• State Not Answered
  • Replies 8 replies
  • Subscribers 62 subscribers
  • Views 2422 views
  • Users 0 members are here
Options
Related

Check if a user is having a certain O365 license assigned

Markus74
over 2 years ago

Hello,

I am trying to configure a Workflow in synchronization service for all user accounts that do have a certain license assigned.

Thus I'd need to know if there is a possibility to query a user for a certain (active) O365/M365 license.

Has anyone been able to configure/script this yet?

Thanks in advance.

Markus

  • 0 over 2 years ago

    A starting point for this is to look at the virtual property edsaAzureUserAssignedLicenses

    The admin service pulls this information from the tenant for each user in real time.

    It looks ugly because it references the licenses by their GUID identifiers.

    Here's a table for translating them:

    https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference

    I'm not sure if there's something off with my environment, but I can't seem to pull the contents of this property.

    Here's some simple code that should do it:

    get-qaduser -proxy -identity $MyUser -IncludedProperties edsaAzureUserAssignedLicenses | select -ExpandProperty edsaAzureUserAssignedLicenses

    Give it a whirl.

  • 0 over 2 years ago in reply to JohnnyQuest

    Per KB 264056, looks like my command line needs to look like this:

    get-qaduser -proxy -identity $MyUser -IncludedProperties edsaAzureUserAssignedLicenses,edsvaAzureObjectID | select edsaAzureUserAssignedLicenses 

    i.e. you need to include the edsvaAzureObjectID in your requested property set.

    Also, make sure your Quest cmdlets and ADSI Provider are up to date!

  • 0 over 2 years ago in reply to JohnnyQuest

    Thanks for your reply.

    Actually in the synch service it would be easier to get that even, as I can use "srcobj" and don't have to do the full command as above.

    However, I don't fully understand the format of the attribute, which was the reason why I was asking...

    it looks like that:

    [{"disabledPlans":["GUID1","GUID2"],"skuId":"GUID3"},{"disabledPlans":[],"skuId":"GUID4"},{"disabledPlans":[],"skuId":"GUID5"},{"disabledPlans":[],"skuId":"GUID6"},{"disabledPlans":[],"skuId":"GUID7"}]

    If I want to check for a specific license, would it be enough to check for existence of the respective GUID? What do the sections mean that are called "disabledPlans" and "skuid" that are in part within the same {}?

    I also see a "disabledPlans" section with two GUIDs (the first one) and others that don't contain any GUID and only empty []...

  • 0 over 2 years ago in reply to Markus74

    The GUID is all you need.  

    You can take your returned values, search for "disabledPlans":[],"skuId": and replace it with "".

    Then you can just perform lookups on the remaining GUIDs.

  • 0 over 2 years ago in reply to JohnnyQuest

    Thanks. Thought I can go from there...
    However, it seems neither in the Synch Service script nor with your command I get any data on the attribute...

    When I try to do it this way, I don't even get the attribute listed:

    get-qaduser -proxy -identity $myuser -IncludedProperties edsaAzureUserAssignedLicenses | fl *

  • 0 over 2 years ago in reply to Markus74

    I think you overlooked an update to my original post about the command line.  Reproduced again below...

    get-qaduser -proxy -identity $MyUser -IncludedProperties edsaAzureUserAssignedLicenses,edsvaAzureObjectID | select edsaAzureUserAssignedLicenses 

    i.e. you need to include the edsvaAzureObjectID in your requested property set or the license value won't be returned.

    Also, make sure your Quest cmdlets and ADSI Provider are up to date!

  • 0 over 2 years ago in reply to Markus74

    Before we get into implementing this in the Sync Service, may I ask you how many objects you are going to be checking?  10s, 100s, 1000s?

    I ask this because if the number is large then this is going to affect how you go about dynamically scoping objects in or out of your synchronization step.