Active Roles Server 7.0.2 workflow for automatically assign Office 365 license to AD user

You have mentioned two criteria for the Office 365 licensing Group OR OU.

The first one is easy - set the "start condition" for your workflow to respond to a member added to the group. The "member add" is configured at the top of the workflow start conditions dialog and the group name is specified in the filtering conditions at the bottom of this dialog.

For "OU", there are potentially two workflow start condition cases to consider: A user create and a user move.

Let's focus on the "user create". Here again, you would specify a start condition of "Object class: user, action: create" and then in the middle of the workflow start conditions dialog, you can specify one or more OUs that you want to "watch".

Now you must create a "script activity" to perform the licensing that you will add to your workflow.

You will first need to add a new "script module" to ActiveRoles of the type "Policy Script".

You should place the code of your script inside a function (the name can be anything but you must reference it when you add the "script activity" to your workflow):

Function LicenseOffice365User ($Request)
{

# Code goes here

}


It needs to do the following:

1. Capture the name of the current user being processed

The simplest way to get this is something like this:

$CurrentUser = Dirobj.get("userprincipalname")

(I'm assuming that your users' userprincipalname attributes match your Office 365 user IDs. If not, substitute another attribute ("mail" is a logical choice) for userprincipalname above.

2. Launch a remote powershell session with office 365. You will need to supply the credentials for this - probably best to get the password from an encrypted text file stored on your ActiveRoles server. There's sample code on the web for this.

3. Set the license information.

The article below is helpful for items 2 and 3 above.

windowsitpro.com/.../office-365-licensing-windows-powershell

This answer is very comprehensive and correct, but if you are using the Active Roles Office 365 Add-on, it might be simpler to implement the licensing in an "Update" activity rather than a "Script" activity. The Activity Target would be the default Workflow Target, and the licenses are all stored as booleans starting with "edsvaOffice365-License-". Set the desired license or licenses to TRUE, and the Addon will post the changes to Office 365.

Good point Terrance however there was no mention of this Add-In having been deployed and if they are like most Office 365 customers, they cannot use it because they have AADSync in place.

Actually, to be more precise - it hardly seems worth deploying the Add-In solely for licensing purposes (though that is a supported scenario even if AADSync is in place).

Actually, the Active Roles Addon for Office 365 has two options when deploying: replacing DirSync, or mastering only licensing while DirSync is in play. With the second option, we could leverage a Workflow as described above with very little configuration necessary.

Hi, thanks for your responses, I´m sorry I did not mention my complete scenario. Yes, we use AADSync for syncing directories between on-prem and Azure AD. Also we use Office 365 add-on version 3.0 for Active Roles and I already created some cool edsvaOffice365-License... update workflow and they work like a charm.
Here is a good challenge! We do not store data on "msExchUsageLocation" AD attribute and therefore we do not export this info into "usageLocation" Office365 attribute, instead we populate the "c" AD attribute for country information. Is there a workflow task or script we can use to export the 3-letter country code from "c" on-prem attribute into the 2-letter country code for "edsvaOffice365-UsageLocation-code" Active Roles attribute?
Thanks again.
Alejandro Palacios

I think that a script will be necessary to convert the values.

I found a listing here:
www.worldatlas.com/.../ctycodes.htm

A "switch" is how I would implement it. I haven't tested this in my lab, but it should be something like this:

function ConvertCountryCode($Request)
{
$3digit = $DirObj.Get("c")
$2digit = "US"

switch ($3digit)
{
AFG{$2digit = "AF"}
ALB{$2digit = "AL"}
DZA{$2digit = "DZ"}
.....
}
$Request.Put("edsvaOffice365-UsageLocation-code", $2digit)
}

You can probably use a macro to format the "switch" block after grabbing the values from the resource above.

Thank you very much, It looks a cool solution, let me try it, if you already tested on your lab, please don´t be and send me the script. And just to correct myself we don´t use "c", we use "co" 3-letter attribute.