Not a whole lot of documentation here, just slice and dice as you see fit.
In the environment that this was created in, all Office 365 users are in the group “SyncWithO365” (this is the sync group for Azure AD Connect). Most users receive an Exchange Online 1 license. The users that receive an E3 license are in O365E3License group. This script will take those two groups and issue Office 365 EO1 and E3 licenses accordingly.
#config #tenant name (before the .onmicrosoft.com) $strTenant = "awesomeCorp" #admin account on 365 to issue licenes with $str365UserName = "[email protected]" $str365Password = "password123" $str365AllUsersGroup = "SyncWithO365" $str365EnterpriseUsersGroup = "O365E3License" ########################## # Do not edit below this # ########################## #all users that were not in 365 $objFailedUsers = New-Object System.Collections.ArrayList($null) #loggin function function Go-Logit { Param([string]$LogEntry) $strTime = get-date -f MM-dd-yyyy:HH:mm:ss write-host $strTime ":" $LogEntry } #set the license function function Set-License365 { Param ([bool]$StandardLicense, [string]$User) #Get-MsolAccountSku #setup the SKU's $strEnterprise = $strTenant + ":" + "ENTERPRISEPACK" $strStandard = $strTenant + ":" + "EXCHANGESTANDARD" $blUserIsIn365 = $true #get the user license $objUserLic = Get-MsolUser -UserPrincipalName $User if($objUserLic -eq $null) { Go-Logit -LogEntry "$User isn't in 365" $objFailedUsers.Add($User) $blUserIsIn365 = $false } if($blUserIsIn365 -eq $true) { #if we dont have a license if($objUserLic.IsLicensed -eq $true) { Go-Logit -LogEntry "$User : License found" #we have a license, so now we need to check it its correct $blEntLicenseFound = $false #enterprise license $blStaLicenseFound = $false #standard license foreach($objLicense in $objUserLic.Licenses) { #$objLicense if($objLicense.AccountSkuId -eq $strEnterprise) { Go-Logit -LogEntry "$User : Seems to be enterprise" $blEntLicenseFound = $true } if($objLicense.AccountSkuId -eq $strStandard) { Go-Logit -LogEntry "$User : Seems to be standard" $blStaLicenseFound = $true } } #if this is a standard license user if($StandardLicense -eq $true) { #if a enterprise license was found, we need to replace it if($blEntLicenseFound -eq $true) { Go-Logit -LogEntry "$User : Replacing enterprise with standard" Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $strStandard -RemoveLicenses $strEnterprise } else { Go-Logit -LogEntry "$User : The correct license was found" } } #this must be a enterprise user else { #if a standard license was found, we need to replace it. if($blStaLicenseFound -eq $true) { Go-Logit -LogEntry "$User : Replacing standard with enterprise" Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $strEnterprise -RemoveLicenses $strStandard } else { Go-Logit -LogEntry "$User : The correct license was found" } } } else { #no license was found, need to add one Go-Logit -LogEntry "No license found" #if this is a standard license user if($StandardLicense -eq $true) { Go-Logit -LogEntry "$User : Setting a standaed license" Set-MsolUser -UsageLocation US -UserPrincipalName $User Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $strStandard } #must be an enterprise else { Go-Logit -LogEntry "$User : Setting a enterprise license" Set-MsolUser -UsageLocation US -UserPrincipalName $User Set-MsolUserLicense -UserPrincipalName $User -AddLicenses $strEnterprise } } } } #get Exchange Online E1 users $obj365UsersArr = @(Get-ADGroupMember -identity $str365AllUsersGroup -Recursive | get-aduser | select -Expand UserPrincipalName) $obj365Users = New-Object System.Collections.ArrayList(,$obj365UsersArr) #get E3 users $obj365e3UsersArr = @(Get-ADGroupMember -identity $str365EnterpriseUsersGroup -Recursive | get-aduser | select -Expand UserPrincipalName) $obj365e3Users = New-Object System.Collections.ArrayList(,$obj365e3UsersArr) #enumerate through all E3 users and remove them from the group that contains all users #the result, $obj365Users will only have people not in the e3 group foreach($objE3User in $obj365e3UsersArr) { $obj365Users.Remove($objE3User) } #create credentials to speak with office 365 $objPassword = $str365Password | ConvertTo-SecureString -asPlainText -Force $objCredential = New-Object System.Management.Automation.PSCredential($str365UserName,$objPassword) Import-Module MSOnline Connect-MsolService -Credential $objCredential Go-Logit -LogEntry "----------------------Pushing licenses for Standard users" #standard users foreach($objUserTemp in $obj365Users) { Set-License365 -User $objUserTemp -StandardLicense $true } Go-Logit -LogEntry "----------------------Pushing licenses for Enterprise users" #Enterprise users foreach($objUserTemp in $obj365e3Users) { Set-License365 -User $objUserTemp -StandardLicense $false } Go-Logit -LogEntry "----------------------Listing all users that were not in 365" #log the users that were not in 365 foreach($objUserTemp in $objFailedUsers) { Go-Logit -LogEntry "$objUserTemp was not found in 365, check group membership" }