MOC-MD101.ps1
|
# Filename: MOC-MD101.ps1 # Date : 2021-07-13 # Author : Frits van Drie (3-Link.nl) #PSScriptInfo <#PSScriptInfo .VERSION 1.0001 .GUID 0a33f246-30fa-407f-a784-342d4cbe1dcf .AUTHOR F. van Drie (3-link.nl) .COMPANYNAME 3-Link .COPYRIGHT 3-Link bv (NL) .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .PRIVATEDATA .DESCRIPTION This script contains commands to achieve the results as designated in the referenced Microsoft training (MOC). This script is not meant to be run unattended. Instead run each line of code separately. This script is designed for training purposes only. Do not use this script or any part of it on a corporate production device. Using this script or parts of it is at your own risk. #> [cmdletbinding()] Param() $tenantDnsName = 'M365x510981.onmicrosoft.com' $tenantAdminPassPlain = '*MQq$b9$Fjn' #region: Variables if ( -not($tenantDnsName) ) { $tenantDnsName = Read-Host 'Enter your AzureAD tenantname' } $tenantAdminName = 'admin' $tenantAdminUPN = ("$TenantAdminName@$TenantDnsName").ToLower() #$tenantAdminPass = ConvertTo-SecureString $tenantAdminPassPlain -AsPlainText -Force #$tenantAdminCred = New-Object System.Management.Automation.PSCredential($tenantAdminUPN, $tenantAdminPass) if ( -not($tenantAdminCred) ) { $tenantAdminCred = Get-Credential -UserName "admin@$tenantDnsName" -Message 'Logon as global administrator' } $domainDnsName = 'contoso.com' $domainAdminName = 'administrator' $domainAdminUPN = ("$domainAdminName@$domainDnsName").ToLower() $domainAdminPass = ConvertTo-SecureString 'Pa55w.rd' -AsPlainText -Force $domainAdminCred = New-Object System.Management.Automation.PSCredential($domainAdminUPN, $domainAdminPass) #endregion: #region: Modules Install-Module Msonline #endregion: #region: Functions function Connect--MsolAsGlobalAdmin { # Import modules Import-Module MSOnline # Login to AzureAD Connect-MsolService -Credential $tenantAdminCred Write-Host "Connected as $($tenantAdminCred.UserName)" -f Yellow } #endregion: Break #region: LAB 0101 Connect--MsolAsGlobalAdmin # Create users New-MsolUser –UserPrincipalName "ereeve@$tenantDnsName" -DisplayName “Edmund Reeve” -FirstName “Edmund” -LastName “Reeve” -Password ‘Pa55w.rd’ -ForceChangePassword $false -UsageLocation “US” New-MsolUser –UserPrincipalName "msnider@$tenantDnsName" -DisplayName “Miranda Snider” -FirstName “Miranda” -LastName “Snider” -Password ‘Pa55w.rd’ -ForceChangePassword $false -UsageLocation “US” New-MsolUser –UserPrincipalName "cgodinez@$tenantDnsName" -DisplayName “Cody Godinez” -FirstName “Cody” -LastName “Godinez” -Password ‘Pa55w.rd’ -ForceChangePassword $false -UsageLocation “US” New-MsolGroup -DisplayName “Contoso_Marketing” -Description “LAB 0101: ” New-MsolGroup -DisplayName “Contoso_Sales” -Description “LAB 0101: Contoso Sales team users” $group = Get-MsolGroup | Where {$_.DisplayName -eq "Contoso_Marketing"} $user = Get-MsolUser | Where {$_.DisplayName -eq “Edmund Reeve”} Add-MsolGroupMember -GroupObjectId $group.ObjectId -GroupMemberType "User" -GroupMemberObjectId $user.ObjectId $user = Get-MsolUser | Where {$_.DisplayName -eq “Miranda Snider”} Add-MsolGroupMember -GroupObjectId $group.ObjectId -GroupMemberType "User" -GroupMemberObjectId $user.ObjectId Get-MsolGroupMember -GroupObjectId $group.ObjectId $group = Get-MsolGroup | Where {$_.DisplayName -eq "Contoso_Sales"} $user = Get-MsolUser | Where {$_.DisplayName -eq “Cody Godinez”} Add-MsolGroupMember -GroupObjectId $group.ObjectId -GroupMemberType "User" -GroupMemberObjectId $user.ObjectId Get-MsolGroupMember -GroupObjectId $group.ObjectId #Contoso|Overview page, under Manage, select Company branding and then select Configure. # On the Configure company branding page, configure the following settings and then select Save: # Sign-in page text: Contoso Corp. Sign-in Page # Show option to remain signed in: Yes # Licenses # User: E Reeve # License: Office E5, EMS E3 #endregion #region: LAB 0102 # Configure directory synchronization with Azure AD Connect # Download AzureADConnect.msi start 'https://www.microsoft.com/en-us/download/details.aspx?id=47594' "admin@$tenan,Name" $ouList = 'IT', 'Managers', 'Marketing', 'Research', 'Sales' # Add Additional local administrators on all Azure AD joined devices # Megan Bowen # Join SEA-WS1 to AAD: User: JoniS # Disconnect SEA-WS1 New-ADOrganizationalUnit 'ou=Azure AD clients,dc=contoso,dc=com' Move SEA-CL2 to 'Azure AD clients' Start-ADSyncSyncCycle -PolicyType Initial # Hybrid Join # Configure 'Hybrid join' in AzureADCOnnect # Publish SCP #endregion #region: LAB 0202 # Assign license to Aaron Nicholls (US) # Office, EMS # Enable Windows Automatic Enrollment into Microsoft Intune # Assign 'Sales' group to Enrollment restrictions for Android and IOS #endregion #region: LAB 0203 #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion #region: LAB #endregion |