New-ManagementRole in Exchange Online Powershell

Try as I could, I could not get the powershell command in this technet article to work in Exchange online: https://technet.microsoft.com/en-us/library/dd298073(v=exchg.150).aspx

The article cleverly suggests that to create a custom management role, you create a new role and then just strip out the commands you don’t want by filtering out certain commands and removing the rest. This worked fine in my on premise Exchange 2013 environment, but try as I could, it would not work in EOP.

Get-ManagementRoleEntry "Redmond Journaling View-Only\*" | `
Where { $_.Name -NotLike "Get*" } | `
Remove-ManagementRoleEntry

Attempting this command in Exchange Online you get the following:

PS C:\> Get-ManagementRoleEntry "Redmond Journaling View-Only\*" | `
Where { $_.Name -NotLike "Get*" } | `
Remove-ManagementRoleEntry -WhatIf

Cannot process argument transformation on parameter 'Identity'. Cannot convert value "Redmond Journaling View-Only" to type


get-managementroleentry error

The problem seems to be with the identity parameter.

Long story short, I was able to use a foreach loop to do the same thing in Exchange Online.

$rolename = “Delegated Admin Transport Hygiene”
$excludeterm = "*quarantine*"

New-ManagementRole -Name $rolename -Parent “Transport Hygiene”

$role = Get-ManagementRoleEntry ($rolename + “\*”) | `
Where { $_.Name -NotLike $excludeterm `
-and $_.name -notlike "*SenderAddress*"}

foreach ($r in $role){
Remove-ManagementRoleEntry ($rolename + "\" + $r.Name) `
-Confirm:$false}

Powershell Rewrite SAMAccountName and UPN

The below script will rewrite the samaccountname and upn of users within your search scope to the format of firstinitial+lastname. If a conflict is detected a number is appended and retried until the set-aduser command succeeds. The script makes no attempt on accounts missing either firstname or lastname.

$searchbase = "OU=OrgUnit,DC=DOMAIN,DC=COM"
$srcusers = Get-ADUser -filter * -SearchBase $searchbase

foreach($s in $srcusers){
If ($s.Surname -like "*" -and $s.GivenName -like "*"){
$newname = (($s.GivenName).Substring(0,1)+$s.Surname)
$n = 1
do
{
$errvar = $null
set-aduser -Identity $s.samaccountname `
-SamAccountName $newname -UserPrincipalName ($newname + "@phsi.us") `
-ErrorAction Continue -ErrorVariable errvar -Verbose
$number = $n++
$newname = ((($s.GivenName).Substring(0,1)+$s.Surname) + $number)
$newname = $newname.Replace(".","")
$newname = $newname.Replace(" ","")

}
until ($errvar.count -eq 0)
}
}