Administer Microsoft SharePoint Online

Objective

After completing this lab, you will be better able to:

Enable external sharing end to end
Create site collections, one at a time and in bulk with PowerShell 
Create and apply permissions to site collections 
Manage users and groups, manually and in-bulk with PowerShell
Manage tenant storage & resources 

Scenario

The goal for this hands-on lab (HOL) is to learn how to perform common administrative tasks in the new SharePoint Online (SPO) admin center, including some tasks using Windows PowerShell.

AUDIENCE

SharePoint IT Professionals and Administrators

Estimated time to complete this lab: 40 minutes

Virtual Machines

Ignite2015-DC
Ignite2015-EXCH
Ignite2015-SP
Ignite2015-SPAF
Ignite2015-WAC
Ignite2015-Win81Client

Exercise 1 : PowerShell: Startup and Connection

In this exercise you will:

Connect the SharePoint Online Management Shell to your SPO tenant

Connect to your tenant

Scenario: The SharePoint Online Management Shell is a version of PowerShell 3.0 that contains cmdlets for administering SharePoint Online tenants. You will use this throughout the lab.

Connect to Ignite2015-Win81Client

Switch to Ignite2015-Win81Client by clicking on the Switch to Machine icon to the left of the Done button. You should be logged in as Administrator. If not, sign in as CONTOSO\Administrator with a password of pass@word1.

You can also select the machine using the Machines tab.
Open SharePoint Online Management Shell

Start SharePoint Online Management Shell with elevated permissions (on the Desktop, right-click SharePoint Online Management Shell, and then click Run as Administrator).
Connect-SPOService

In the PowerShell console, type Connect-SPOService -Url https://-admin.sharepoint.com -credential admin@.onmicrosoft.com. Change the URL and User to your SharePoint Online tenant name, and then press ENTER. The SharePoint Online Management Shell is now connected to your SPO tenant. Keep this open for use later in the lab.

Watch for the Type Text icon!!

To have the text automatically typed for you, position the cursor where you want the text to be entered and click the Type Text icon to the left of the Done button in the lab interface. After the text is typed, press ENTER.

This capability is available whenever the Type Text icon is visible.
```
Connect-SPOService -Url https://-admin.sharepoint.com -credential admin@.onmicrosoft.com
```
Connect to Tenant

From the Desktop Taskbar, open Internet Explorer.   Connect to your tenant with credentials for an administrative user:   https://-admin.sharepoint.com
User name:   admin@.onmicrosoft.com
Password:   pass@word1
View SharePoint Online

You are now ready to proceed with the lab.

Congratulations!

You have successfully:

Connected the SharePoint Online Management Shell to your SPO tenant

Connected to your tenant

Click Continue to advance to the next exercise.

Exercise 2 : External Sharing

In this exercise you will:

Work with external sharing options

Scenario: With SharePoint Online, you can enable the External Sharing feature for content outside your organization. This would be especially beneficial in cases where you have external vendors collaborating on a project. You might want certain vendors to have edit access to certain documents, or even read access to one or more sites in your SharePoint Online environment. At the tenant level, you can allow external users to accept sharing invitations and sign in as authenticated users. You can also allow document-level sharing to be done with anonymous users through Guest Links. Once the External Sharing feature is enabled at the tenant level, site collection administrators can then request sharing options for their site collection(s). Thus, one site collection in a tenant could have external sharing disabled while another (or others) may allow for authenticated External User or anonymous Guest Links. By default, new site collections will have external sharing disabled.

Open Sharing

In the SharePoint admin center, in the left navigation, click sharing.

Task 1 – External Sharing Options

In this exercise, you will review the external sharing options for your tenant and then modify the external sharing options for the Contoso site collection. Once the site collection external sharing options are set, you will navigate to the site collection, create a document, and walk through the steps for sending an anonymous Guest Link for that document.
View External Sharing Errors

In the Sharing outside your organization area, be aware that, for the tenant, sharing is set to Allow sharing to authenticated external users and using anonymous access links. This is the default setting for tenants.
Select Site Collection

In the left navigation, click site collections. Select the check box to the left of the first site collection (https://.sharepoint.com).
Site Collection Sharing

In the ribbon, click Sharing.
Configure Sharing Settings

In the sharing dialog, be aware that external sharing may be disabled. Click Allow sharing with all external users, and by using anonymous access links, which will allow users to share content externally by sending anonymous access links. Click Save. Note: It may take up to several minutes for processing on the update action to complete. You will see a green wait circle while the processing occurs. You can continue with the next step.
Open New Browser Tab

Start a new browser tab and navigate to the Contoso Team Site site at https://.sharepoint.com.
Upload Document

In the Documents library, upload the C:\HOLs\HOL3100\New Training Programs PowerPoint file.
Share Document

Click the ellipsis for the document you uploaded and click SHARE.
Configure Share Permissions

In the sharing window, to the right of the invite box, click the list dropdown to view the permission options (Can edit or Can view). Note: You can type names or e-mail addresses in the invite box (this can be any e-mail address, internal or external). If you want to see what an end user receives, type your personal e-mail address and you will receive the sharing notification if you click Share at the end of this exercise. Clear the Require sign-in check box to make this invitation an anonymous Guest Link. Click Cancel. Note: Click Share if you want to see the results of sharing.
Complete Share

At the bottom of the preview window, click SHARE.

Congratulations!

You have successfully:

Worked with external sharing options

Click Continue to advance to the next exercise.

Exercise 3 : Site Collection Administration: Create Site Collections Using the Browser

In this exercise you will:

Create new site collections in the browser

Open SharePoint Admin Center

Start on the site collections page of the SharePoint admin center (for example, https://-admin.sharepoint.com/).
View Resources

At the upper right, review the storage (MB) and server resources available for this tenant. When you create the new site collection here and later in the lab, keep these limitations in mind. In this screenshot example, there are 13,900 MB and 300 server resources available.
Limit Resource Quota

Click the checkboxes next to the /sites/contosobeta, and /sites/communities site collections. In the ribbon, click Server Resource Quota. In the set server resource quota window, in the “limit the server resource quota…” box, enter 100. Click Save. At the top right of the site collections window, you should now see at least several hundred more server resources available.
Create Site Collection

In the ribbon, click New and click Private Site Collection.
Configure Site Collection (Name)

In the new site collection dialog, in the Title box, type Contoso Test.
Configure Site Collection (Web Site Address)

In the Website Address URL box, type contosotest. Note: If the Contoso Test site collection is in the recycle bin, you might need to increment the site collection URL (for example, contosotest2). Site collections are not permanently removed from the recycle bin until after 30 days; however, you can use PowerShell to permanently delete them as will be demonstrated later.
Configure Site Collection (Template)

In the Template Selection area, click the Enterprise and Publishing tabs to review the available templates. Click the Collaboration tab and then click the Team Site template.
Configure Site Collection (Tenant Administrator)

In the Administrator box, type the tenant administrator’s user alias and then click the Check Names icon. The user name should resolve.
Configure Site Collection (Quota)

In the Server Resource Quota box, type 300. Click OK.
View Results

You will be returned to the admin center, where you can see the new site collection. It may take up to several minutes for the create action to complete; you will see a “new” tag next to it.

Congratulations!

You have successfully:

Created new site collections in the browser

Click Continue to advance to the next exercise.

Exercise 4 : Site Collection Administration: SharePoint Online Management Shell

In this exercise you will:

Explore the SPO Management Shell

Obtain site collection information from the tenant

Scenario: In this exercise, you will explore the SPO Management Shell, and use it to obtain some site collection information from the tenant.

PowerShell is especially useful when creating or managing multiple site collections or users. In this exercise and elsewhere in this lab, you will use both the browser and PowerShell methods.

Switch to SharePoint Online Management Shell

Return to the SharePoint Online Management Shell that you prepared earlier, connected to the online tenant.
Show List of Available Cmdlets for SharePoint

PowerShell has powerful built-in help and discovery tools to help you learn. These are, not surprisingly, provided through cmdlets right in the shell. For example, you can get a list of all the cmdlets that are available for SharePoint Online. At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-Command –module Microsoft.Online.SharePoint.Powershell. Don't forget to use the Type Text feature!
```
Get-Command –module Microsoft.Online.SharePoint.Powershell
```
Show List of All Site Collections

At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite -Detailed | Format-Table -AutoSize
```
Get-SPOSite -Detailed | Format-Table -AutoSize 
```
Show List of Site Template Codes

You will soon be creating site collections using PowerShell. In order to define the site templates for the new site collections, you need to know the template codes. Again, you can get these right in PowerShell. At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOWebTemplate | Select Name, Title
```
Get-SPOWebTemplate | Select Name, Title
```
OPTIONAL TASK: Export Output to Files

PowerShell can export its output to files, or import contents of a file. The output is usually more detailed than can be shown in the shell. For example, if you wanted a permanent list of site collection templates, you might use a cmdlet similar to the following (for Administrator, substitute the logged-on user alias, for example administrator, or if you are on your own machine, use your alias): Get-SPOWebTemplate | Export-Csv c:/Users/Administrator/desktop/Templates.csv. Try it and see…open the file in Excel to view the detailed list.
```
Get-SPOWebTemplate | Export-Csv c:/Users/Administrator/desktop/Templates.csv
```

Congratulations!

You have successfully:

Explored the SPO Management Shell

Obtained site collection information from the tenant

Click Continue to advance to the next exercise.

Exercise 5 : Site Collection Administration: Create a Site Collection Using PowerShell

In this exercise you will:

Create a new site collection with the SharePoint Online team site template

Confirm site creation

Perform automated bulk site creation with PowerShell

Scenario: In this exercise, you will use the SPO Management Shell to create a site collections with a single command. You will then create several site collections using a .csv file and a simple PowerShell script.

Create Site Collection with SPO Team Site Template
At the PowerShell prompt, type the following cmdlet, edit as needed, and then press ENTER: New-SPOSite -Owner @.onmicrosoft.com -StorageQuota 100 -Url https://.sharepoint.com/sites/Test01 -NoWait -ResourceQuota 25 -Template EHS#1 -TimeZoneId 10 -Title "Test 1" Where: 
- is the name of your SPO tenant 
- is the SharePoint user alias to which you want to grant ownership of the new site collection; for example, garthf or admin (it is recommended that you use the administrative owner [admin]).
When the cmdlet completes, you will be returned to the PowerShell prompt—there is no confirmation of the creation of the new site collection. You will do that in the next step.
```
New-SPOSite -Owner @.onmicrosoft.com -StorageQuota 100 -Url https://.sharepoint.com/sites/Test01 -NoWait -ResourceQuota 25 -Template EHS#1 -TimeZoneId 10 -Title "Test 1"
```
Confirm Site Creation

At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite -Detailed | Format-Table -AutoSize.
```
Get-SPOSite -Detailed | Format-Table -AutoSize
```
OPTIONAL TASK: Open New Site

In the browser, in a new tab, navigate to the new site collection to see the newly “PowerShell created” team site (https://.sharepoint.com/sites/test01).
Automated Bulk Site Creation with PowerShell

Having seen how easy it is to create a single site collection with one PowerShell cmdlet, you will now use a .csv file to create multiple site collections at once. Open Notepad and type the text block shown in the Alert window into it.

Owner,StorageQuota,Url,ResourceQuota,Template,TimeZoneID,Name
@.onmicrosoft.com,100,https://.sharepoint.com/sites/TeamSite01,25,EHS#1,10,Contoso Team Site
@.onmicrosoft.com,100,https://.sharepoint.com/sites/Blog01,25,BLOG#0,10,Contoso Blog
@.onmicrosoft.com,150,https://.sharepoint.com/sites/Project01,25,PROJECTSITE#0,10,Project Alpha
@.onmicrosoft.com,150,https://.sharepoint.com/sites/Community01,25,COMMUNITY#0,10,Community Site
```
Owner,StorageQuota,Url,ResourceQuota,Template,TimeZoneID,Name 
@.onmicrosoft.com,100,https://.sharepoint.com/sites/TeamSite01,25,EHS#1,10,Contoso Team Site
@.onmicrosoft.com,100,https://.sharepoint.com/sites/Blog01,25,BLOG#0,10,Contoso Blog
@.onmicrosoft.com,150,https://.sharepoint.com/sites/Project01,25,PROJECTSITE#0,10,Project Alpha
@.onmicrosoft.com,150,https://.sharepoint.com/sites/Community01,25,COMMUNITY#0,10,Community Site
```
Replace <Tenant>

Replace with your tenant name, for example LODSxxxx. Use Ctrl-H or Replace All in Notepad to bulk replace faster.
Replace <owner>

Replace with the alias of a user on your tenant to whom you want to grant the role of primary site collection administrator, for example Admin.
Save File

Save the file on the your desktop as C:/users/Administrator/Desktop/SiteCollections.csv. Note: Change the Save as Type: to All Files or Notepad will add the .txt file extension.
View Extraneous Characters

Before using this or any other .csv or PowerShell script file, it is good practice to make sure that there are no extraneous or non-printing characters. To do so, open the file in Word, and in the ribbon, click the “paragraph” icon to show non-printing characters. There should be no extraneous non-printing characters, for example no paragraph marks beyond the final one at the end of the file. The file should look similar to the screenshot (with and replaced by appropriate values).
Create a Site Collection (Import-CSV)

You will now create a site collection, again with just one PowerShell cmdlet. This cmdlet imports the .csv file and “pipes” it to a loop (inside the curly brackets) that reads the first line of the file as column headers. It then iterates through the remaining “records”, creating a new SPO site collection for each record and assigning properties of the site collection according to the column headers. At the PowerShell prompt, type the following cmdlet and then press ENTER: Import-Csv C:\users\Administrator\desktop\SiteCollections.csv | where {New-SPOSite -Owner $_.Owner -StorageQuota $_.StorageQuota -Url $_.Url -NoWait -ResourceQuota $_.ResourceQuota -Template $_.Template -TimeZoneID $_.TimeZoneID -Title $_.Name}
```
Import-Csv C:\users\Administrator\desktop\SiteCollections.csv | where {New-SPOSite -Owner $_.Owner -StorageQuota $_.StorageQuota -Url $_.Url -NoWait -ResourceQuota $_.ResourceQuota -Template $_.Template -TimeZoneID $_.TimeZoneID -Title $_.Name}
```
Confirm Site Creation

Wait for the PowerShell prompt to reappear (it may take a minute or two). To confirm that the sites have been created, at the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite -Detailed | Format-Table -AutoSize. Review the new site collections in the list.
```
Get-SPOSite -Detailed | Format-Table -AutoSize
```

Congratulations!

You have successfully:

Created a new site collection with the SharePoint Online team site template

Confirmed site creation

Performed automated bulk site creation with PowerShell

Click Continue to advance to the next exercise.

Exercise 6 : Site Collection Administration: Delete/Restore a Site Collection Using PowerShell

In this exercise you will:

Add content to a site collection

Delete a site collection using PowerShell

Restore a site collection with PowerShell

Scenario: When you delete a site collection in SharePoint Online, it gets moved to the recycle bin. As an administrator, you have 30 days to restore a deleted site collection, otherwise it is permanently deleted. When you do restore a site collection, all of the properties of that site collection (including content) are preserved. As you may have discovered in the previous task, the URLs for site collections in the recycle bin are “still in use,” so they cannot be used when creating new site collections. As you will see later, you can permanently delete the site collection using PowerShell if that is desired.

You can delete a site collection in the SharePoint admin center, but in this exercise you will use PowerShell for that purpose. Upon deletion, the site collection is moved to the recycle bin. In a later task, you will remove it permanently from the recycle bin. It is assumed that you successfully created the site collection test01 in a previous exercise. You will use also use PowerShell to restore the deleted site collection, noting how the content you added was preserved after the restoration.

In this task, you will first add content to an existing site collection, and then delete that site collection using PowerShell.

Open Site (Test01)

Navigate to the home page for the Test01 Site Collection (for example, https://.sharepoint.com/sites/test01).
```
https://.sharepoint.com/sites/test01
```
Create New Document

In the Documents Web part, click new and then click Word document.
Rename File

In the breadcrumb at the top of Word Web App, click Document. Type Sample to rename the document and press Enter.
Add Text

In Word Web App, type sample content (for example, This is a sample Word document).
Navigate to Home Page

In the breadcrumb at the top of Word Web App, click Contoso Team Site. Verify the new Word document is in the Documents library.
Switch to SPO Management Shell

Return to the SharePoint Online Management Shell.
Delete SPO Site Using PowerShell

At the PowerShell prompt, type the following cmdlet, edit as necessary, and press ENTER: Remove-SPOSite -Identity https://.sharepoint.com/sites/test01. When prompted, type Y and press Enter.
```
Remove-SPOSite -Identity https://.sharepoint.com/sites/test01
```
Switch to SharePoint Admin Center

Wait for the prompt to return (it may take several minutes) and then return to your browser session. You should be in the SharePoint admin center.
Open Recycle Bin

In the ribbon, click Recycle Bin.
Verify Recycle Bin Contents

Verify that the site collection has been moved to the recycle bin.
Switch to SPO Management Shell

Return to the SharePoint Online Management Shell.
Restore SPO Site Using PowerShell

At the PowerShell prompt, type the following cmdlet, edit as necessary, and then press ENTER: Restore-SPODeletedSite -Identity https://.sharepoint.com/sites/test01
```
Restore-SPODeletedSite -Identity https://.sharepoint.com/sites/test01
```
Confirm Site Restoration

Wait for the prompt to return (it may take several minutes) and then return to your browser session. Navigate back to the site collections page in the SharePoint admin center. Notice the site collection has been restored.
Navigate to Site (Test01)

Navigate to the restored test01 site collection https://.sharepoint.com/sites/test01). See that the content has also been restored (the sample document you created earlier).
Switch to SharePoint Admin Center

In the browser, return to the SharePoint admin center (contains the list if site collections) and refresh the page.

Permanently delete a site collection with PowerShell

In the previous steps, you deleted and then restored a site collection in the browser. As you may have discovered, the URLs for site collections in the recycle bin are “still in use,” so they cannot be used when creating new site collections – deleted site collections will remain in the recycle bin for 30 days by default. Fortunately, in PowerShell you can permanently delete a site collection if you need to re-use the URL immediately or if you need to increase resource capacity. In this task, you will use PowerShell to remove a site collection permanently from the recycle bin. Note: This step is irreversible. If you did not create the site collection shown in a previous part of this lab, substitute another site collection that you can delete permanently, or skip this task and move to the next exercise.
Delete SPO Collection

We will now delete the test01 site collection again, and this time follow up with permanent deletion from the Recycle Bin. At the PowerShell prompt, type the following cmdlet, edit as needed, and then press ENTER: Remove-SPOSite -Identity https://.sharepoint.com/sites/test01. When prompted, press Enter to accept the default (Yes).
```
Remove-SPOSite -Identity https://.sharepoint.com/sites/test01
```
Permanently Delete SPO Site Using PowerShell

Wait for the PowerShell prompt to reappear. At the PowerShell prompt, type the following cmdlet and then press ENTER: Remove-SPODeletedSite -Identity https://.sharepoint.com/sites/test01. When prompted, press ENTER to confirm.
```
Remove-SPODeletedSite -Identity https://.sharepoint.com/sites/test01
```
Switch to SharePoint Admin Center

Return to the SharePoint admin center, in the site collections page. Refresh the page. Confirm that the site collection test01 has been removed.

Congratulations!

You have successfully:

Added content to a site collection

Deleted a site collection using PowerShell

Restored a site collection with PowerShell

Click Continue to advance to the next exercise.

Exercise 7 : Resource Management

In this exercise you will:

Use PowerShell to manage resource usage and quotas

Inventory Resource Usage

At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –Wrap -Autosize. (Your results may not exactly match the screen shot.)
```
 Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –Wrap -Autosize
```
OPTIONAL: Generate Resource Inventory to CSV File

Because screen size in the PowerShell window is limited, we displayed only a few site collection properties. To generate a more detailed report that is exported to a .csv file, you can use the following cmdlet: Get-SPOSite –Detailed | Select * | Export-CSV c:\SiteCollectionData.csv.
```
Get-SPOSite –Detailed | Select * | Export-CSV c:\SiteCollectionData.csv
```
Modify SPO Site Collection (Project01)

Suppose you are planning to add more content to the /project01 site collection. Let’s raise its storage quota from 100MB to 1000MB and generate a warning when the usage exceeds 750 MB. At the PowerShell prompt, type the following cmdlet, edit as necessary, and press ENTER: Set-SPOSite –Identity https://.sharepoint.com/sites/project01 -StorageQuota 1000 -StorageQuotaWarningLevel 750. Note: The cmdlet may take a minute or so to complete. Wait for the prompt to reappear before moving on.
```
Set-SPOSite –Identity https://.sharepoint.com/sites/project01 -StorageQuota 1000 -StorageQuotaWarningLevel 750
```
Confirm Changes

To confirm the change, at the PowerShell prompt type the following cmdlet and then press ENTER: Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –Wrap -Autosize.
```
Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –Wrap -Autosize
```
View Tenant Resource Usage and Quota

Let’s now look at the tenant resource usage and quota. 5. At the PowerShell prompt, type or copy/paste the following cmdlet and then press ENTER: Get-SPOSite –Detailed | Select url, ResourceQuota, ResourceUsageCurrent | Format-Table –Wrap -Autosize. Note: Your results may not exactly match the screen shot.
```
Get-SPOSite –Detailed | Select url, ResourceQuota, ResourceUsageCurrent | Format-Table –Wrap -Autosize
```
OPTIONAL TASK: Modify Quota and Warning Level

In the same way as for storage usage, use the following cmdlet to increase the resource quota and set a warning level for the /project01 site collection: Set-SPOSite –Identity https://.sharepoint.com/sites/project01 ResourceQuota 50 -ResourceQuotaWarningLevel 40
```
Set-SPOSite –Identity https://.sharepoint.com/sites/project01 -ResourceQuota 50 -ResourceQuotaWarningLevel 40
```

Congratulations!

You have successfully:

Used PowerShell to manage resource usage and quotas

Click Continue to advance to the next exercise.

Exercise 8 : User Administration: Manage Profiles/Properties in Browser

In this exercise you will:

Manage user profiles and properties in the browser

Scenario: The content that appears on a user’s About Me page is gleaned from a user’s profile. As an administrator, you can “on behalf of” edit a user’s profile in the SharePoint admin center. Users have the ability to edit certain properties in their own profiles, and you as an administrator can unlock properties so that users can make additional profile edits. In this task, you will manage Garth’s profile by setting Zrinka as his manager, which would get displayed on his About Me page within the Organizational Browser. You will also unlock the Job Title property so that it can be edited by users.

Switch to SharePoint Admin Center

Navigate to the SharePoint admin center (for example, https://admin.sharepoint.com/).
Manage User Profiles

In the left navigation, click user profiles. In the People area, click Manage User Profiles.
Initiate Search (GarthF)

In the Find profiles box, type garthf and then click Find.
Edit Profile

Pause on and then click the down arrow to the right of Garth’s account name (this is not visible until you pause to the right of the account name), and then click Edit My Profile.
Review Properties

Review how certain properties can be shown either to Everyone or Only Me, with the latter option making the property visible on the About Me page only for that user.
View Properties

Garth's manager should be Zrinka Makavak. If not, in the Manager box, type zrinkam and then click the Check Names icon. Click Save and Close.
Manage User Properties

In the left navigation, click user profiles. In the People area, click Manage User Properties.
Edit Job Title

Pause on and then click the down arrow to the right of the Job Title property (again, this is not visible until you pause to the right of the property), and then click Edit.
Edit Settings (Unlock)

Scroll down to the Edit Settings area. To unlock the property, click Allow users to edit values for this property. Click OK. End users can now fill in this field from their Personal Site.

Congratulations!

You have successfully:

Manage user profiles and properties in the browser

Click Continue to advance to the next exercise.

Exercise 9 : User Administration: Manage Users and Groups with PowerShell

In this exercise you will:

Manage users and groups with PowerShell

Scenario: You can use PowerShell to manage users, groups, and permissions on a site collection. When a site collection is created, by default only the site collection administrators have access to that site collection. As the administrator for a site collection, you have to manually grant users access by specifying them as owners, members, or visitors. Of course, a user that is an owner can also add other users to SharePoint groups and thus grant access accordingly. In this task, you will add Katie Jordan to the list of Site Collection Administrators on the Project01 site collection. You will then add Zrinka Makovac to the “ Project Alpha Owners” group.

Modify Site Collection Administrators

Let’s start with adding Katie to the list of Site Collection Administrators. At the PowerShell prompt, type the following cmdlet and then press ENTER: Set-SPOUser -Site https://.sharepoint.com/sites/project01 -LoginName katiej@.onmicrosoft.com -IsSiteCollectionAdmin $true
```
Set-SPOUser -Site https://.sharepoint.com/sites/project01 -LoginName katiej@.onmicrosoft.com -IsSiteCollectionAdmin $true
```
Modify Group (Project Alpha Owners)

Next, add Zrinka to the Project Alpha Owners group. At the PowerShell prompt, type the following cmdlet, edit as necessary, and then press ENTER: Add-SPOUser -Group “Project Alpha Owners” -LoginName zrinkam@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01
```
Add-SPOUser -Group “Project Alpha Owners” -LoginName zrinkam@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01
```
Add Security Group (Auditors)

Now let’s add some new security groups to the site collection and assign permissions to the group. For example, we might want a new group called “Auditors” that has “View Only” permissions. At the PowerShell prompt, type the following cmdlet, edit as necessary, and then press ENTER: New-SPOSiteGroup -Group Auditors -PermissionLevels "View Only" -Site https://.sharepoint.com/sites/project01. Note: Group properties such as permission levels can be updated later using the SetSPOSiteGroup cmdlet.
```
New-SPOSiteGroup -Group Auditors -PermissionLevels "View Only" -Site https://.sharepoint.com/sites/project01
```
Add Member to Group (Auditors)

Next, add a user to the new “Auditors” group. In this example we are using alexd; you could use any tenant user. At the PowerShell prompt, type the following cmdlet and then press ENTER: Add-SPOUser -Group Auditors -LoginName alexd@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01
```
Add-SPOUser -Group Auditors -LoginName alexd@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01 
```
Navigate to Site (Project01)

To confirm that these additions were made to the tenant return to your browser and navigate to https://.sharepoint.com/sites/project01.
```
https://.sharepoint.com/sites/project01
```
Open Site Settings

Click Settings (gear icon at the upper right), and then click Site settings.
Open People and Groups

Click People and groups.
See More...

In the left navigation, click More...
Open Group Properties (Auditors)

Click Auditors.
Confirm Changes

See that the new group and user have been correctly provisioned.

Congratulations!

You have successfully:

Managed users and groups with PowerShell

Click Continue to advance to the next exercise.

Exercise 10 : User Administration: Automate User and Group Provisioning Using PowerShell

In this exercise you will:

Automate user and group provisioning using PowerShell

Scenario: By now, you should be familiar with how to set up automated SharePoint Online provisioning with .csv files. The basic process is to create a .csv file with headers that correspond to the parameters that the PowerShell cmdlet needs. Then, a PowerShell cmdlet or script iterates through “records” in the .csv file, provisioning the tenant. In this section, you will first create a .csv file to define a group of site collections, groups, and permissions. Next, you will create a .csv file to populate the groups with users. Finally, you will create and run a simple PowerShell script that creates and provisions the groups. The following steps assume that you successfully created the site collections Team Site01, Blog 01, and Project01 in an earlier exercise.

Create Notepad Document (GroupsAndPermissions.csv)

Open Notepad and type the text block shown in the Alert window into it.

Site,Group,PermissionLevels
https://.sharepoint.com/sites/project01,Contoso Project Leads,Full Control
https://.sharepoint.com/sites/project01,Contoso Auditors,View Only
https://.sharepoint.com/sites/project01,Contoso Designers,Design
https://.sharepoint.com/sites/TeamSite01,XT1000 Team Leads,Full Control
https://.sharepoint.com/sites/TeamSite01,XT1000 Advisors,Edit
https://.sharepoint.com/sites/Blog01,Contoso Blog Designers,Design
https://.sharepoint.com/sites/Blog01,Contoso Blog Editors,Edit
https://.sharepoint.com/sites/Project01,Project Alpha Approvers,Full Control
```
Site,Group,PermissionLevels
https://.sharepoint.com/sites/project01,Contoso Project Leads,Full Control
https://.sharepoint.com/sites/project01,Contoso Auditors,View Only
https://.sharepoint.com/sites/project01,Contoso Designers,Design
https://.sharepoint.com/sites/TeamSite01,XT1000 Team Leads,Full Control
https://.sharepoint.com/sites/TeamSite01,XT1000 Advisors,Edit
https://.sharepoint.com/sites/Blog01,Contoso Blog Designers,Design
https://.sharepoint.com/sites/Blog01,Contoso Blog Editors,Edit
https://.sharepoint.com/sites/Project01,Project Alpha Approvers,Full Control
```
Edit Notepad Document

Replace all instances of with your tenant name.
Save File

Save the file to your desktop as C:/users/Administrator/desktop/GroupsAndPermissions.csv. Note: Be sure to change to “all files” so that Notepad will not add the .txt filename extension. Optional: Open the file in Word and check for non-printing characters. Close the file.
Create Notepad Document (Users.csv)

Open a new instance of Notepad and type the text block shown in the Alert window into it.

Group,LoginName,Site
Contoso Project Leads,alexd@.onmicrosoft.com,https://.sharepoint.com/sites/proj ect01
Contoso Auditors,allieb@.onmicrosoft.com,https://.sharepoint.com/sites/ project01
Contoso Designers,bonniek@.onmicrosoft.com,https://.sharepoint.com/site s/project01
XT1000 Team Leads,dorenap@.onmicrosoft.com,https://.sharepoint.com/sites/Te amSite01
XT1000 Advisors,garthf@.onmicrosoft.com,https://.sharepoint.com/sites/ TeamSite01
Contoso Blog Designers,janets@.onmicrosoft.com,https://.sharepoint.com/sites /Blog01
Contoso Blog Editors,katiej@.onmicrosoft.com,https://.sharepoint.com/sites/B log01
Project Alpha Approvers,robinc@.onmicrosoft.com,https://.sharepoint.com/sites /Project01
```
Group,LoginName,Site 
Contoso Project Leads,alexd@.onmicrosoft.com,https://.sharepoint.com/sites/project01 
Contoso Auditors,allieb@.onmicrosoft.com,https://.sharepoint.com/sites/project01 
Contoso Designers,bonniek@.onmicrosoft.com,https://.sharepoint.com/sites/project01 
XT1000 Team Leads,dorenap@.onmicrosoft.com,https://.sharepoint.com/sites/TeamSite01 
XT1000 Advisors,garthf@.onmicrosoft.com,https://.sharepoint.com/sites/TeamSite01 
Contoso Blog Designers,janets@.onmicrosoft.com,https://.sharepoint.com/sites/Blog01 
Contoso Blog Editors,katiej@.onmicrosoft.com,https://.sharepoint.com/sites/Blog01 
Project Alpha Approvers,robinc@.onmicrosoft.com,https://.sharepoint.com/sites/Project01
```
Edit Notepad Document

Replace all instances of with your tenant name. If you wish or need to use a different set of users, replace the existing aliases with updated ones.
Save File

Save the file to your desktop as C:/users/Administrator/desktop/Users.csv. Note: Be sure to change to “all files” so that Notepad will not add the .txt filename extension. Optional: Open the file in Word and check for non-printing characters. Close the file.
Create Notepad Document (UsersAndGroups.ps1)

Open a new instance of Notepad and type the text block shown in the Alert window into it.

Import-Csv C:\users\Administrator\desktop\GroupsAndPermissions.csv | where {New-SPOSiteGroup -Group $_.Group -PermissionLevels $_.PermissionLevels -Site $_.Site}

Import-Csv C:\users\Administrator\desktop\Users.csv | where {Add-SPOUser -Group $_.Group –LoginName $_.LoginName -Site $_.Site}
```
Import-Csv C:\users\Administrator\desktop\GroupsAndPermissions.csv | where {New-SPOSiteGroup -Group $_.Group -PermissionLevels $_.PermissionLevels -Site $_.Site} 

Import-Csv C:\users\Administrator\desktop\Users.csv | where {Add-SPOUser -Group $_.Group –LoginName $_.LoginName -Site $_.Site}
```
Save File

Save the file to your desktop as C:/users/Administrator/desktop/UsersAndGroups.ps1. This is a simple PowerShell script. We will now run the script to add users and groups to multiple site collections.
Switch to SPO Management Shell

Return to the SharePoint Online Management Shell.
Change PowerShell Execution Policy

We will now assure that the script will run on your system for the duration of this PowerShell session. Note: Bypassing the execution policy is not recommended in a production environment. When you close the session, the next session will return to the default “RemoteSigned” setting. At the PowerShell prompt, type the following line and press ENTER: Set-ExecutionPolicy Bypass. At the confirmation prompt, type Y and press ENTER.
```
Set-ExecutionPolicy Bypass
```
Change Directory

Type CD C:\users\Administrator\desktop and press ENTER.
```
CD C:\users\Administrator\desktop
```
Run PowerShell Script

At the PowerShell prompt, type the following line and then press ENTER: c:\users\Administrator\desktop\UsersAndGroups.ps1 Note: Wait for the prompt to return before moving on. You will first see the groups appear as they are created, then you will see the group list repeated as users are added.
```
c:\users\Administrator\desktop\UsersAndGroups.ps1
```
Open Site Settings

In the browser, navigate to the project01 site collection, and then click Settings > Site Settings.

The remainder of this exercise is optional. You will ued the browser to confirm the changes made by the PowerShell script.
Open People and Groups

Click People and groups.
Select More...

In the left navigation, click More…
View Groups

Confirm that the groups Contoso Auditors, Contoso Designers, and Contoso Project Leads were created (you previously created the Auditors group using a single PowerShell cmdlet).
View Group Members (Contoso Designers)

Click Contoso Designers and confirm that Bonnie Kearney has been added to the group.

Congratulations!

You have successfully:

Automated user and group provisioning using PowerShell

Click Continue to advance to the next exercise.

Exercise 11 : User Administration: Remove Users from a Group Using PowerShell

In this exercise you will:

Remove users from a group with PowerShell

Scenario: In this exercise, you will use PowerShell to remove a user from a site collection security group.

Get User List

At the PowerShell prompt, type the following cmdlet, edit as necessary, and then then press ENTER:
Get-SPOUser –Site https://.sharepoint.com/sites/project01
```
Get-SPOUser –Site https://.sharepoint.com/sites/project01
```
Remove User from Group

Let’s remove Alex Darrow from the site collection Auditors group: at the PowerShell prompt, type the following cmdlet, edit as necessary, and then press ENTER: Remove-SPOUser -LoginName alexd@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01 -Group Auditors
```
Remove-SPOUser -LoginName alexd@.onmicrosoft.com -Site https://.sharepoint.com/sites/project01 -Group Auditors
```
Confirm Removal of User from Group

To confirm the removal of Alex from the Auditors group: at the PowerShell prompt, type the following cmdlet, edit as necessary, and then then press ENTER: Get-SPOUser –Site https://.sharepoint.com/sites/project01
```
Get-SPOUser –Site https://.sharepoint.com/sites/project01
```

Congratulations!

You have successfully:

Removed users from a group with PowerShell

Click Continue to advance to the next exercise.

Exercise 12 : User Administration: User Reports

In this exercise you will:

Generate user reports

Scenario: In this task, you will generate some user reports for several site collections.

Get User List

At the PowerShell prompt, type the following command, edit as necessary, and then press ENTER: Get-SPOUser -Site https://.sharepoint.com/sites/Teamsite01
```
Get-SPOUser -Site https://.sharepoint.com/sites/teamsite01
```
Generate Report (TeamSite01)

At the PowerShell prompt, type the following command, edit as necessary, and press ENTER:
Get-SPOUser -Site https://.sharepoint.com/sites/TeamSite01 | select * | Format-table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append

To make such reports more useful, we will pipe the results for several site collections to a nicely formatted text file. Be aware that the parameter –Append will add new content to an existing file.
```
Get-SPOUser -Site https://.sharepoint.com/sites/TeamSite01 | select * | Format-table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
```
Generate Report (Project01)

At the PowerShell prompt, type the following command, edit as necessary, and press ENTER:
Get-SPOUser -Site https://.sharepoint.com/sites/project01 | select * | Format-table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append

To make such reports more useful, we will pipe the results for several site collections to a nicely formatted text file. Be aware that the parameter –Append will add new content to an existing file.
```
Get-SPOUser -Site https://.sharepoint.com/sites/project01 | select * | Format-table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
```
Open Report

Open the file C:\UsersReport.txt in Notepad and view the report (your results will not necessarily match the screen shot). Note: Although the screenshot displays a fairly simple report, the cmdlets could be combined into a PowerShell script. With a bit more code, you could add other information to the report, for example the site collection name above each group. Close the report.
OPTIONAL TASK

Hint: Use Get-SPOSite and Out-File to write site collection information to the file before each Get-SPOUser cmdlet in the script. For example, the following cmdlet would add information for the project01 site collection:
Get-SPOSite https://.sharepoint.com/sites/project01 | format-table -Wrap -Autosize | Out-file c:\usersreport.txt -force -width 360 -Append
```
Get-SPOSite https://.sharepoint.com/sites/project01 | format-table -Wrap -Autosize | Out-file c:\usersreport.txt -force -width 360 -Append
```