Who doesn’t love a clean and tidy environment, do you? This also applies for your license assignments in Office 365 and Azure AD. As time passess it is likely to have users with direct license assignments or users which still have old trial licenses assigned. To get rid of those assignments I created a PowerShell script with removal and reporting functionality.
Identify direct license assignments
In the Azure Portal we recognize direct license assignments on a user account by viewing the “Assignment Paths”:
With the MSOnline PowerShell module we can view the Licenses property of a user and retrieve a nested property called: GroupsAssigningLicense. The GroupsAssigningLicense property contains either:
- An empty array if the license was not inherited from a group -> direct assignment
- An array with objectId’s
- If the array contains the user’s objectId -> direct assignment
Example 1: User with objectId 36c9b091-fe88-4dc2-a9e1-2662020b4bab has group based license assignment and direct assignment:
| |
Example 2: User has no inherited licenses from a group:
| |
PowerShell Script
You find the PowerShell script on my techblog GitHub repository.
Before removing any license assignments I strongly advice you to run the script with the -WhatIf option and to check your assignments. If you remove licenses from accounts this will disable the associated services.
Prerequisites
- Before running the script make sure that you have the
MSOnlinePowerShell module installed - Connect to MSOnline with:
Connect-MsolService
Available parameters
Execute the script via dot sourcing:
& ".\Invoke-CleanupAADDirectLicenseAssignments.ps1"
… and pass your desired parameters:
To predict changes: -WhatIf
To predict changes and save csv report to script directory:
-WhatIf -SaveReport
Remove direct license assignments by calling the script without parameters:
& ".\Invoke-CleanupAADDirectLicenseAssignments.ps1"
