PowerShell for Office 365 Syndication Partners - Using the Get-Msol cmdlets

 Audience: 

Users of Office 365 Syndication Partner tenants who have delegated admin rights to customer tenants

**Assumptions: **

• You've reviewed software requirements and installed the Windows Azure AD Module as per http://aka.ms/aadposh
• You are a user of a Syndication Partner tenant or one of its Operating Units with delegated admin rights to manage customer tenants
• You have a basic understanding of PowerShell

Introduction:

With proper delegated admin access, Syndication Partners have the ability to manage Office 365 on behalf of their customer tenants.  They can do so via MOP or by using PowerShell.  This article explains how to retrieve information for Office 365 customer tenants as a Syndication Partner user via PowerShell.

A Syndication Partner may have one or multiple operating units associated to it.   Each operating unit has its customers.  If you can manage Office 365 on behalf of your customers, you may have delegated admin access as a user of the Syndication Partner or a user of one of its Operating Units.

• If you have admin access as a user of the Syndication Partner tenant, you'll be able to manage customers of any Operating Unit of the Syndication Partner.
• If you have admin access as a user of an Operating Unit, you'll be able to manage only customers of that Operating Unit.

To manage your customer tenants using PowerShell, you may need to connect to Exchange Online, SharePoint Online or Lync Online in addition to connecting to Office 365.  These are separate connections and whether you need to connect to any or all of the services will depend on what you are trying to accomplish.  The initial scope of this article is to address using PowerShell to retrieve information of the Office 365 service on behalf of customers.  Check regularly for updates as the scope expands to connecting to Exchange Online, SharePoint Online and Lync Online as a Syndication Partner.

Connecting to Office 365 as a Syndication Partner:

Open PowerShell and type the following two lines:

Import-Module MSOnline <hit enter>
Connect-MsolService <hit enter>

You'll be asked to enter your credentials.  You are expected to enter the credentials that you use to log into MOP and that allow you to manage Office 365 on behalf of your customers.

Available Cmdlets:

The collection of cmdlets that you can use is provided in this article http://technet.microsoft.com/en-us/library/jj151815.aspx

What You Should Know:

There are some Get-Msol cmdlets that you must fully understand to take advantage of them:

Get-MsolPartnerContract cmdlet:

If you are a Syndication Partner user (opposed to an Operating Unit user), you'll need to specify the TenantID parameter of an Operating Unit. If you don't, all contracts for all Operating Units will be returned and you won't be able to tell which contract belongs to which Operating Unit from that output.

If you are a Syndication Partner user, type:

Get-MsolPartnerContract -All -TenantID [The_OU_TenantID_Goes_Here]

If you are an Operating Unit user, type:

Get-MsolPartnerContract -All

The entries above, will return two Properties that are relevant to you. These are PartnerContext and TenantID.

1. PartnerContext is the TenantID GUID of the Operating Unit that the contract belongs to.
2. TenantID is the GUID for the Customer's tenant.

To display on screen all properties returned by the cmdlet, add the pipe followed by Select * as shown below:

If you are a Syndication Partner user, type:

Get-MsolPartnerContract -All -TenantID [The_OU_TenantID_Goes_Here] | Select *

If you are an Operating Unit user, type:

Get-MsolPartnerContract -All | Select *

Keep in mind that the Get-MsolPartnerContract cmdlet will return ALL contracts; this includes contracts for active tenants and contracts for tenants that have been released. This is important because when using he Get-MsolPartnerContract cmdlet in combination with other cmdlets, you won't be able to retrieve any information for released tenants and an error will be displayed.

There will be instances when you may have on-hand, an Office 365 verified domain for the customer and want to retrieve the TenantID for that customer's tenant. In that case, whether you are a user of the Syndication Partner or an Operating Unit, type:

Get-MsolPartnerContract -DomainName [The_Verified_Customer_Domain_Here] | Select *

Notice that the PartnerContext returned will be the TenantID GUID for the Syndication Partner or the TenantID GUID for the Operating Unit that your user belongs to - and not the one that the customer contract belongs to.

This cmdlet in combination with others, will be useful when you want to retrieve information for all of your customers.

UPDATE 10/20/2014:  The Get-MsolPartnerContract cmdlet may result in duplicate records.  If this happens, you can apply a filter to get  unique records.  An example is provided below:

Get-MsolPartnerContract -All -TenantID [The_OU_TenantID_Goes_Here] | Sort-Object TenantID -unique

Get-MsolPartnerInformation

This cmdlet allows you to retrieve information that has been setup for the Syndication Partner or the Operating Unit. For example, the support information presented to your customers in MOP so they can contact your support desk.

If you are a Syndication Partner user (opposed to an Operating Unit user), you can specify the TenantID parameter of an Operating Unit. If you don't, the output displayed will be that of the company that the user belongs to.

If you are a Syndication Partner user, type:

Get-MsolPartnerInformation -TenantID [The_OU_TenantID_Goes_Here] | Select *

If you are an Operating Unit user, type:

Get-MsolPartnerInformation | Select *

Passing output of Get-MsolPartnerContract to another Get cmdlet via Pipeline

When you want to retrieve all users or subscriptions or any other set of data for all your customers, available through the Get-Msol cmdlets, you can pass the output of the Get-MsolPartnerContract cmdlet via pipeline, to the cmdlet to retrieve the information.

If you are a Syndication Partner user (opposed to an Operating Unit user), you can specify the TenantID parameter of an Operating Unit. If you don't, the output displayed will be that of the company that the user belongs to.  To associate the set of data retrieved, to the customer tenant it belongs to, you can use the -PipelineVariable common parameter (you must have PowerShell V4 installed to use this parameter).  The examples below show how to get the list of all users for each customer of a specific Operating Unit.  It assumes the folder  C:\My Office 365 Reports exists and a csv file will be created under that folder.

If you are a Syndication Partner user, type:

Get-MsolPartnerInformation -TenantID [The_OU_TenantID_Goes_Here] -All -PipelineVariable MyContracts | Get-MsolUser -PipelineVariable MyUser | Select-Object @{E={$MyContracts.TenantID};N=”TenantID”}, @{E={$MyUser.UserPrincipalName};N=”UPN”} | Export-csv "C:\My Office 365 Reports\MyTenantsUsers.csv" -NoClobber -NoTypeInformation -Append

If you are an Operating Unit user, type:

Get-MsolPartnerInformation -All -PipelineVariable MyContracts | Get-MsolUser -PipelineVariable MyUser | Select-Object @{E={$MyContracts.TenantID};N=”TenantID”}, @{E={$MyUser.UserPrincipalName};N=”UPN”} | Export-csv "C:\My Office 365 Reports\MyTenantsUsers.csv" -NoClobber -NoTypeInformation -Append

See Also

• **What's new in PowerShell **
• PowerShell Portal 
• **Wiki: Portal of TechNet Wiki Portals **
• Active Directory Users attributes-Powershell