Scenario: you are a Microsoft Cloud Partner and you want to run PowerShell commands on behalf of your Office365 customers where you are the Delegated Admin for their account.

The first step is to make sure you have the PowerShell Commandlets installed for Microsoft Online Services:

 

Once installed, when you type “PowerShell” in your Windows 7 search box, you’ll find this new entry for Microsoft Online Services Module for Windows PowerShell:

image

Use that one to get to a PowerShell prompt.

Set the Tennant ID GUID

The key to doing PowerShell admin on behalf of your linked clients is to retrieve the TennatID GUID.

So say you want to set one of your customer’s accounts so that the password doesn’t expire.  Here are the 4 commands to run to do that:

PS C:\> Connect-MsolService
PS C:\> $tenID=(get-msolpartnercontract -domain MyCustomer.com).tenantId.guid
PS C:\> Set-MsolUser -UserPrincipalName SomeUser@MyCustomer.com -PasswordNeverExpires $true -tenantID $tenID
PS C:\> Get-MSolUser -UserPrincipalName SomeUser@MyCustomer.com -tenantID $tenID | select PasswordNeverExpires | format-list

Connect-MsolService

After typing the Connect-MsolService command you get the prompt to login.  Log in with your own Microsoft Office 365 Hosted online services partner account username/password.  (You do NOT need to log in with your customer’s account if you are a delegated admin):

image

Note: if after typing Connect-MsolService you see this:The term ‘Connect-MsolService’ is not recognized as the name of a cmdlet, function, script file

image

then you are NOT in the correct PowerShell window.  Go back and run the “Microsoft Online Services Module for Windows PowerShell” from your start menu… see the top of these instructions.

$tenID=(get-msolpartnercontract -domain MyCustomer.com).tenantId.guid

This command creates a variable $tenID and sets it to the GUID for your customer.

The command: (get-msolpartnercontract -domain MyCustomer.com).tenantId.guid is what retrieves that ID.

Note that this step will only work if you’ve already sent the Delegated Administration e-mail to your customer and they’ve already added you as the partner admin.  You can test that quickly by clicking the Partners tab in your Microsoft Online Services Portal (https://portal.microsoftonline.com) when signed in with your Partner Office 365 Login.

-tenantID $tenID

From that point on, you can run any Microsoft Online Services powershell command by passing the –tenantID $tenID parameter.

So in this example, I wanted to set the password of one of the accounts to never expire, so I ran this command:

Set-MsolUser -UserPrincipalName SomeUser@MyCustomer.com -PasswordNeverExpires $true -tenantID $tenID

Notice that the syntax is the same as the regular command only with the tenantID part added.

To verify that the setting was changed successfully I can run this command:

Get-MSolUser -UserPrincipalName SomeUser@MyCustomer.com -tenantID $tenID | select PasswordNeverExpires | format-list

Hopefully you find this information useful.  If it helped you leave a comment!

Advertisements