Friday, 20 August 2021

Google Classroom - How to get a list of all classes/classrooms

You can use the GAM utility to easily export the details of all Google Classrooms in your domain by following the commands below. In this example we'll be exporting the details to a CSV file

(Be sure to update the path to gam.exe and the output CSV file location)

$allclasses = C:\admin\gam\gam.exe print courses > "C:\Admin\Google Classroom\allclasses.csv"

This works well, but if you look at your CSV file you'll notice that firstly, it isn't formatted into columns properly, and secondly, there are a heap of fields called "coursematerial" that aren't required. We can filter out those fields by using the command below

$allclassesfiltered = import-csv "C:\Admin\GoogleClassroom\allclasses.csv" | select-object * -ExcludeProperty "courseMaterial*"

We can then re-export the CSV file with the command below which will actually export it correctly as a CSV file with data separated into columns correctly

$allclassesfiltered | export-csv "C:\Admin\Google Classroom\allclasses-filtered.csv" -NoTypeInformation


Thursday, 19 August 2021

GAM - How To Sync Google Classroom Students from CSV File

GAM is great command line utility that fills a huge void in the management of Google Classroom - since Google haven't bothered after all these years to create any kind of centralised management interface for the product despite a huge uptake in use from COVID-19 and remote learning.

One of the downfalls of GAM is it can be a little slow - if you wanted to add students individually to a class, the command to add each student takes several seconds to execute - which doesn't sound like much, but in a large school with lots of students and lots of classes - it could take hours to complete.

Thankfully, they have included the ability to synchronise members (students) of a class from a CSV file. What they don't mention in their documentation though is how the CSV file should be formatted - kind of important, right?

The CSV file should be formatted as a basic list - with a single column and no column headings - containing the email addresses of the students you wish to add. If you opened it in Notepad - it would look like the screenshot below

Example CSV file format to sync students to Google Classroom with GAM

One thing to note - if you are going to sync from a CSV file, it will add all the students in the CSV file to the classroom, but it will also remove any students already in the classroom who aren't listed in the CSV file, so it's important your CSV file contains all the students in the class.

The command to run the sync is below;

C:\admin\gam\gam.exe course "googlecourseid"  sync students file "C:\admin\GoogleClassroom\class1.csv"

(Be sure to update the path to your gam.exe file, the google course ID and the CSV file location)

Wednesday, 18 August 2021

Microsoft Teams - Add Members from Active Directory Group to Team

Teams may often need to be populated with the members of an existing Active Directory security or distribution group. You can use the powershell commands below to easily do this.

Firstly, we need to get the members of our Active Directory group - and pipe the result to the get-aduser cmdlet so we can include the mail property as this is the identifying field we need to use to add users to Teams.

$grpmembers = Get-ADGroupMember -identity | Get-ADUser -properties mail

We will then enable connect to Microsoft Teams to enable the cmdlets, cycle through the list of members and add them to the team. Make sure you update the $teamgrpid to be the unique group ID for the team you wish to add the users to.

Connect-MicrosoftTeams

$teamgrpid = "123456"

foreach ($grpmember in $grpmembers)
    {
    Add-TeamUser -groupid $teamgrpid -user $($grpmember.mail) -role user
    }

You can change the role variable from user to member if you wish to add the users as members instead.


Tuesday, 17 August 2021

Install Active Directory Powershell Module in Windows 10

For whatever reason, Microsoft has now changed the way the powershell module for Active Directory Domain Services and Lightweight Directory Services tools.

Most documentation suggests you install this from the "Turn Windows features on or off" menu located under Programs and Features within Control Panel - but in later Windows 10 releases, the feature is no longer available. It was previously called "Role Administration Tools".

Role Administration Tools is no longer visible under Turn Windows Features on or off

Likewise, the previously used powershell command is no longer recognised

Enable-WindowsOptionalFeature -Online -FeatureName RSATClient-Roles-AD-Powershell

You now get an error when running this command

Enable-WindowsOptionalFeature : Feature name RSATClient-Roles-AD-Powershell is unknown.

So, how do you do it? Follow the steps below
  1. Click the Start button then select Settings
  2. Select Apps
  3. Select Optional Features
  4. Click Add a Feature
  5. Search for "RSAT" and select the option for RSAT: Active Directory Domain Services and Lightweight Directory Services Tools



    Select the option for RSAT: Active Directory Domain Services and Lightweight Directory Services

  6. Click Install
If you get an error saying the install failed, make sure you aren't using a WSUS server as windows will try and install it from there by default if you are.

To check, open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU and set the UseWUServer key to 0


Monday, 16 August 2021

Microsoft Teams - Assign Teams Policies to Users with Powershell

Policies can be created within Microsoft Teams to manage permissions and restrictions on sets of users. In a school environment for example, you may wish to prevent the ability of students to call other users directly, but allow it for staff.

There are four (4) different types of policies that can be configured/applied to users in Teams;

  1. Calling Policies
  2. Meeting Policies
  3. Channels Policies
  4. Messaging Policies
The policies can be created/configured within the Teams web admin interface.

Calling Policies are configured under Voice > Calling Policies
Meeting Policies are configured under Meetings > Meeting Policies
Channels Policies are configured under Teams > Teams Policies
Messaging Policies are configured under Messaging Policies

Once they're created and configured, they can be applied to users via powershell which can be quicker than doing it manually via the web admin interface - especially if you need to apply it to a large batch of users.

The cmdlet we'll be using for this is New-CsBatchPolicyAssignmentOperation

Be sure to update the PolicyName and Identity arguments to match your policy and user

Apply Teams Calling Policy to Users

New-CSBatchPolicyAssignmentOperation -PolicyType TeamsCallingPolicy -PolicyName "Name" -identity "user@domain.com"

Apply Teams Meeting Policy to Users

New-CSBatchPolicyAssignmentOperation -PolicyType TeamsMeetingPolicy -PolicyName "Name" -identity "user@domain.com"

Apply Teams Channel Policy to Users

New-CSBatchPolicyAssignmentOperation -PolicyType TeamsChannelsPolicy -PolicyName "Name" -identity "user@domain.com"

Apply teams Messaging Policy to Users

New-CSBatchPolicyAssignmentOperation -PolicyType TeamsMessagingPolicy -PolicyName "Name" -identity "user@domain.com"

Checking

You can then check what policies are applied to a user by using the cmdlet below

Get-CsUserPolicyAssignment -identity "user@domain.com" 

This command will return a table displaying all the different policies that are applied to the user specified

Friday, 13 August 2021

Microsoft Teams - Add Additional Team Owner using Powershell

When a user is added to a Microsoft Team, they are added as either a "member" or an "owner". Adding them as an "owner" gives them additional privileges/rights within the team - such as being able to add other members, delete chat messages etc.

If you add a user to a team using the "add-teamuser" powershell cmdlet, it will by default add them as a member. You can use a switch within the command to add them as an owner instead.

Here's an example;

add-teamuser -groupid "abc123" -user "user@domain.com" -role owner

As you can see, the "-role owner" switch is what adds them as an owner to the team, instead of adding them as a member.

If the "-role" switch isn't specified, the user will be added as a member by default. You can alternatively include the "-role" switch and specify "member" as well - like the example below

add-teamuser -groupid "abc123" -user "user@domain.com" -role member

This could be useful if you're using some kind of loop and want to add some users as members and some as owners and have the owner/member specified in a variable.

Thursday, 12 August 2021

Microsoft Teams - Copy Users Team Memberships to Another User

Microsoft Teams doesn't have any easy facility to export all the teams a particular user is a member of which can be useful if you want to copy the team memberships from one user to another.

Thankfully there is a way to do it though - since Microsoft Teams are actually O365 groups behind the scenes, we can utilise some O365 powershell cmdlet magic to accomplish this.

First, we need to connect to our O365 environment then import the session so we can access the cmdlets

$ex = New-PSSession -ConfigurationName Microsoft.Exchange -Credential user@domain.com -ConnectionUri https://outlook.office365.com/powershell -Authentication basic -AllowRedirection

import-pssession $ex

Next, let's get a list of all groups of the user we want to copy from - ie. the source user (be sure to adjust the source user variable to use your own target users email address)

$sourceuser = "user1@domain.com"

$Office365GroupsMember = Get-UnifiedGroup | where { (Get-UnifiedGroupLinks $_.Alias -LinkType Members | foreach {$_.primarysmtpaddress}) -contains $sourceuser}


You can then look at the $Office365GroupsMember variable to see a list of all the O365 groups that the source user is a member of

If you have a mixture of O365 groups AND MSTeams and want to isolate the MS Teams - you can filter the results further by using the command beloww

$o365teamsgroups = $office365GroupsMember | where {$_.serviceendpointuris -like "*MicrosoftTeams*"}

Now that we have our list of Teams, we can go through the list and add our target user to each team. But to do this we need the unique Group ID for each team which is included in the script below. Be sure to update the $targetuser variable with the email address of the user you wish to add to the groups.

Connect-MicrosoftTeams
$targetuser = "user2@domain.com"

foreach ($o365team in $o365teamgroups)
    {
    $teamprops = get-team -displayname $($o365team.displayname)
    write-host "Adding $targetuser to $($teamprops.displayname) team"
    add-teamuser -groupid $($teamprops) -user $targetuser
    }