组织应使用基于组的许可,而不是直接将许可证分配给用户。原因是它将保持一切井井有条,在存在许可证错误并维护时更容易进行故障排除。如果您直接分配了分配给用户的许可证和基于组的许可证怎么办?在本文中,您将学习如何从Microsoft 365用户中删除具有组许可证的直接分配许可证。
开始之前
您想导出所有用户及其分配路径吗?阅读文章检查Microsoft 365用户许可证是直接从组分配或继承的。
笔记:为了确保用户不会失去对服务和数据的访问,重要的是要确认直接分配的许可不会提供比继承许可的更多服务功能。目前不可能使用Microsoft Entra 365 Admin Center或PowerShell来确定通过继承的许可与删除许可证时的直接许可启用了哪些服务。
用PowerShell删除直接分配的许可证
要批量删除使用PowerShell继承基于组的许可的用户的直接分配的许可证,请按照以下步骤操作:
步骤1。安装Microsoft Graph PowerShell
运行Windows PowerShell作为管理员并安装Microsoft Graph PowerShell。
Install-Module Microsoft.Graph -Force重要的:在运行CMDLET或脚本以防止错误和错误结果之前,请务必更新到最新的Microsoft Graph PowerShell模块版本。
步骤2。准备删除直接启动powershell脚本
在(c :)驾驶:
- 温度
- 脚本
下载remove directlicense.ps1 powershell脚本并将其放入C:脚本文件夹。脚本将将CSV文件导出到C:温度文件夹。
确保文件未阻止以防止运行脚本时的错误。在运行PowerShell脚本时,请在文章中阅读更多信息。
另一个选择是将下面的代码复制并粘贴到记事本中。给它名字删除直流电。PS1并将其放在C:脚本文件夹。
有关的:检查Microsoft 365用户许可证是直接分配或从组中继承的
<#
.SYNOPSIS
Remove-DirectLicense.ps1
.DESCRIPTION
The script will remove unnecessary direct licenses from Microsoft 365 users who already inherit the same license from a group.
For example, as part of a transition to group-based licensing. The script will output the results on the console and export it to CSV file.
.LINK
Remove direct assigned licenses for users with group licenses
.NOTES
Written by: ALI TAJRAN
Website: www.alitajran.com
LinkedIn: linkedin.com/in/alitajran
.CHANGELOG
V1.00, 03/31/2024 - Initial version
#>
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Directory.Read.All, User.ReadWrite.All, Group.Read.All, Organization.Read.All"
# Get all groups with licenses assigned
$groupsWithLicenses = Get-MgGroup -All -Property AssignedLicenses, DisplayName, Id | Where-Object { $_.assignedlicenses } |
Select-Object DisplayName, Id -ExpandProperty AssignedLicenses
$Report = [System.Collections.Generic.List[Object]]::new()
# Check if there is any group that has licenses assigned or not
if ($null -ne $groupsWithLicenses) {
# Loop through each group
foreach ($group in $groupsWithLicenses) {
# Get the group's licenses
$groupLicenses = $group.SkuId
# Get the group's members
$groupMembers = Get-MgGroupMember -GroupId $group.Id -All
# Check if the group member list is empty or not
if ($groupMembers) {
# Loop through each member
foreach ($member in $groupMembers) {
# Check if the member is a user
if ($member.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.user') {
# Get the user's direct licenses
Write-Host "Fetching license details for $($member.AdditionalProperties.displayName)" -ForegroundColor Yellow
# Get User With Directly Assigned Licenses Only
$user = Get-MgUser -UserId $member.Id -Property AssignedLicenses, LicenseAssignmentStates, DisplayName |
Select-Object DisplayName, AssignedLicenses -ExpandProperty LicenseAssignmentStates |
Where-Object { $_.AssignedByGroup -eq $null }
$licensesToRemove = @()
if ($user) {
if ($user.count -ge 2) {
foreach ($u in $user) {
$userLicenses = $u.SkuId
$licensesToRemove += $userLicenses | Where-Object { $_ -in $groupLicenses }
}
}
else {
$userLicenses = $user.SkuId
$licensesToRemove = $userLicenses | Where-Object { $_ -in $groupLicenses }
}
}
else {
Write-Host "No conflicting licenses found for the user $($member.AdditionalProperties.displayName)" -ForegroundColor Green
}
# Remove the licenses from the user (remove the -WhatIf parameter)
if ($licensesToRemove) {
Write-Host "Removing the license $($licensesToRemove) from user $($member.AdditionalProperties.displayName) as inherited from group $($group.DisplayName)" -ForegroundColor Green
$null = Set-MgUserLicense -UserId $member.Id -AddLicenses @() -RemoveLicenses $licensesToRemove -WhatIf
$ReportLine = [PSCustomObject]@{
User = $member.AdditionalProperties.displayName
Id = $member.Id
LicensesRemoved = $licensesToRemove
LicenseInheritedFromGroup = $group.DisplayName
GroupId = $group.Id
}
$Report.Add($ReportLine)
}
else {
Write-Host "No action required for $($member.AdditionalProperties.displayName)" -ForegroundColor Green
}
}
}
}
else {
Write-Host "The licensed group $($group.DisplayName) has no members, exiting now!!" -ForegroundColor Yellow
}
}
# Display the results
$Report | Format-Table -AutoSize
$Report | Export-Csv -Path "C:tempDirectLicenseRemoval.csv" -NoTypeInformation -Encoding utf8
}
else {
Write-Host "No groups found with licenses assigned." -ForegroundColor Cyan
}- 第100行:编辑CSV文件路径
步骤3。运行删除直接启动powershell脚本
在下面运行命令以运行脚本删除直流电。PS1。
c:scripts.Remove-DirectLicense.ps1重要的:这-如果什么参数已添加到脚本中,因此运行时的环境不会发生任何事情。一旦满足结果,请删除-如果什么参数并重新运行脚本。
PowerShell输出显示了从哪些用户删除直接许可证,并从哪个组中继承了许可证。
The licensed group M365_Licenses_E3_Exchange has no members, exiting now!!
Fetching license details for Boris Campbell
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Boris Campbell as inherited from group M365_Licenses_E3_Base
What if: Performing the operation "Set-MgUserLicense_AssignExpanded" on target "Call remote 'POST /users/{user-id}/microsoft.graph.assignLicense' operation".
Fetching license details for Alison Bell
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Alison Bell as inherited from group M365_Licenses_E3_Base
What if: Performing the operation "Set-MgUserLicense_AssignExpanded" on target "Call remote 'POST /users/{user-id}/microsoft.graph.assignLicense' operation".
Fetching license details for Edward Lincoln
No conflicting licenses found for the user Edward Lincoln
No action required for Edward Lincoln
Fetching license details for Alysia Maverick
No conflicting licenses found for the user Alysia Maverick
No action required for Alysia Maverick
Fetching license details for Carol Baker
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Carol Baker as inherited from group M365_Licenses_E3_Base
What if: Performing the operation "Set-MgUserLicense_AssignExpanded" on target "Call remote 'POST /users/{user-id}/microsoft.graph.assignLicense' operation".
Fetching license details for Richard Grant
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Richard Grant as inherited from group M365_Licenses_E3_Base
What if: Performing the operation "Set-MgUserLicense_AssignExpanded" on target "Call remote 'POST /users/{user-id}/microsoft.graph.assignLicense' operation".
Fetching license details for Zoë Roberts
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Zoë Roberts as inherited from group M365_Licenses_E3_Base
What if: Performing the operation "Set-MgUserLicense_AssignExpanded" on target "Call remote 'POST /users/{user-id}/microsoft.graph.assignLicense' operation".
Fetching license details for Amanda Morgan
No conflicting licenses found for the user Amanda Morgan
No action required for Amanda Morgan最后,它将在PowerShell控制台的表中显示所有信息。
User Id LicensesRemoved LicenseInheritedFromGroup GroupId
---- -- --------------- ------------------------- -------
Boris Campbell 4b350521-7006-4a9d-ab11-9127fa9563db c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Alison Bell 77f04d81-fdf0-4604-810a-3a90fe4030e3 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Carol Baker 1e6461f3-b842-4891-bc57-cdea3d430b43 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Richard Grant 03e95a20-3652-4895-af25-6deed0856081 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Zoë Roberts 88db92fa-4a15-4e8f-a0c8-eeadd8fae52b c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d一切看起来都不错,我们删除了-如果什么脚本的参数并重新运行脚本。
下面的输出出现。
The licensed group M365_Licenses_E3_Exchange has no members, exiting now!!
Fetching license details for Boris Campbell
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Boris Campbell as inherited from group M365_Licenses_E3_Base
Fetching license details for Alison Bell
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Alison Bell as inherited from group M365_Licenses_E3_Base
Fetching license details for Edward Lincoln
No conflicting licenses found for the user Edward Lincoln
No action required for Edward Lincoln
Fetching license details for Alysia Maverick
No conflicting licenses found for the user Alysia Maverick
No action required for Alysia Maverick
Fetching license details for Carol Baker
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Carol Baker as inherited from group M365_Licenses_E3_Base
Fetching license details for Richard Grant
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Richard Grant as inherited from group M365_Licenses_E3_Base
Fetching license details for Zoë Roberts
Removing the license c42b9cae-ea4f-4ab7-9717-81576235ccac from user Zoë Roberts as inherited from group M365_Licenses_E3_Base
Fetching license details for Amanda Morgan
No conflicting licenses found for the user Amanda Morgan
No action required for Amanda Morgan
User Id LicensesRemoved LicenseInheritedFromGroup GroupId
---- -- --------------- ------------------------- -------
Boris Campbell 4b350521-7006-4a9d-ab11-9127fa9563db c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Alison Bell 77f04d81-fdf0-4604-810a-3a90fe4030e3 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Carol Baker 1e6461f3-b842-4891-bc57-cdea3d430b43 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Richard Grant 03e95a20-3652-4895-af25-6deed0856081 c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d
Zoë Roberts 88db92fa-4a15-4e8f-a0c8-eeadd8fae52b c42b9cae-ea4f-4ab7-9717-81576235ccac M365_Licenses_E3_Base 62dee815-d5c9-44ce-9085-e17f2c80734d步骤4。打开直接删除许可报告
remove-directlicense.ps1 PowerShell脚本导出了所有Microsoft 365用户,将直接许可从中删除到CSV文件。
查找文件directlicenseremoval.csv在路径中C:温度。
使用您喜欢的应用程序打开CSV文件。在我们的示例中,这是Microsoft Excel。
就是这样!
结论
您学会了如何删除具有团体许可证用户的直接分配许可证。运行PowerShell脚本以获取将从哪些直接许可证中删除的用户的列表。完成后,从脚本中删除-whatif参数并重新运行。
您喜欢这篇文章吗?您可能还喜欢如何在PowerShell中使用Get-Mguser。不要忘记关注我们并分享这篇文章。