This content is part of the Essential Guide: The essential admin's guide to Office 365 PowerShell

Simple SharePoint PowerShell commands

An expert shares insights into simple PowerShell scripting magic that could shave hours off your Office 365 and SharePoint administration task list.

PowerShell is now the lingua franca of all Microsoft products and services, and, in some cases, there isn't an alternative way to administrate SharePoint systems.

With that, here are common administrator tasks for SharePoint Online, Office 365 and on-premises deployments, along with tips on how to accomplish them all using SharePoint PowerShell commands.

Lock down and configure sharing

One of the biggest draws to SharePoint Online in Office 365 is the ability to create extranet-like functionality with a couple of clicks.

For example, you can share a document, document library or even whole site access with users external to your organization without worrying -- at least from the end-user's perspective -- about data federation, identity management, mapping credentials and all of that jazz.

But companies with more stringent or sensitive regulatory and compliance requirements might want to completely disable users outside their own Office 365 tenant from gaining access or even receiving invitations to the content stored within their tenant.

Use this SharePoint PowerShell command to completely disable external sharing:

Set-SPOSite –Identity -SharingCapability Disabled

To enable both external user and also guest (i.e., unauthenticated) access, use this SharePoint PowerShell command:

Set-SPOSite –Identity -SharingCapability ExternalUserAndGuestSharing

To enable only authenticated external users without guests to have content shared with them, use this command:

Set-SPOSite –Identity -SharingCapability ExternalUserSharingOnly

Examining and auditing external access

Along those same lines, you might want to know the state of sharing on your tenant. The following SharePoint PowerShell scripts will spit out sharing status and also who has received invitations outside your organization for each site in your tenant:

$SitesToAudit = Get-SPOSite | Where-Object {$_.SharingCapability –ne "Disabled}

ForEach-Object ($Site in $SitesToAudit)
Write-Host $Site.URL " has " $Site.SharingCapability " configured"
Get-SPOExternalUser –SiteUrl $Site.URL | Select DisplayName, Email, InvitedBy, WhenCreated | Format-Table –AutoSize

Search logs for error identification numbers

Often, you will get cryptic error messages when rather complex operations on your SharePoint deployment go wrong. These warnings and errors will give you a correlation ID, which is basically SharePoint speak for an error identification number. (I guess it sounds more complex when you call it a correlation ID, but I digress.)

Luckily, there is a simple SharePoint command that will trawl through your error logs, find events matching the specified correlation ID and save them to a separate log file for easier analysis. Here's a sample correlation ID:

Merge-SPlogfile –Path c:\logs\sharepointerror.log –Correlation b966fcdd-647d-4859-80c8-95a2a746bd6a

Script your way into Office 365 in one click

To manage Office 365 through PowerShell, you have to create a remote session to the Office 365 servers to run commands against the service. Sometimes, it's a little clunky.

Here's a simple SharePoint script that you can run to get yourself logged in and ready to roll:

$URL = ""
$Credentials = Get-Credential -Message "Enter your Exchange Online or Office 365 administrator credentials"
$CloudSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $URL -Credential $Credentials -Authentication Basic -AllowRedirection -Name "Office 365/Exchange Online"
Import-PSSession $CloudSession –Prefix "365"

First, it defines the URL of the Office 365 servers as a variable, and then it also defines another variable to hold your credentials; that variable calls the Get-Credential command with a brief message explaining which credentials are needed, and it hashes and stores the results inside the variable.

Then, it defines the CloudSession variable that contains the results of the New-PSSession cmdlet, which connects to the URL with the credentials stored in both of those respective variables.

Finally, it imports the remote PowerShell session and command namespace into the console and prefixes all of the remote commands with a 365 to avoid collisions with the local versions of those commands. That's in case you're managing, say, SharePoint on-premises as well as Office 365. (Save this with a PS1 extension and run it whenever you need to connect up to Office 365 to do some management. You'll save yourself time.)

Onboarding lists of new users to an Office 365 tenant

In this example, we will do some scripting magic that could shave hours off your SharePoint admin task list.

If you regularly work with different clients and consistently add groups of users to the Office 365 tenants you manage, you could save time by automating setting up users and assigning them the appropriate Office 365 licenses. PowerShell is fantastic at this type of rote work; it just asks you to assign some variables and tell it what to do with a list of things over which it can iterate.

Here, we will use a comma-separated values (CSV) file with only one column: the user principal name (UPN) of the users you want to add. You can add other things to the file as well, such as first and last names, but in the meat of this task we'll focus on only the UPN, which is what your users will use to access the Office 365 accounts this script creates. 

Once you are tied into Azure Active Directory within SharePoint PowerShell, use the following command to get a list of the types of licenses available in your tenant:


Look on this list and find the name of the service plan -- also called a SKU type or license type -- you want to assign to these new users. You'll need the whole name, which might look like "yourorg:SHAREPOINTWAC" or "SHAREPOINTENTERPRISE" or something similar. Then, import your list of users from the CSV file:

$UsersToAdd = Import-Csv c:\documents\listofusers.csv

Then, connect to the Microsoft Online Service with administrator credentials:


Next, set some variables so you can insert the SKU type that you found above and usage location into the command we will use to iterate over the list of users and create and assign their licenses:

$LicenseToAdd = " yourorg:SHAREPOINTENTERPRISE "
$UsageLocation = "US"
$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $LicenseToAdd

Finally, do the hard work by calling the users variable, which stores the output of the CSV file. Set the usage location and licenses for each user listed in there:

$Users | ForEach-Object {
New-MsolUser –UserPrincipalName $_.UserPrincipalName
Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $LicenseToAdd -LicenseOptions $LicenseOptions

Next Steps

Office 365 inconsistencies in archiving

Want to migrate to SharePoint 2016?

Dig Deeper on Enterprise SharePoint strategy