnectTest.ps1:24 char:18
    + Import-PSSession $o365Session
    + ~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell. Commands.ImportPSSessionCommand

    The account I am using does have permission and I've been able to log in interactively with it, so I think the Access Denied message is a red herring.

    Any thoughts?

    Thanks!


    Thursday, September 3, 2015 9:58 PM

Answers

  • You can do the same using -Key parameter in Convertto-Securestring cmdlet or simply in XML way

    Get-Credential 'yourid@yourdomain.com' | Export-Clixml C:\encrypted.xml

    $O365Cred = Import-Clixml .\encrypted.xml
    $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
    Import-PSSession $O365Session
    Connect-MsolService –Credential $O365Cred


    Regards Chen V [MCTS SharePoint 2010]

    Friday, September 4, 2015 7:56 AM

All replies

  • Not sure what you are doing but here is how to log into anOO65 account:

    $o365account='yourid@yourdomain.com'
    $liveCred=Get-Credential $o365account
    $Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
    Import-PSSession $Session


    \_(ツ)_/

    Thursday, September 3, 2015 11:03 PM
  • You can do the same using -Key parameter in Convertto-Securestring cmdlet or simply in XML way

    Get-Credential 'yourid@yourdomain.com' | Export-Clixml C:\encrypted.xml

    $O365Cred = Import-Clixml .\encrypted.xml
    $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
    Import-PSSession $O365Session
    Connect-MsolService –Credential $O365Cred


    Regards Chen V [MCTS SharePoint 2010]

    Friday, September 4, 2015 7:56 AM
  • Oh my, that is a much simpler solution than what I was using. Thanks so much, Chen! 

    The script handled the credentials perfectly and now I can go on to other scripting problems. :)

    Friday, September 4, 2015 4:29 PM
  • Glad that it helped you - Cheers!

    Regards Chen V [MCTS SharePoint 2010]

    Monday, September 7, 2015 6:45 AM