Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Office 365

Use PowerShell to Create and Assign Licenses to Office 365 Users

In this easy Ask the Admin, I’ll show you how to list, create, and assign licenses to your Office 365 users with Windows PowerShell.

Before you can use PowerShell to manage Office 365 users, you’ll need to make sure that Microsoft Online Service Sign-in Assistant for IT Professionals RTW, and either Azure Active Directory Module for Windows PowerShell (32-bit version) or Azure Active Directory Module for Windows PowerShell (64-bit version) are installed on your management PC.

For more detailed information on setting up PowerShell to manage Office 365, see How to Install the Windows PowerShell Cmdlets for Windows Azure AD and Office 365 on the Petri IT Knowledgebase.

Once you’ve gone through all the stops listed above, we’re ready to get started. I’ll step you through the process, starting with connecting to Office 365.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

1. Connect to Office 365

Once your management PC is configured, open a PowerShell prompt by switching to the Start menu, type powershell and then click Windows PowerShell in the search results. In the PowerShell window, run the following command and press ENTER:

In the pop-up window, enter your Office 365 tenant credentials, and click OK. This will authorize you to access and administer your Office 365 subscription.

2. List Users

To get a list of all your Office 365 user accounts, use the get-msoluser cmdlet. Running the cmdlet without any parameters will return a list of all the users in your Office 365 subscription. Keep in mind that there's a limit of 500 results unless you specify a higher figure using the –MaxResults parameter. Office 365 uses Azure Active Directory (AAD) as its directory service, so what you're really doing here is listing all the user accounts in the AAD associated with your Office 365 subscription. Alternatively, you can add some parameters to filter the results. For example, to return information about a specific user:
Or you can specify a search string to find users:
If you have a lot of user accounts, then the search results can be limited by specifying a maximum number of results to return, and the results filtered to display only enabled user accounts:
Like any other PowerShell cmdlet, you can get a full list of all the available parameters like this:

3. Create a New User

To create a new Office 365 user account, use the New-MsolUser cmdlet. The following cmdlet creates a new user account and will be assigned a random password that's shown in the console output:
Creating a new Office 365 user account using Windows PowerShell. (Image Credit: Russell Smith)
Creating a new Office 365 user account using Windows PowerShell. (Image Credit: Russell Smith)
If you get details about this new user account with Get-MsolUser and the –UserPrincipalName parameter, you'll notice that a license hasn't been assigned. You will also be able to see the new user account if you run:

4. Assign a Product License

Before you can assign a license to a user account, you need to know the type of SKU that's associated with your Office 365 subscription. All you need to do is run the cmdlet below, which will return the AccountSkuID and information about assigned licenses:
Run the following cmdlet to assign a license to a user account that's already been created, replacing the value for –AddLicenses with the AccountSkuID returned using the Get-MsolAccountSku cmdlet. If you don't have enough available licenses in your subscription, PowerShell will return an error message:

5. Assign a License, Set a Password, and Force a Password Change at First Logon

Alternatively, you can assign a license when initially creating a user, by adding the -LicenseAssignment parameter to the New-MsolUser cmdlet:
Notice that I've also specified a password for the user in the –Password parameter, and used -ForceChangePassword $true to force the user to change the password when they log in for the first time.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “Use PowerShell to Create and Assign Licenses to Office 365 Users”

  1. Can you do this to create new accounts if you’re on a domain and using AADsync to synchronize users with Office 365.
    Will the Sync overwrite the account and remove the license?

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: