Manage Cloud Identities with PowerShell – Lesson 3.3

References

 

Mock Exam Question Samples

When managing users in Office 365, it is important to properly configure their password settings. You can create a password policy that allows you to manage password complexity, password resets, and password expiry notifications. Although it is not recommended, it is possible to set a single user or all users’ password to never expire using Windows PowerShell. Which cmdlet would you use to set all user passwords to never expire? Choose the best option(s) from those listed below.

A: Get-MsolUser -UserPrincipalName <user ID> | Select PasswordNeverExpires

B: Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

C: Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires

D: Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true

 

Explanation: To set user passwords to never expire in Office 365, you need to use PowerShell. The Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true PowerShell cmdlet is required to set user passwords to never expire for all users. Although it can be done, it is not recommended to set a user password to never expire.

Correct Option(s): B: Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

Incorrect Option(s):

  • A: Get-MsolUser -UserPrincipalName <user ID> | Select PasswordNeverExpires – The Get-MsolUser -UserPrincipalName <user ID> | Select PasswordNeverExpires PowerShell cmdlet is used to verify if a specific user’s password is set to expire. This cmdlet is not used to set a password to never expire for all users
  • C: Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires – The Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires PowerShell cmdlet is used to view the “Password never expire” settings for all users. This cmdlet is not used to set a password to never expire for all users
  • D: Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true – The Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true PowerShell cmdlet is used to set a password to never expire for a single user. This cmdlet is not used to set a password to never expire for all users.

Office 365 has a feature that allows administrators and users to recover deleted items. When an item is deleted, it goes to the Recycle Bin. The Recycle Bin will keep those items for a certain period of time (30 days by default) before the item is permanently deleted. Five users have left the company and you want to hard delete their accounts from the Recycle Bin. Which PowerShell cmdlet should you use? Choose the best option(s) from those listed below.

A: Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

B: Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID

C: Restore-MsolUser -ObjectId <GUID> -AutoReconcileProxyConflicts -NewUserPrincipalName <New User name>

D: Remove-MsolUser -ObjectID -RemoveFromRecycleBin -Force

 

Explanation: There are two delete types in Office 365, soft delete and hard delete. The soft delete is the first delete that moves the deleted item to the Recycle Bin. The hard delete is deleting the item from the Recycle Bin. To perform a hard delete, you need to use Windows PowerShell. If deleting users, you can either perform a hard delete for a single user or for bulk users. To perform a bulk delete, you would use the Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force cmdlet.

Correct Option(s): A: Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

 

Incorrect Option(s):

  • B: Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID – The Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID cmdlet is used to list the GUIDs of the user accounts that are listed in the deleted users container. This cmdlet will not delete users from the Recycle Bin.
  • C: Restore-MsolUser -ObjectId <GUID> -AutoReconcileProxyConflicts -NewUserPrincipalName <New User name> – The Restore-MsolUser -ObjectId <GUID> -AutoReconcileProxyConflicts -NewUserPrincipalName <New User name> cmdlet is used to restore user accounts using the user GUID. This cmdlet will not delete users from the Recycle Bin.
  • D: Remove-MsolUser -ObjectID -RemoveFromRecycleBin -Force – The Remove-MsolUser -ObjectID -RemoveFromRecycleBin -Force cmdlet is used to delete a specific user account from the Recycle Bin. This cmdlet will not delete multiple users from the Recycle Bin.

To speed up Windows Azure AD tenant-based administrative tasks, you can use Windows PowerShell. PowerShell can be used to perform user management tasks, domain tasks, and manage subscriptions and licenses. You need to use Windows PowerShell to add a new license for a user, which cmdlet should you use? Choose the best option(s) from those listed below.

A: Get-MsolSubscription

B: Set-MsolUser

C: New-MsolLicenseOptions

D: Set-MsolUserLicense

 

Explanation: The Set-MsolUserLicense PowerShell cmdlet is used to manage user licenses. You can use this cmdlet to add or remove licenses as well as update license options.

Correct Option(s): D: Set-MsolUserLicense

 

Incorrect Option(s):

  • A: Get-MsolSubscription – The Get-MsolSubscription PowerShell cmdlet is used to display all the subscriptions that the company has purchased. This cmdlet is not used to add new licenses.
  • B: Set-MsolUser – The Set-MsolUser PowerShell cmdlet is used to update basic user objects such as address, phone, and department. This cmdlet is not used to add new licenses.
  • C: New-MsolLicenseOptions – The New-MsolLicenseOptions PowerShell cmdlet creates a new License Options object. IT can be used to disable service plans that are included with a license. This cmdlet is not used to add new licenses.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s