Manage Office 365 tenants with Windows PowerShell for Delegated Access Permissions (DAP) partners

Summary: Use Windows PowerShell for Office 365 to manage your customer tenancies.

Windows PowerShell allows Syndication and Cloud Solution Provider (CSP) partners to easily administer and report on customer tenancy settings that are not available in the Office 365 admin center. Note that Administer on Behalf Of (AOBO) permissions are required for the partner administrator account to connect to its customer tenancies.

Delegated Access Permission (DAP) partners are Syndication and Cloud Solution Providers (CSP) Partners. They are frequently network or telecom providers to other companies. They bundle Office 365 subscriptions into their service offerings to their customers. When they sell an Office 365 subscription, they are automatically granted Administer On Behalf Of (AOBO) permissions to thecustomer tenancies so they can administer and report on the customer tenancies.

What do you need to know before you begin?

The procedures in this topic require you to connect to Windows PowerShell for Office 365. For instructions, see Connect to Office 365 PowerShell.

You also need your partner tenant administrator credentials.

What do you want to do?

List all tenant IDs

Note

If you have more than 500 tenants, scope the cmdlet syntax with either -All or -MaxResultsParameter. This applies to other cmdlets that can give a large output, such as Get-MsolUser.

To list all customer tenant Ids that you have access to, run this command.

Get-MsolPartnerContract -All | Select-Object -TenantId

This will display a listing of all your customer tenants by TenantId.

Get a tenant ID by using the domain name

To get the TenantId for a specific customer tenant by domain name, run this command. Replace <domainname.onmicrosoft.com> with the actual domain name of the customer tenant that you want.

Get-MsolPartnerContract -DomainName <domainname.onmicrosoft.com> | Select-Object -TenantId

List all domains for a tenant

To get all domains for any one customer tenant, run this command. Replace with the actual value.

Get-MsolDomain -TenantId <customer TenantId value>

If you have registered additional domains, this will return all domains associated with the customer TenantId.

Get a mapping of all tenants and registered domains

The previous Windows PowerShell for Office 365 commands showed you how to retrieve either tenant IDs or domains but not both at the same time, and with no clear mapping between them all. This command generates a listing of all your customer tenant IDs and their domains.

$Tenants = Get-MsolPartnerContract -All; $Tenants | foreach {$Domains = $_.TenantId; Get-MsolDomain -TenantId $Domains | fl @{Label="TenantId";Expression={$Domains}},name}

Get all users for a tenant

This will display the UserPrincipalName, the DisplayName, and the isLicensed status for all users for a particular tenant. Replace with the actual value.

Get-MsolUser -TenantID <customer TenantId value>

Get all details about a user

If you want to see all the properties of a particular user, run this command. Replace and with the actual values.

Get-MsolUser -TenantId <customer TenantId value> -UserPrincipalName <user principal name value>

Add users, set options, and assign licenses

The bulk creation, configuration, and licensing of Office 365 users is particularly efficient by using Windows PowerShell for Office 365. In this two-step process, you first create entries for all the users you want to add in a comma-separated value (CSV) file and then import that file by using Windows PowerShell for Office 365.

Create a CSV file

Create a CSV file by using this format:

  • UserPrincipalName,FirstName,LastName,DisplayName,Password,TenantId,UsageLocation,LicenseAssignment

where:

  • UsageLocation: The value for this is the two-letter ISO country/region code of the user. The country/region codes can be looked up at theISO Online Browsing Platform. For example, the code for the United States is US, and the code for Brazil is BR.

  • LicenseAssignment: The value for this uses this format: syndication-account:<PROVISIONING_ID>. For example, if you are assigning customer tenant users O365_Business_Premium licenses, the LicenseAssignment value looks like this: syndication-account:O365_Business_Premium. You will find the PROVISIONING_IDs in the Syndication Partner Portal that you have access to as a Syndication or CSP partner.

Import the CSV file and create the users

After you have your CSV file created, run this command to create user accounts with non-expiring passwords that the user must change at first sign-in and that assigns the license you specify. Be sure to substitute the correct CSV file name.

Import-Csv .\\FILENAME.CSV | foreach {New-MsolUser -UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -Password $_.Password -UsageLocation $_.UsageLocation -LicenseAssignment $_.LicenseAssignment -ForceChangePassword:$true -PasswordNeverExpires:$true -TenantId $_.TenantId}

See also

Help for partners