Rule description
This hybrid rule queries the specified Active Directory scope and each user that satisfies specific criteria assigns the selected Office 365 license plans and options to the Office 365 account with an identical UserPrincipalName (UPN).
It is possible to use Ignore option to completely exclude the license plan from the rule. In this case, this licensing plan and its options will be ignored by the rule. If a user already has assigned options from this plan, these options will be preserved. If a user doesn't have the options from this plan, these options won't be assigned.
Video Tutorial
When to use this rule
These are some typical license assignment scenarios, supplied with recommendations on an optimal configuration for the rule settings.
-
Assign Office 365 license to newly created user accounts that have not been licensed:
- You can configure the rule to assign a license to recently created accounts only. For more information on how to do this, please see the Initialization script setting described below.
- Set the Apply to unlicensed users only setting to Yes to enforce licenses only to unlicensed users.
- Set the Exclude Office 365 disabled users setting to Yes to exclude Office 365 disabled user accounts.
- Set the Exclude disables users from hybrid mapping setting to Yes to exclude disabled Active Directory user accounts.
- As usage location is mandatory to assign a license to an Office 365 user account, set the Change UsageLocation only if not set setting to Yes and pick a value for the Usage Location setting.
- For the License options setting, select the plan to be assigned and configure its options.
- Ensure that all users in the scope have specific license plans and options assigned, and other conflicting plans revoked:
- Set Apply to unlicensed users only setting to No.
- Set the Exclude Office 365 disabled users setting and Exclude disables users from hybrid mapping setting to Yes to only include live user accounts.
- For the License options setting, select the plan to be assigned and configure its options. Set Revoke setting for conflicting plans. Set Ignore setting for all the other plans.
-
Add or remove license plan or option in bulk, to all users in the specified scope:
- Set Apply to unlicensed users only setting to No.
- Set the Exclude Office 365 disabled users setting and Exclude disables users from hybrid mapping setting to Yes only to include live user accounts.
- For the License options setting, select the plan or option to be assigned. Set Ignore setting for all the other plans.
Rule configuration:
-
Query section: limit the query scope and set the query criteria
-
Action section: specify license options to enforce to Office 365 users
- Select Ignore option next to the plans you want to exclude from the rule execution and preserve its current assignment state on users.
Query Section
Setting name | Description |
---|---|
General Settings | |
Limit AD scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
AD query criteria |
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
Filter AD query results |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name. Tip: For optimal performance, use Query criteria above to filter objects whenever possible.
|
Apply to unlicensed users only |
Apply licenses to unlicensed users only or all users. Tip: Configuring this setting to Yes will significantly improve performance for initial license assignment to newly created user accounts.
|
Exclude Office 365 disabled users |
This setting allows to exclude Office 365 disabled users from the rule scope or to include them. |
Filter Office 365 query results |
To hide unwanted data returned by the query, set the filtering conditions. |
More options |
|
Returned properties |
To display additional Office 365 properties for each object found by the query, add those properties to the list. |
Sort by |
Sort result objects list. |
Exclude disabled users from hybrid mapping |
Excluding disabled AD user accounts from the hybrid mapping is possible. |
Exclude shared mailboxes |
Excluding shared mailboxes is possible. |
Maximum number of users |
The maximum number of users returned from Office 365 by default is 2000. Tip: It is possible to change the default value in Microsoft Office 365 extension settings.
|
Stop rule if errors exceed |
Too many errors may indicate rule misconfiguration or problems with connectivity. Set this value to some integer value, indicating the number of occurred errors, when the rule execution should stop. |
Stop rule if tenant licensing change detected |
It is recommended to stop the rule execution if a tenant licensing change is discovered. Tip: If licensing change is detected, you should click Update License in Microsoft Office 365 extension. For details, see KB20181017-1.
|
Initialization script |
|
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Action Section
Setting name | Description |
---|---|
License options |
Select which Microsoft Office 365 license plans and options to assign or revoke to Office 365 user accounts. Tip: You could use Ignore option to exclude the plan from the rule entirely. In this case, this plan and its options won't be taken into consideration at all. Those users that have this plan and options assigned would preserve the plan and options. Those users that don't have this license plan and options assigned would preserve that state.
|
License update order |
Select a method to assign selected license plans and options:
Note: In most cases Revoke Previous then Assign New option should be used. Please contact Cayosoft support before changing the default value.
|
Enforce license precedence (Advanced) |
For details, see KB20181026-1.
|
Change UsageLocation only if not set |
Specify whether to keep the current user's usage location or change it to a new one. |
Usage Location |
Select the usage location. Important: If Office 365 user accounts don't have a location attribute set, Office 36 license won't apply to them, and the rule will stop with the error. If you use Usage Location from AD value for this setting, you must be sure all Active Directory user accounts, that fall under this rule this, have a location attribute set. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
9.1.0 | Domain Controller and Credentials settings have been removed. |
7.3.0 | The rule supports mapping between the Active Directory user account and the Cloud user account by anchor attributes. |
6.3.1 |
Exclude shared mailboxes setting is added. |
6.2.0 |
The rule supports linked mailboxes. |
5.4.0 |
The rule is optimized and updated, and new License options control added. The rule supports linking to web actions as rules to run after the web action. |
Comments
0 comments
Please sign in to leave a comment.