Connect-MsolService

Getting Connect-MsolService (and other Azure Active Directory PowerShell cmdlets) to work

In this post, I’ll try to archive everything you need to download and install to get commandlets like Connect-MsolService working. I’ve had to do it a couple of times when changing laptops, so it’s good to document them somewhere! ūüôā

So, when would you need to follow this guide and install the modules described here? Mostly this comes to play, when you’re switching machines, try to run the SharePoint Online Management shell but it doesn’t even exist on the machine, or it does exist but you get random errors like this:

The term 'Connect-MsolService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

The following guide should help you out! I’ll try to keep it updated as things change.

Required installations

Depending on your use case, you might not always need all of these – but these are the ones I’ve had to recently install (on Windows 10), so these are the ones I’m going to document ūüôā

  1. Microsoft Online Services Sign-In Assistant for IT Professionals RTW
    1. https://www.microsoft.com/en-us/download/details.aspx?id=28177
  2. SharePoint Online Management Shell
    1. https://www.microsoft.com/en-us/download/details.aspx?id=35588
  3. Windows Azure Active Directory Module for Windows PowerShell (v1 – also known as MSOnline)
    1. http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185 
      1. Update 5.3.2018:¬†Microsoft actually moved this documentation, and apparently hid it behind authentication somewhere (might require Global Admin or similar on your tenant to even READ IT… That’s smart.)
      2. If you installed it before, it’ll still work, but if you didn’t, never mind. Just see below.
        1. Instead of installing the AAD module, you run this on PowerShell:
        2. Install-Module MSOnline
        3. Then hit “y” a couple of times and you should be good!
  4. Windows Azure Active Directory Module for Windows PowerShell (v2 – also simply known as AzureAD cmdlets)
    1. Verify, that you have .NET Framework 4.5 or above, or download it from here.
    2. Run this in your PowerShell window: 
      • Install-Module AzureAD
    3. If you also need Azure Remote Management (AzureRM) cmdlets (I always do!), run this in an elevated PowerShell:
      • # Install the Azure Resource Manager modules from the PowerShell Gallery
        Install-Module AzureRM

Now, to run cmdlets like “Connect-MsolService”, just start SharePoint Online Management Shell (or PowerShell).

Welp – I’m still having issues! What do?

If using the modules still fail, you might be running 64b PowerShell but installed the first cmdlets for 32b, or the other way around. In that case, you can just start the right version of PowerShell by finding it from your directory structure, 32b at least can be launched with the MSOnline imported with the following commands:

cd C:\Windows\System32\WindowsPowerShell\v1.0\
powershell.exe -NoExit -Command "Import-Module MSOnline"

Mind the PowerShell version, though (bolded above)! You might need to use a specific version to run certain scripts.


So which commandlets does this apply to?

These are the commandlets that should start working. They are here for your further reference:

See all the AzureActiveDirectory Cmdlets (v1) by clicking on this text!

AzureActiveDirectory Cmdlets (v1)

Add-MsolAdministrativeUnitMember

Adds a member to an administrative unit.

Add-MsolForeignGroupToRole

Adds a security group from a partner tenant to a Role in this tenant.

Add-MsolGroupMember

Adds a member to an existing security group.

Add-MsolRoleMember

Adds a member to an administrator role.

Add-MsolScopedRoleMember

Adds a member to an administrative unit-scoped role.

Confirm-MsolDomain

Verifies a custom domain.

Confirm-MsolEmailVerifiedDomain

Confirms ownership of an unmanaged tenant.

Connect-MsolService

Initiates a connection to Azure Active Directory.

Convert-MsolDomainToFederated

Converts the domain from using standard authentication to using single sign-on.

Convert-MsolDomainToStandard

Converts the domain from using single sign-on (also known as identity federation) to using standard authentication.

Convert-MsolFederatedUser

Updates a user in a domain that was recently converted from single sign-on.

Disable-MsolDevice

Disables a device object in Azure Active Directory.

Enable-MsolDevice

Enables a device object in Azure Active Directory.

Get-MsolAccountSku

Returns all the SKUs for a company.

Get-MsolAdministrativeUnit

Retrieves administrative units from Azure AD.

Get-MsolAdministrativeUnitMember

Gets members of an administrative unit.

Get-MsolAllSettings

Gets all directory settings object associated with tenant or group/user/service principal/application/device.

Get-MsolAllSettingTemplate

Gets all the directory setting templates that a tenant owns.

Get-MsolCompanyAllowedDataLocation

Get the current allowed data locations of a company from Azure Active Directory.

Get-MsolCompanyInformation

Retrieves company-level information.

Get-MsolContact

Gets contacts from Azure Active Directory.

Get-MsolDeviceRegistrationServicePolicy

Gets the Azure Active Directory device registration service settings.

Get-MsolDevice

Gets an individual device, or a list of devices.

Get-MsolDirSyncConfiguration

Gets the directory synchronization settings.

Get-MsolDirSyncFeatures

Gets the status of identity synchronization features for a tenant.

Get-MsolDirSyncProvisioningError

Checks for objects with synchronization provisioning errors in a tenant.

Get-MsolDomain

Retrieves a domain Microsoft Azure Active Directory.

Get-MsolDomainFederationSettings

Gets key settings for a federated domain.

Get-MsolDomainVerificationDns

Gets DNS records necessary to verify a domain.

Get-MsolFederationProperty

Displays the properties of the Active Directory Federation Services 2.0 server and Microsoft Online.

Get-MsolGroup

Retrieves a group from Microsoft Azure Active Directory.

Get-MsolGroupMember

Retrieves all members of the specified group.

Get-MsolHasObjectsWithDirSyncProvisioningErrors

Get-MsolPartnerContract

Gets a list of contracts for a partner.

Get-MsolPartnerInformation

Retrieves company-level information for partners.

Get-MsolPasswordPolicy

Gets the current password policy for a tenant or a domain.

Get-MsolRole

Gets administrator roles.

Get-MsolRoleMember

Gets members of a role.

Get-MsolScopedRoleMember

Gets members of a role who are granted that role over an administrative unit.

Get-MsolServicePrincipal

Retrieves a service principal or list of service principals from Microsoft Azure Active Directory.

Get-MsolServicePrincipalCredential

Gets credentials associated with a service principal.

Get-MsolSettings

Gets a directory setting.

Get-MsolSettingTemplate

Gets a directory setting template.

Get-MsolSubscription

Gets subscriptions.

Get-MsolUser

Gets users from Azure Active Directory.

Get-MsolUserByStrongAuthentication

Gets users based on strong authentication type.

Get-MsolUserRole

Retrieves a list of roles that the specified user is a member of.

New-MsolAdministrativeUnit

Adds a new administrative unit to Azure Active Directory.

New-MsolDomain

Add a domain to Azure Active Directory.

New-MsolFederatedDomain

Adds a new single sign-on domain to Microsoft Online Services and establishes the relying party trust.

New-MsolGroup

Adds a new group to the Azure Active Directory.

New-MsolLicenseOptions

Creates a License Options object.

New-MsolServicePrincipal

Adds a service principal to Azure Active Directory.

New-MsolServicePrincipalAddresses

Creates a service principal address.

New-MsolServicePrincipalCredential

Add a credential key to a service principal.

New-MsolSettings

Creates a directory setting.

New-MsolUser

Creates a user in Azure Active Directory.

New-MsolWellKnownGroup

Creates a well-known group.

Redo-MsolProvisionContact

Retries the provisioning of a contact object in Azure Active Directory.

Redo-MsolProvisionGroup

Retries the provisioning of a group object in Azure Active Directory.

Redo-MsolProvisionUser

Retries the provisioning of a user object in Azure Active Directory.

Remove-MsolAdministrativeUnit

Deletes an administrative unit from Azure Active Directory.

Remove-MsolAdministrativeUnitMember

Removes a member from an administrative unit.

Remove-MsolApplicationPassword

Removes a password for an application.

Remove-MsolContact

Removes a contact from Azure Active Directory.

Remove-MsolDevice

Remove a device object from Azure Active Directory.

Remove-MsolDomain

Removes a domain from Azure Active Directory.

Remove-MsolFederatedDomain

Removes a single sign-on domain from the domains in Microsoft Online.

Remove-MsolForeignGroupFromRole

Removes a security group from a partner tenant.

Remove-MsolGroup

Removes a group from Azure Active Directory.

Remove-MsolGroupMember

Removes a member from a security group.

Remove-MsolRoleMember

Removes a member from an administrator role.

Remove-MsolScopedRoleMember

Removes a user from an administrative unit-scoped role.

Remove-MsolServicePrincipal

Removes a service principal from Azure Active Directory.

Remove-MsolServicePrincipalCredential

Removes a credential key from a service principal.

Remove-MsolSettings

Removes a directory setting.

Remove-MsolUser

Removes a user from Microsoft Azure Active Directory.

Reset-MsolStrongAuthenticationMethodByUpn

Resets the strong authentication method by using a user principal name.

Restore-MsolUser

Restores a deleted user.

Set-MsolADFSContext

Sets the context and credentials to connect to Microsoft Online and to the Active Directory Federation Services 2.0 server.

Set-MsolAdministrativeUnit

Updates the properties of an administrative unit.

Set-MsolCompanyAllowedDataLocation

Sets an allowed data location for a service type for a company in Azure Active Directory.

Set-MsolCompanyContactInformation

Sets company-level contact information.

Set-MsolCompanyMultiNationalEnabled

Enables the multinational feature for a service type for a company with Azure Active Directory.

Set-MsolCompanySecurityComplianceContactInformation

This cmdlet is not in use by any online service, so please consider it deprecated.

Sets company-level security and compliance contact preferences.

Set-MsolCompanySettings

Sets company-level configuration settings.

Set-MsolDeviceRegistrationServicePolicy

Sets the Azure Active Directory device registration service settings.

Set-MsolDirSyncConfiguration

Modifies the directory synchronization settings.

Set-MsolDirSyncEnabled

Turns directory synchronization on or off for a company.

Set-MsolDirSyncFeature

Sets identity synchronization features for a tenant.

Set-MsolDomain

Modifies settings of a domain.

Set-MsolDomainAuthentication

Changes the authentication type of the domain.

Set-MsolDomainFederationSettings

Updates settings for a federated domain.

Set-MsolGroup

Updates a security group.

Set-MsolPartnerInformation

Sets company information for partners.

Set-MsolPasswordPolicy

Updates the password policy of a specified domain or tenant.

Set-MsolServicePrincipal

Updates a service principal in Microsoft Azure Active Directory.

Set-MsolSettings

Updates a directory setting in Azure Active Directory.

Set-MsolUser

Modifies a user in Azure Active Directory.

Set-MsolUserLicense

Updates the license assignment for a user.

Set-MsolUserPassword

Resets the password for a user.

Set-MsolUserPrincipalName

Changes the user ID for a user.

Update-MsolFederatedDomain

Updates the settings in both the Active Directory Federation Services 2.0 server and Microsoft Online.


 

See all the Azure AD v2 cmdlets by clicking on this text!

Azure AD v2 cmdlets in verb order 

 

Add-SPOUser

Adds an existing Office 365 user or an Office 365 security group to a SharePoint group.

Connect-SPOService

Connects a SharePoint Online global administrator to a SharePoint Online connection (the SharePoint Online Administration Center). This cmdlet must be run before any other SharePoint Online cmdlets can run.

Disconnect-SPOService

Disconnects from a SharePoint Online service.

Get-SPOAppErrors

Returns application errors.

Get-SPOAppInfo

Returns all installed applications.

Get-SPODeletedSite

Returns all deleted site collections that are in the Recycle Bin.

Get-SPOExternalUser

Returns external users that are located in the tenant’s folder based on specified criteria.

Get-SPOSite

Returns one or more site collections.

Get-SPOSiteGroup

Returns all the groups on the specified site collection.

Get-SPOTenant

Returns SharePoint Online organization properties.

Get-SPOTenantLogEntry

Retrieves SharePoint Online company logs.

Get-SPOTenantLogLastAvailableTimeInUtc

Returns the time when the SharePoint Online organization logs are collected.

Get-SPOTenantSyncClientRestriction

Returns the current tenant configuration status.

Get-SPOUser

Returns the SharePoint Online user or security group accounts that match given search criteria.

Get-SPOWebTemplate

Shows all site templates that match the given identity.

New-SPOSite

Creates a new SharePoint Online site collection for the current company.

New-SPOSiteGroup

Creates a new group in a SharePoint Online site collection.

Remove-SPODeletedSite

Removes a SharePoint Online deleted site collection from the Recycle Bin.

Remove-SPOExternalUser

Permanently removes a collection of external users from the tenant’s folder.

Remove-SPOSite

Sends a SharePoint Online site collection to the SharePoint Online Recycle Bin.

Remove-SPOSiteGroup

Removes a SharePoint Online group from a site collection.

Remove-SPOTenantSyncClientRestriction

Disables the feature for the tenancy.

Remove-SPOUser

Removes a user or a security group from a site collection or a group.

Repair-SPOSite

Checks and repairs the specified site collection and its contents.

Request-SPOUpgradeEvaluationSite

Requests to create a copy of an existing site collection for the purposes of validating the effects of upgrade without affecting the original site.

Restore-SPODeletedSite

Restores a SharePoint Online deleted site collection from the Recycle Bin.

Set-SPOSite

Sets or updates the values of one or more properties for a site collection.

Set-SPOSiteGroup

Updates the SharePoint Online owner and permission level on a group inside a site collection.

Set-SPOTenant

Sets properties on the SharePoint Online organization.

Set-SPOTenantSyncClientRestriction

Enables the tenancy and sets the domain GUIDs.

Set-SPOUser

Configures properties on an existing user.

Test-SPOSite

Tests a SharePoint Online site collection.

Upgrade-SPOSite

Starts the upgrade process on a site collection.

 


 

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!