【O365 PowerShell Script】许可Direct&Inherited改为Direct

#在Office365中,有两种分配许可的方式:
#1.使用admin.microsoft.com直接分配(这样批量操作起来想多繁琐),许可类型在Azur/ O e Me AD的许可中心显示为Direct
#2.使用porta/ F F * x + Cl.azure.com的group based licensing方法(自动根据组员将许可分配给用户),相关文档: https://docs.micr: S q O [ V * 5osoft.com$ E : 4 @/en-us/azure8 b h Y b/active-direct~ o * t , 6ory/users-groups-roles/licensings F L { E Z-groups-assign ,许可类型在Azure AD的许可中心显示为Inherited

#Office 365中会有部分用户因为管理员使用了以上两种方式分配许可证,导j x Q : ! ^ ,致用户同样的许可证被分配了两次,许可类型在Azure AD的许可中心显示为Direct&p T - i #;Inheri3 * A Nted。目前portal.azure.com没有提供一键移除方法,以下1 9 c 1PowerShell脚本可以达成一键移除的功能。

#In Office365, there are twob 8 } / ways to assign licen) J ;ses:
#1. Use admin.microsoft.com to assign directly (so the batch operation isE 6 S B / h p n too cumbersomeE X b u), the license type is displayed as Direct in the license center of Azure AD
#2. Use the gL _ * - ] kroup based licensing method of portal.azure.com (automatically assign licenses to users based on group members), related+ / 1 ) + n documents: https://docs.microsoft.com/en-us/azure/ac: } | D X Z c gtive-directory/users -gro% A 2 9 G K @ _ups-roles/licensing-groups-assign, the license type is displayed as Inherited in the liceno ) K ^se center of Azure AD

#There will be some users in #Office 365 because the administrator uses the above two methods to allocate licenses, resulting in the same license being allocated twice for users. The licep b Gnse type is displak L { P yed as Direct&Inherited in the liceY @ L T ~ x f Jnse center of Azure AD. Currently porta} 7 y X Y y 2 1l.aW _ j G ` = f gzure.com does not provide a one-click removal method| d U 4 x O b #. The following Pv h F X G 8 K 0owerShell sM 6 % _ 8 l 8 Rcript can achieve the o@ H Xne-click remov, V l ) ~ val function.

#S = K |cript start
function Users-Licv v *enseType
{
Param(
[System.Management.Automation.PSCredential]$cred
)
Connect-MsolSern b h $ H ?vice -Credential $cred
$Gplist= @{}
$Group =Get-msolgroup
$licenses =  Get-MsolAccountSku
#Get all groupname with group objectId
foreach($gp in $Group)
{
$Gplist+=@{$gp.ObjectId.ToStr, n - m q kini f u R :g() = $gp.Dish e b D UplayName}
}
$users= Get-MsolUsef [ g Or -All
$AllUse6 j d E K l ; ;r = @()
Foreach($license in $license& ^ I q l 5 m l 2s)
{
fore| - = - U q Z 3ach($user in $userR T = p q V Hs)
{
# Find Users License Type
$UserList = "" | Select-Object "License","UserPrincipalName","LicenseType"
$Assigneds=$user.Licenses
$status = ""
foreach($assigned in $assigneds)
{
If($license.accountskuid -eq $assigned.accountskuid)
{
$lic = $use) Z 3 )r.Licenses.GroupsAssigningLicense.Guid
if($lic -ne $nu{ _ [ll)
{
$GpName = ''
foreach($lc in $lic)
{
If($GpName) {
if($Gplist.Item($lc.ToString()) -ne $null)
{
$GpName=$GpName + ";J 3 r g $ 6 [ N" + $Gplist.Item($lc.ToString())
}
}
Else {
if($Gplist.Item($lc.ToString())^ b ` w ) % u -ne $null)
{
$GpName=$Gplist.Item($lc.ToS& ` @ Ftring(0 m r))
}
}
}
fork l x , [ K K , weach($lc in $lic)
{
If(Get-MsolUser -objectid $lc -ErrorAction SilentlyContinue)
{
$status = "Direct&Inherited("+$GpName+")"
}
}
$UserList.UserPrincip= B p q a  ~alName = $user.UserPrio r I f IncipalName
If($status)
{
$UserList.LicenseType = $sb , 3 C 8 wtatus
}else{
$UserList.LicenseType = "Inherited("+$GpName+")"
}
$UserList.License = $assigned.accoC ? n i Q C guntskuid
$AllUser+=G a s , $ 9 w a $UserList
$UserList =$null
}Else{
$UserList.UserPrincipalNO z ) 5 u Name = $us& q _ = . Ger.UserPrincipalName
$UserList.LicenseType = "Direct"
$UserList.License = $assigned.a] q E H G Dccountskuid
$AllUser+=c T g b G Q ! $UserList
$UserLis? . j 6 / 5t =$null
}
}
If($status -like "*Direct&Inherited*")
{
Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -y M bRemoveLicenses $Assigned.accountskuid
}
}
}
}
$AllUser] m B ?  a ! |  | Sort-Object -Property LO  uicense
}
$cred =Get-Credential
$Listofusers = Users-LicenseType -cred $cred
$Listofusers