Use these common PowerShell Scripts for making modifications

powershell logo

MessageOps has compiled these handy PowerShell scripts that you can use to make modifications with regards to your Office 365 tenant.

Licensing – This will license users from a csv and give you a report of what failed

  • Launch the powershell connect to 365 and run the command to get the license available
  • Fill out the csv with username from 365 and license sku
  • Then path to the directory where they are at and run rename the txt file to a .ps1

.\scriptname .\users.csv

How to get the actual license sku


Anything below can be turned into a variable and put into a csv or just added to the script below.

$file= “AssignLicense.log”

$LogName = $MyInvocation.mycommand.Path.replace(“.ps1”, “.log”)

((Get-Date).ToString() + ” Script Started”) | out-file $LogName

Start-Transcript -Path $file -NoClobber:$false

import-csv $args[0] | foreach{



“Assigning License to ” + $



Set-MsolUser -UserPrincipalName $ -UsageLocation US -ErrorAction SilentlyContinue

Set-MsolUserLicense -UserPrincipalName $ -AddLicenses $_.license -ErrorAction SilentlyContinue






if($Error.count -gt 0){

$Message = “Error Processing : ” + $ + ” ” +  $Error[0].Exception.Message

Write-Host $Message  -ForeGroundColor Red

$Message   | out-file $LogName -Append




How to change a username in Office 365 for login

A single user

Set-MsolUserPrincipalName -UserPrincipalName [email protected] -NewUserPrincipalName [email protected]

List of users by csv

Import-Csv .\users.csv | foreach {Set-MsolUserPrincipalName -UserPrincipalName $_.UPN -NewUserPrincipalName $_.UPN2}

Turn on user auditing

set-mailbox -auditenabled $true -identity username

Turn on impersonation for a service account

New-ManagementRoleAssignment –Role “ApplicationImpersonation” –User [email protected]

Full Access All Mailboxes

Gives a single user Full Access rights to all mailboxes in the tenant. This is primarily used for administrators of the tenant for oversight. Set auto mapping to ‘False’.

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘UserMailbox’) -and (Alias -ne ‘Admin’)} | Add-MailboxPermission -User [email protected] -AccessRights FullAccess -InheritanceType All -Automapping $false

Password Change

Change the password of a single mailbox user. 

Set-MsolUserPassword -userPrincipalName [email protected] -NewPassword “Welcome1” -ForceChangePassword $false

Password Complexity

Changes the password complexity of the tenant from strong to weak. Not recommended, but there have been cases of this occurring. 

Get-MsolUser | Set-MsolUser -StrongPasswordRequired $false

Password Never Expires

Sets a single mailboxes password to never expire. 

Set-MsolUser -UserPrincipalName [email protected] -PasswordNeverExpires $true

Remove Forward

Remove all forwards from a single mailbox. This can be done in the portal, but sometimes the modification fails and this script is needed. 

Set-Mailbox -Identity [email protected] -DeliverToMailboxAndForward $false -ForwardingSMTPAddress $null

Delete User

Delete a single user mailbox from Office 365. Sometimes this is not possible through the Office 365 portal making this script necessary. 

Remove-MsolUser -UserPrincipalName [email protected]‘ -Force

Purge Deleted Users

Removes all deleted mailboxes from the recycle bin. This cannot be reversed, but if an account has an SMTP address or UPN you require, this is necessary. 

Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser –RemoveFromRecycleBin -Force

Store and Forward

Sets a store and forward rule on a single mailbox. This still sends mail to the intended recipient and keeps a copy, but also forwards to the mailbox of your choosing. 

Set-Mailbox -Identity [email protected] -DeliverToMailboxAndForward $true -ForwardingSMTPAddress [email protected]

Was this article helpful?