Active Roles Server 7.0.2 workflow for automatically assign Office 365 license to AD user

You have mentioned two criteria for the Office 365 licensing Group OR OU.

The first one is easy - set the "start condition" for your workflow to respond to a member added to the group. The "member add" is configured at the top of the workflow start conditions dialog and the group name is specified in the filtering conditions at the bottom of this dialog.

For "OU", there are potentially two workflow start condition cases to consider: A user create and a user move.

Let's focus on the "user create". Here again, you would specify a start condition of "Object class: user, action: create" and then in the middle of the workflow start conditions dialog, you can specify one or more OUs that you want to "watch".

Now you must create a "script activity" to perform the licensing that you will add to your workflow.

You will first need to add a new "script module" to ActiveRoles of the type "Policy Script".

You should place the code of your script inside a function (the name can be anything but you must reference it when you add the "script activity" to your workflow):

Function LicenseOffice365User ($Request)
{

# Code goes here

}


It needs to do the following:

1. Capture the name of the current user being processed

The simplest way to get this is something like this:

$CurrentUser = Dirobj.get("userprincipalname")

(I'm assuming that your users' userprincipalname attributes match your Office 365 user IDs. If not, substitute another attribute ("mail" is a logical choice) for userprincipalname above.

2. Launch a remote powershell session with office 365. You will need to supply the credentials for this - probably best to get the password from an encrypted text file stored on your ActiveRoles server. There's sample code on the web for this.

3. Set the license information.

The article below is helpful for items 2 and 3 above.

windowsitpro.com/.../office-365-licensing-windows-powershell

You have mentioned two criteria for the Office 365 licensing Group OR OU.

The first one is easy - set the "start condition" for your workflow to respond to a member added to the group. The "member add" is configured at the top of the workflow start conditions dialog and the group name is specified in the filtering conditions at the bottom of this dialog.

For "OU", there are potentially two workflow start condition cases to consider: A user create and a user move.

Let's focus on the "user create". Here again, you would specify a start condition of "Object class: user, action: create" and then in the middle of the workflow start conditions dialog, you can specify one or more OUs that you want to "watch".

Now you must create a "script activity" to perform the licensing that you will add to your workflow.

You will first need to add a new "script module" to ActiveRoles of the type "Policy Script".

You should place the code of your script inside a function (the name can be anything but you must reference it when you add the "script activity" to your workflow):

Function LicenseOffice365User ($Request)
{

# Code goes here

}


It needs to do the following:

1. Capture the name of the current user being processed

The simplest way to get this is something like this:

$CurrentUser = Dirobj.get("userprincipalname")

(I'm assuming that your users' userprincipalname attributes match your Office 365 user IDs. If not, substitute another attribute ("mail" is a logical choice) for userprincipalname above.

2. Launch a remote powershell session with office 365. You will need to supply the credentials for this - probably best to get the password from an encrypted text file stored on your ActiveRoles server. There's sample code on the web for this.

3. Set the license information.

The article below is helpful for items 2 and 3 above.

windowsitpro.com/.../office-365-licensing-windows-powershell