Microsoft

Blog Categories

Subscribe to RSS feed

Archives

Follow our Microsoft Technologies board on Pinterest

Using System Center Automation to Manage Office 365

Manage Office 365 with Microsoft System Center Service Manager, Orchestrator, PowerShell or Custom GUI.

Working with office 365 projects one of the things I come across frequently is what are some of the ways to manage Office 365 from an on premise location. Up to now there has been a very limited tool set to do simple task. DirSync is a tool offered by Microsoft to Synchronize the User Principle Names from Local Active Directory to the Office 365 cloud. Federated Services helps create a Single Sign on to the Cloud which helps the administrators to manage passwords locally. Exchange Management console has some management functionality of Office 365 mailboxes but it requires a Hybrid Deployment. Power Shell offers the most flexible on premise management abilities. Then there are some third parties out there that provide simple management tools to do things like Synchronize passwords or Migrate mailboxes.

Using Power shell combined with other Microsoft products allows you a simple way to create management automations that are simple and secure.  I will show you the basics on how to Setup Office 365 management using a couple of methods. I’m going to demonstrate some basics ideas on how to get this to work. The first building block to all these different methods will be using PowerShell and System Center Orchestrator, from there you can span out the user interface methods. I will show you a couple of scenarios I played with to get this to work.

Scenario 1 – System Center Service Manager and Orchestrator

You will need to install and test:

  • System Center Orchestrator
  • System Center Service Manager
  • PowerShell for Office 365

First off this uses your windows PowerShell commands for the run book automation so best practice verify that the PowerShell Scripts work and function properly.

 

1. Take a Simple Power Shell Script that is used to Logon to Office 365.

Establishes an Office 365 Remote Session in PowerShell

*************************************************************************************************************

$Session = New-PSSession -ConfigurationName Microsoft.Ex

change -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -

Authentication Basic -AllowRedirection

Import-PSSession $Session

*************************************************************************************

In a normal power shell session you will get prompted for credentials, I’m going to include input strings so the script will pull them from the interface that the end user will be using. So the complete script will look like this.

*************************************************************************************

$powerUser =

$powerPass =

$password = ConvertTo-SecureString $powerPass -AsPlainText -Force

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -

Authentication Basic -AllowRedirection

Import-PSSession $Session

*************************************************************************************

Then I’m going to show you some options to offer these run books to and end user interface where they take Input strings from that user and execute the run books using those strings. I’m going to demo just a simple logon to office 365 from there you can get as creative and complex as you would like.

First you need Orchestrator and Designer Installed, this product comes with the purchase of System Center. System Center is a suite of products used to manage infrastructure, it is also referred to as Microsoft Private Cloud. The 2012 release offers an all-inclusive license, so if you own or plan on purchasing any of the Products like Configuration Manager , Virtual Machine manager, Data Protection Manager or Operations Manager or renew a current license you will get the whole suite.

From here we will put together the Orchestrator run book automation that will log in to Office 365 when the O365 Option is selected later in our Portal.

2. Ok now lets open Orchestrator Designer and see how this works in a runbook. We are going to use 2 Orchestrator controls: “Initialize Data” and “Run .net Script” Just drag them into the screen.

1 Click to View

2 Click to View

3. When you highlight the “Initialize Data Control” You can drag over the arrow to connect the 2 controls. This allows you to subscribe the Input Strings we will create to the PowerShell Script. You can also rename the controls to something that explains it properly.

3 Click to View

4. I’ve renamed mine to “Get User ID” and “Office 365 Logon”.

4 Click to View

5. Next I’m going to create a couple of input strings to call “username” and “Password” to be used in the PowerShell script.  Go into the properties of the Initialize data control, add 2 strings, and rename them. I named mine “poweruser” and “PowerPass”.

5 Click to View

6. Next open the “Office 365 Logon” .net Control and Select the PowerShell Language type.  Copy and paste the script into the script field. Now you import the String from the “Get User ID” control by right clicking where you want the data to be in the script and select

6 Click to View

The Input Strings become Published Data when you connect the 2 Controls.

7 Click to View

8 Click to View

This will pull the USER ID and Password from the Get User ID control and insert it into the Office 365 Prompt. Make sure you put the Strings between Quotes.

9 Click to View

Just as a Note the input strings can be a variety of inputs. Including Drop Down box selections, Upload CSV Files, or you can even use an Active Directory Control to pull any AD attribute you want to include in your PowerShell command.

7. Now we step through the Run book through Runbook Tester, Keep in mind this is actually performing the run book in the environment, Runbook tester is just designed to step through the run book to verify function.

10 Click to View

 

When I Run the Office 365 Runbook it prompts for the User Name and Password in which then passes this off to the script that logs us into Office 365 and establishes the Session.

 !!!Some notes about PowerShell with Orchestrator. Orchestrator by default uses the 32bit PowerShell. Also it does not start with elevated credentials. So you have to make some changes to get it to work with office 365. For this exercise I simply just disabled User Access Control to work around the issue.

11 Click to View

So from here it’s a matter of offering your office 365 management run books to the Users that will be consuming it.

System Center Service Manager Portal /SharePoint

The first way to provide these controls to the Users is through System Center Service Manager. You import the Run book in Service Manager through the Orchestrator Connector and then build out the Template to Offer it through the Service Manager Self Service Portal. This way you can establish work flows for example that can go through approval processes and delegate these offerings to the people you grant rights to be delegated. This is the most straight forward approach to offering up the run books to end users. Here is a Typical Service Manager Portal where these run books can be offered. See Service Manager Documentation on setting up Self Service Portals

12 Click to View

I put the Office 365 logon under Cloud Services option that I created. When you click the Office 365 Icon the run book executes. Behind the  scene PowerShell logs on to Office 365

13 Click to View

As you can see you can pretty much create any kind of Office 365 management function. Below is another example of an Office 365 function, a password reset.

 14

Click to Veiw

Skies the Limit to what you can do with Orchestrator run books and Office 365. For example Orchestrator can natively perform any actions you want in Active Directory and Import that into the Power Shell. Meaning for example; Say every time a new users is created or a password is reset it fires off a run book that will provision that user in O365 or Sync the password. This is a great work around for Federated Service and AD Sync, Use Orchestrator to keep the Cloud Synchronized. Pretty Clever Huh! Best part it is automated requiring no user interaction.

One more great thing about using Service Manager is the security control. You can give specific users or groups access to requests and add approval workflows, emails notifications, or even trigger other run books for each specific request. This way it allows you to delegate functions to end users with out any worry.

 Scenario 2 – Custom .Net GUI

You will need to install and test:

  • Visual Studio

Another way to Offer these run books is through creating your own custom front end. This would require you to create a Custom Class for Orchestrator that you will then use in Visual Studio build your custom form. We will use “DataSvcUtil.exe” against the Orchestrator Web Service to create our class. This for those that don’t want to use Service manager for whatever the reason but still want to incorporate the power of Orchestrator run books

1. Open up a command prompt, navigate to: ‘%windir%\Microsoft.NET\Framework\v3.5’, and run the following command

DataSvcUtil.exe /dataservicecollection /version:2.0 /language:CSharp /out:desiredfilename.cs /uri: HTTP://<SERVERNAME>:81/Orchestrator2012/Orchestrator.svc

The output will look similar to the following and the .CS file can be found in the folder from which DataSvcUtil.exe was executed.

 

2. Build Your Interface, I created one that looks like this.

15 Click to View

3. Once the form design has been completed, we will need to set up the .NET environment. You do this in Visual Studio  designer by double clicking  on the ‘Update’ button in order to bring up the code editor with focus on the Default.aspx.cs file.

ü  Add using System.Xml.Ling; to the using statements.

ü  Add the .CS File created to the project – right click on the project in solution explorer, add existing item, select the .CS file.

ü  Add a reference right click on References, Add Reference, select .NET, and select System.Data.Services.Client.

When finished you will see

16 Click to View

 

17 Click to View

 

4. Now you can begin coding your Interface to the Run book.

So with this example shown above I hope you can see how we can build controls for managing Office 365 from simple PowerShell commands and Orchestrator. In most cases the Logon to Office 365 commands will be added to the beginning of any of the Office 365 Management PowerShell commands and you can hard code the Credentials. This give you run as ability to execute commands as administrator in the cloud while keeping the credentials secure.

So here are some just example runbook scenarios that can be easily done for Office 365.

  • Reset a User or Group of Users Passwords.
  • Add or Remove a User to Office 365.
  • Assign any Users to Services in Office 365 like: Lync, SharePoint, Exchange Mailboxes
  • You could combine the Active Directory Controls and Use them in Combinations with the PowerShell Scripts. This could allow you to Synchronize or Manipulate any User Attribute and or Mail Attribute between the on premise AD and Office 365. This can be used as an alternative for ADSYNC or Federated Services SSO. (Just keep in mind Microsoft might not support custom built solutions).
  • Fire off Auto provision run books that will set up the User in Office 365 when a new user is created in AD. (This can be done using an Orchestrator monitor event that can start the run book on new user creation.)

As you can see the things you can do are left up to your creativity and your PowerShell abilities. When combining System Center Orchestrator ,  PowerShell and other Orchestrator Integration Packs Like, AD, Exchange  you can create seamless management functions that can be offered from a GUI to a User with the Ability to delegate proper security and control.

Through System Center Orchestrator (formally known as Opalis) is an enterprise automation tool that Microsoft has included in the System Center Suite of Products. Orchestrator is a simple way to perform complex automations form a GUI based interface. Using Orchestrator Designer you configure and Link activities together to create automated run books. These activities carry out specified procedures – anything from ending a process, running a Microsoft .NET script, or restarting a service to using one of the Integration Packs like Active Directory or System Center Suite. Orchestrator also has a SDK to use with Visual Studio to create your own integration packs. With this new Product it is virtually unlimited to what you can automated so for those looking for a long term career in Technology this would be a great product to learn. :)

 

Tags: , , , , , , , , , , , , , ,

Leave a Reply