Unlicensed OneDrive charges as of Jan 2025 and analysis

If you work in a MS-based environment, it is likely you have seen that as of January 27th 2025, you will start getting charged for retained OneDrive data.

https://learn.microsoft.com/en-us/sharepoint/unlicensed-onedrive-accounts?WT.mc_id=365AdminCSH_spo 

The storage cost for the will be $US 0.05/GB/Month – which can add up very quickly.

https://mc.merill.net/message/MC836942

In the environment i’ve recently started working in, there was a guy who was previously working in the role, who i am growing to absolutely despise, who made sure that we would experience maximum hassle when trying to extricate ourselves from his exceedingly poor and short-sighted decisions.

 

Step 1 – Determine the size of the issue

  • Go to SharePoint admin center > Reports > OneDrive accounts
  • You will be presented with the size of your issue immediately. Here is an example from my work tenant.
  • Assuming you have an issue, click “Download report”
  • This report will give us three important things
    • The direct urls for the onedrive sites we are interested in looking at
    • The reason the OneDrive is unlicensed
    • Why the deletion has been blocked

Step 2 – Analysing the report data

  • In the “Unlicensed due to” column you will see 3 options
    • Owner deleted from EntraID
      • Reasonably self-explanatory. The account has been deleted, but importantly, no-one else has been granted ownership over the OneDrive – and it is likely safe to delete
    • License removed by admin
      • License has been removed, but the user still exists. In our environment this seemed to be mainly shared resources that were accidentally allocated a license when they were created.
    • Duplicate account
      • This generally indicates that ownership of the OneDrive has been reallocated to another current user. It can also occur when a user leaves and comes back and the “old” OneDrive is still there due to a retention policy.
  • In the “Delete blocked by” column you also will see 3 options
    • Retention period
      • This is the OneDrive retention period for unlicensed users as specified here
      • https://<YourSiteName-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/settings/OrphanedPersonalSitesRetentionPeriod
      • As you can see – ours is set 2555 days…. or 7 years.
    • Retention policy
    • Owner active in Entra ID
      • This means that another user, who is active has been granted access over the OneDrive.
  • For us at least, all entries are blocked by both the OneDrive retention period and the retention policy. Some are (in addition to the other two) also blocked by “Owner active in Entra ID”

Step 3 – an approach to sorting through this mess

  • Take the .csv downloaded in step 1 and open it in Excel
  • Enable auto-filter – and class the deleted OneDrives into 3 categories
    • “Owner deleted from EntraID”
      • In my instance, there was general agreement that where the user has simply been deleted, that we didn’t need to do any further analysis on these accounts. An email would be sent out to business to explain that old OneDrive accounts would no longer be available as of x. The problem is here of course, that many users don’t know if/when they are accessing a file from a shared OneDrive.
    • “License removed by admin”
      • We need to find out more details here, such as if the account is a shared mailbox that was accidentally licensed. Who the owner is. Does the OneDrive contain any data etc.
    • “Duplicate account”
      • These are the OneDrives that are most likely to be in active use and require further analysis

 

Step 4 – Slightly more detailed analysis

  • As per anything that is in anyway related to sharepoint, this is way harder than it needs to be.
  • Filter the Excel document to your desired list (.e.g duplicate accounts)
    • Copy and paste the urls into a txt document and use it to drive the following script
    • Note : This script will grant your admin account “SiteCollection” admin rights! If you need to seek permission to do this from management first – do that before running this script!

# Connect to SharePoint Online Admin Center
$adminSiteUrl = “https://<YourSite>-admin.sharepoint.com”
Connect-SPOService -Url $adminSiteUrl

# Path to the text file with the list of OneDrive URLs
$onedriveUrlsFilePath = “C:\Temp\DuplicateAccount.txt”

# Path to the output CSV file
$outputCsvFilePath = C:\Temp\DuplicateAccount.csv”

# Import the OneDrive URLs from the text file
$onedriveUrls = Get-Content -Path $onedriveUrlsFilePath

# Initialize an empty array to store the results
$onedriveDetails = @()

# Loop through each OneDrive URL
foreach ($onedriveUrl in $onedriveUrls) {
# Get site details (StorageUsageCurrent and LastContentModifiedDate)
Write-host “Getting details for account: $onedriveUrl”
$siteDetails = Get-SPOSite -Identity $onedriveUrl -Detailed

#Grant siteAdmin permissions
Set-SPOUser -Site $oneDriveUrl -LoginName <YourAdminUsername> -IsSiteCollectionAdmin $true

$SiteAdmins = Get-SPOUser -Site $onedriveUrl -Limit All | Where-Object { $_.IsSiteAdmin -eq $true }
$SiteMembers = Get-SPOUser -Site $onedriveUrl -Limit All | Where-Object { $_.IsSiteAdmin -eq $false }

# Store the details in a PowerShell object
$onedriveInfo = [PSCustomObject]@{
URL = $onedriveUrl
Owner = $siteDetails.Owner
StorageUsageCurrent = $siteDetails.StorageUsageCurrent
LastContentModifiedDate = $siteDetails.LastContentModifiedDate
SiteAdmins = ($SiteAdmins | ForEach-Object { $_.LoginName }) -join “; ”
SiteMembers = ($SiteMembers | ForEach-Object { $_.LoginName }) -join “; ”
}

# Add the details to the array
$onedriveDetails += $onedriveInfo
}

# Export the details to a CSV file
$onedriveDetails | Export-Csv -Path $outputCsvFilePath -NoTypeInformation

 

The output from this script will give you a csv with

  • The URL
  • Owner
  • Current usage
  • Last content modified date
  • Login ID’s of accounts that have SiteAdmin permissions
  • Login ID’s of accounts that are site members – meaning that at some stage, the original user has shared a folder or document with one of these users from their OneDrive.

From here – you now are starting to get enough information to track down possible usages of these “old” OneDrives.

Now – if your anything like us – there is waaaay to many permissions in order for anyone to track all these down by contacting the users in question.

Step 5 – Potential “solutions”

  • Now… solutions may be a bit of a strong word here…. so perhaps lets go with “ways of gradually vetting then removing access to data prior to it being deleted to improve your chances of not deleting something important”
  • If someone wants to view a OneDrive contents before being deleted, you can grant them site collection admin via
    • GUI : <TheURLtoTheUsersOneDrive>/_layouts/15/mngsiteadmin.aspx (copy the url from the spreadsheet you created in step1)
    • Powershell : Set-SPOUser -Site <TheURLtoTheUsersOneDrive> -IsSiteCollectionAdmin:$true -LoginName <UPNofUserToGrantAccessToo>
  • Due to a large number of members potentially having access to files in someone’s onedrive – and not knowing that they are accessing it from someone’s OneDrive, we can
    • Record who has access using the script above
    • Perform a scream test for a period of time by removing member access by using the following script

# Connect to SharePoint Online Admin Center
$adminSiteUrl = “https://<YourSite>-admin.sharepoint.com”
Connect-SPOService -Url $adminSiteUrl

# Path to the text file with the list of OneDrive URLs
$onedriveUrlsFilePath = “C:\Temp\Testing2.txt”

# Define the log file path
$logFilePath = “C:\Temp\Testing2.log”

# Import the OneDrive URLs from the text file
$onedriveUrls = Get-Content -Path $onedriveUrlsFilePath

# Function to log the removal of a user
function Log-UserRemoval {
param (
[string]$siteUrl,
[string]$userName
)
$timestamp = Get-Date -Format “yyyy-MM-dd HH:mm:ss”
$logEntry = “$timestamp – Removed user: $userName from site: $siteUrl”

# Append the log entry to the log file
Add-Content -Path $logFilePath -Value $logEntry
Write-Host $logEntry
}

# Loop through each OneDrive URL
foreach ($onedriveUrl in $onedriveUrls) {
Write-host “Getting details for account: $onedriveUrl”
# Define the OneDrive or SharePoint site URL
$siteUrl = $onedriveUrl

# Get all users from the site
$users = Get-SPOUser -Site $siteUrl -Limit All

# Loop through each user and check if they are not a site admin and if their username ends with @<yourDomainSuffix>
foreach ($user in $users) {
if ($user.IsSiteAdmin -eq $false -and $user.LoginName -like “*@<yourDomainSuffix>”) {
# Remove the user from the site if their login ends with <yourDomainSuffix>
Write-Host “Removing user: $($user.LoginName)”
Remove-SPOUser -Site $siteUrl -LoginName $user.LoginName

# Log the removal of the user
Log-UserRemoval -siteUrl $siteUrl -userName $user.LoginName
}
}

}

 

That’s my current best shot at this…. will be interested to hear if any of you have additional/different ways of tackling this mess, while the rest of organisation is like the below:

Other

Other random commands i found helpful

Build a list of all OneDrive urls

from https://learn.microsoft.com/en-us/sharepoint/list-onedrive-urls

$TenantUrl = Read-Host “Enter the SharePoint admin center URL”
$LogFile = [Environment]::GetFolderPath(“Desktop”) + “\OneDriveSites.log”
Connect-SPOService -Url $TenantUrl
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter “Url -like ‘-my.sharepoint.com/personal/'” | Select -ExpandProperty Url | Out-File $LogFile -Force
Write-Host “Done! File saved as $($LogFile).”

In particular, update the “Url -like ‘-my.sharepoint.com/personal/'” to include part of a username you are interested in e.g. “Url -like ‘-my.sharepoint.com/personal/mike'”

 

Lock/Unlock OneDrive’s in order to prevent user access – this can be helpful as a scream test before permanent deletion

connect-sposervice -Url https://<yoursitename>-admin.sharepoint.com

Set-SPOSite <onedrive url> -LockState Unlock

Set-SPOSite <onedrive url> -LockState NoAccess

 

Delete a specific OneDrive (This is useful where a license may have been accidentally allocated to a shared resource)

Remove-SPOSite -Identity <url>

 

Issues with mailbox migration, multiple identities where tenant wide retention policies in use

This is a somewhat niche issue – which is why im documententing it here.

Scenario

  • Exchange migration to exchange online which i came into approx 75% of the way through – so i don’t have any history on why some things have happened (and there is no useful doco)
  • Tenant wide retention policies are in place for all data (legislative requirement im led to believe for this client)
  • Identity sync via AADConnect
  • Some mailboxes cannot be moved. Powershell error message from new-moverequest indicates that the identity is not unique

Investigation

  • Start off by looking at the AAD Object sync with
    • Connect-MSOLService
    • (Get-MsolUser -UserPrincipalName identity@goes.here.com).errors.errordetail.objecterrors.errorrecord| fl ErrorCode
    • The output, will likely look something like this:
      • The value “<guid-value>” of property “ArchiveGuid” is used by another recipient object. Please specify a unique value.
  • Next up, we want to have a look at the potential duplicate objects
    • Connect-ExchangeOnline
    • Get-recipient -identity <identity> -includesoftdeletedrecipients
      • This will likely show you 2 (or more) mail user objects
    • To confirm the soft-deleted mailuser object you can use
      • Get-MailUser -resultsize unlimited -SoftDeletedMailUser -Identity <identity> | fl *guid*
      • Notice the ArchiveGUID returned is the same as the ArchiveGUID from the Get-MSOLuser error retrieved earlier in the investigation
    • If you then try and run the obvious next step
      • Get-MailUser -Identity <identity> -SoftDeletedMailUser | Remove-MailUser
      • You will get an error similar to
        • Remove-MailUser: The operation couldn’t be performed because object ‘Soft Delete d Objects\<identity>’ couldn’t be found on ‘SYBPR01A004DC01.AUSPR01A004 .PROD.OUTLOOK.COM’

Now, i know what your thinking “just exclude the mailbox from the retention policy” – and there within lies the issue…. there is no mailbox, only a mail user object, but with an archive mailbox that has been retained by the retention policy after the primary mailbox has been removed. It is then, to my knowledge, impossible to exclude that archive mailbox from retention – as its associated with a mailuser – not a mailbox.

As to how these identities got into this state…. absolutely no idea. I wasn’t around for the earlier parts of the project – but given some other things i’ve seen at the client, standardisation and documentation appear to be frowned upon (which is why i’m getting out ASAP)

 

Solution

The unfortunate solution is to log a call with O365 support.

I included all of the above information in my original support request and was still asked to run a “get-mailbox”… i included all the info again (and again, and again over a teams call showed them the exact same errors and data that i sent them) – and eventually they got the point (took approx 15 business days) and sent it to an internal team, who deleted the objects

Unfortunately i cant post the case number for reference (as it would potentially identify the client) – but maybe pointing MS support to this article might speed the process for others (?). Ideally, there would be a way around this, without engaging support – but there is not as far as I’m aware as of June 2023.

Issue with manually created EXO inbound connector in hybrid environment

Working at a client whom are approx 75% of the way through their migration to exchange online – and there are some odd things im running into – so here’s one of them.

The scenario and issue

  • Exchange hybrid setup, with servers on prem and EXO active. Active mailboxes in both.
  • Mail flow from on prem to EXO shows the following:
    • Outbound SMTP logs shows the message being handed off correctly to EXO
    • Message tracking in EXO shows 3 copies of the message, all of which, when looking into the details are bounces
    • When looking in security.microsoft.com, the messages have been flagged as phishing attempts… with seemingly no way to flag them as not phishing attempts
  • The connectors on-prem looked ok, and after, double, triple and ninieteenth-thousandth checking, they were solid
  • The connectors in EXO were manually created (for reasons i don’t know that pre-date me) and the HCW created connectors had been disabled. No idea why.
  • The connectors in EXO looked fine and validated without any issue
  • After circling around for ages, i compared the disabled HCW connector with the active connect with “get-inboundconnector | fl”
  • This is when i noticed that the HCW created connector had IP’s in the “EFSkipIPs” property

The Fix

  • EFSkipIPs can be configured as per the powershell doco here
  • The EFSkipIPs property looks like it defines IP’s that should be excluded from enhanced filtering. Since the HCW automatically populates this field – most of us will never have to use this…. but if some bright spark decides that the HCW isn’t good enough for them (for whatever reason), then this becomes important.
  • Because i had the previous, disabled connector, created by the HCW – i already knew the IP’s i needed to add.  If you don’t have this, you will need get your the Public IP that is presented to EXO. This could be obtained with something such as www.whatsmyip.com
  • The multi-valued property… well, it would have been nice on the doco page if an example was included… so since there isn’t one in the official doc – here is an example below:

Set-inboundConnector -Identity “OrgToEXO” -EFSkipIPs @{Add=”xx.xx.xx.xx”, “xy.xy.xy.xy”}

  • After that, i needed to wait approx 15 minutes (not sure on the exact time, but it didn’t work straight away) – and bingo-bango – no more mail flow issue

Avoiding a Microsoft Teams Nightmare

Have you ever had the experience of providing users a document management system or Sharepoint site only to find that everyone uses it differently, creates folders all over the place in different ways, stores documents differently and after six months time it’s so hard to find anything that it defeats the purpose for which it was implemented in the first place? What a nightmare! You’re not alone.

With Microsoft Teams quickly becoming a preferred collaboration tool, you’d be forgiven for having fears of this nightmare becoming a reality all over again. The primary reason for that is there’s no technical ‘silver-bullet’ to prevent this from happening, it’s more of a governance discussion. Notwithstanding, there are some things you can do on a technical level that can help.

There are basically four levels of administration to be considered:

  • Global Settings – There are a number of features and functionality for Teams that can be turned on or off at a global level and these should be risk assessed for each environment. Ideally this should be done before the first Team site is even created.
  • Team creation – Microsoft Teams, while based off Office 365 Groups, will also provision a Sharepoint site for each Team. Therefore the decision as to who should be creating Teams is the same as for who should be creating Groups and Sites. One approach that we’ve found works well is to have these functions centrally managed with Teams created on request. There is of course an admin overhead to be considered however. See below;
  • Team Owners – These are the users that really run the individual Teams and will have the best insight as to the value of the Team and how it should be used. Trying to run this centrally is likely to lead to frustration all round so once created, administration should really be handed over to the Team owners. They can then add Team members, assign roles, create Channels and enable Apps etc as they see fit.
  • Team Users – Obvious statement but these are the ones who should be seeing value in Teams collaboration. Paradoxically one way to dilute that is by being in too many Teams. Users shouldn’t be confused about what spaces they should be collaborating in or where to store documents etc. To prevent this, ideally Teams should have clearly defined functions, whether that be organisational, operational or project based collaboration. Confusion arises where these functions overlap between Teams so clear delineation is important. This is another reason centrally managing Team creation can work well. In larger environments implementing practices like naming standards for Teams will also be of value.

Some of the central administration technical considerations are outlined here: https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365

Melissa Hubbard also provides some useful considerations in her blog post on the topic and while it’s a little while ago now, it’s still a great starter for some of the governance considerations:  https://melihubb.com/2017/07/25/microsoft-teams-governance-planning-guide

If Microsoft Teams is on your agenda for implementation, be sure to reach out to the Adexis team who can assist with design and implementation and help you to provide this wonderful platform to your users to enable communication and efficient collaboration, without the admin headaches.

Exchange hybrid – mailboxes missing on-premise

While hybrid exchange environments are awesome for stretching your on premise exchange topology to Office 365, they do introduce a bunch of complexity – primarily around user creation, licensing, and mail flow.

I recently had an issue at a client where they had email bounce-backs from an on premise service destined for a few Exchange Online mailboxes. For some reason, these few mailboxes didn’t appear in the on-premise exchange environment (as remote Office 365 mailboxes), so exchange was unable to route the emails destined for those particular mailboxes.

In general, you should be creating your mailboxes on premise (Enable-RemoteMailbox), then synchronising via AADConnect – that way the on premise environment knows about the mailbox and it can be managed properly. This client was actually doing this, but obviously the process broke somewhere along the way for a few mailboxes.

There’s a bunch of different options on Google about how to get the mailbox to show up on premise – with a lot of them recommending to remove the mailbox and start again (er… how about no!).

I came across this Microsoft article on a very similar issue, but for Shared Mailboxes created purely in Exchange Online. Looking at the process, it looked like a modified version may work for user mailboxes – and it does. Below is a quick and dirty powershell script that can be used to fix a single mailbox:

#Specify who we're working with
$UPN = "end.user@domain.com"
#Local exchange server
$ExServer = "Server1.local"
#365 Domain - for remote routing address
$RoutingDomain = "mydomain.mail.onmicrosoft.com"

#Connect to 365 Exchange - only import select cmdlets so they don't conflict with the Exchange On Premise session
$RemoteSession = New-PSSession -ConfigurationName Microsoft.Exchange `
      -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $(Get-Credential) `
      -Authentication Basic -AllowRedirection
Import-PSSession $RemoteSession -CommandName Get-Mailbox

#Connect to local exchange - only import select cmdlets so they don't conflict with the Exchange Online session
$LocalSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://$ExServer/PowerShell/" `
      -Authentication Kerberos -Credential $(Get-Credential)
Import-PSSession $LocalSession -CommandName Enable-RemoteMailbox, Set-RemoteMailbox

#Get the Alias and ExchangeGuid from 365
$Mailbox = Get-Mailbox $UPN
$Alias = $Mailbox.Alias
$ExchangeGUID = $Mailbox.ExchangeGuid

#Create a remote mailbox
Enable-RemoteMailbox $UPN -Alias $Alias -RemoteRoutingAddress "$Alias@$RoutingDomain"
#Set the Remote Mailbox GUID to match the 365 mailbox GUID
Set-RemoteMailbox $Alias -ExchangeGuid $ExchangeGUID

#Remove sessions
Get-PSSession | Remove-PSSession

 

Azure AD Connect – Permissions Issues

I’ve had various versions of AD Sync/Azure AD Connect running in my development environment over the years, and have used a number of different service accounts when testing out different configurations or new features. Needless to say, the permissions for my Sync account were probably a bit of a mess.

Recently, I wanted to try out group writeback. It’s been a preview feature of Azure AD Connect for quite a while now – it allows you to synchronise Exchange Online groups back to your AD environment so that on premise users can send and receive emails from these groups.

Launched the AADConnect configuration, enabled Group Writeback, then kicked off a sync. Of course, I start getting ‘Access Denied’ errors for each of the Exchange Online groups – couldn’t be that easy!

Generally speaking, you need to also run one of the “Initialize-<something>Writeback” commands. When I went looking for the appropriate commands (as I don’t remember these things off the top of my head!), I came across an interesting TechNet Blog article: Advanced AAD Connect Permissions Configuration – it’s pretty much a comprehensive script that handles all the relevant permissions (including locating the configured sync account and sync OUs).

Gave it a whirl, entered credentials as required, and what do you know – permissions all now good!

Microsoft Exchange Federation Certificates – Keep an eye on the expiry!

I recently had a client experience an issue with their hybrid exchange setup (365/On Premise) – users were suddenly unable to retrieve free/busy and calendar information between the two environments. As it turns out, the certificate used to secure communications to the Microsoft Federation Gateway (MFG) had expired.

Federation certificates within exchange are generally created as part of the federation creation wizard (or the 365 Hybrid Configuration Wizard) – so in most cases, people don’t realise they’ve been created. If you’re not actively monitoring certificate expiry dates on your servers (which you should be!), you may get into the situation where this certificate expires – which results in the federation no longer working.

Why is it important to renew it before it expires? Because if you don’t, you need to remove and re-create the federation – a significantly larger task than the federation certificate renewal process. The reason for needing to re-create the trust is due to the fact that the federation certificate is used to authenticate any changes to the federation – so once it expires you can’t make any changes and have to start from scratch. Lets take a look at the steps involved in both:

Renewing before expiry:

  1. Create a new self-signed federation certificate
  2. Set the new certificate as the ‘Next’ certificate in the federation trust
  3. Wait for AD replication
  4. Test the certificate and trust (Test-FederationTrustCertificate, Test-FederationTrust)
  5. Roll-over the ‘Current’ certificate to the ‘Next’ certificate
  6. Refresh the federation metadata

Renewing after expiry:

  1. Document the existing trust settings (federated domains, federation settings)
  2. Force remove each federated domain from the federation
  3. Remove the federation trust
  4. Wait for AD replication
  5. Create a new self-signed federation certificate
  6. Create a new federation trust
  7. Update the trust organisation information
  8. Configure the required settings in the trust (as per the documentation you created in step 1)
  9. Wait for AD replication
  10. Test the certificate and trust (Test-FederationTrustCertificate, Test-FederationTrust) – it can take 12-48 hours before the trust reports as being no longer expired!
  11. Add each of the federated domains back into the trust (this will involve generating domain ‘Proof’ entries and adding them to your external DNS, then waiting for DNS propagation)

So in short, don’t let your federation certificates expire!

Decommissioning Skype for Business 2015 on premise after migrating to O365

Depending on how you utilise Skype for Business, you may have no requirement to maintain a hybrid environment once all users are within Skype for Business online.

Documentation around decommissioning the on premise environment was surprisingly sparse.

One of the better documents around web was here – but it still stopped a little short, in my opinion.

So below is my attempt at rounding this process out.

 

All steps below assume you have already migrated all users to Skype for business and that you are aware of the requirements to stay in hybrid depending on your EV setup. If you are unsure, do not start this process.

 

Step 1 – Update DNS entries

This document really nails the DNS changes required, so good work Mark Vale. I am going to paraphrase the article a little, just so it’s all in one place.

Depending on your environment, you have a fair idea of idea of how long you need to wait externally and internally for convergence. This will lead to downtime, so it is wise to perform this outside of business hours.

Its also wise to take a backup of your existing values, just in case.

Log nameTypeDescriptionLog Location
CAS.logClient operationsContent Access service. Maintains the local package cache on the client.Client
Ccm32BitLauncher.logClient operationsRecords actions for starting applications on the client marked as "run as 32bit".Client
CcmEval.logClient operationsRecords Configuration Manager client status evaluation activities and details for components that are required by the Configuration Manager client.Client
CcmEvalTask.logClient operationsRecords the Configuration Manager client status evaluation activities that are initiated by the evaluation scheduled task.Client
CcmExec.logClient operationsRecords activities of the client and the SMS Agent Host service. This log file also includes information about enabling and disabling wake-up proxy.Client
CcmMessaging.logClient operationsRecords activities related to communications between the client and management points.Client
CCMNotificationAgent.logClient operationsRecords activities related to client notification operations.Client
Ccmperf.logClient operationsRecords activities related to the maintenance and capture of data related to client performance counters.Client
CcmRestart.logClient operationsRecords client service restart activity.Client
CCMSDKProvider.logClient operationsRecords activities for the client SDK interfaces.Client
CertificateMaintenance.logClient operationsMaintains certificates for Active Directory Domain Services and management points.Client
CIDownloader.logClient operationsRecords details about configuration item definition downloads.Client
CITaskMgr.logClient operationsRecords tasks that are initiated for each application and deployment type, such as content download or install or uninstall actions.Client
ClientAuth.logClient operationsRecords the signing and authentication activity for the client.Client
ClientIDManagerStartup.logClient operationsCreates and maintains the client GUID and identifies tasks performed during client registration and assignment.Client
ClientLocation.logClient operationsRecords tasks that are related to client site assignment.Client
CMHttpsReadiness.logClient operationsRecords the results of running the Configuration Manager HTTPS Readiness Assessment Tool. This tool checks whether computers have a PKI client authentication certificate that can be used for Configuration Manager.Client
CmRcService.logClient operationsRecords information for the remote control service.Client
ContentTransferManager.logClient operationsSchedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access packages.Client
DataTransferService.logClient operationsRecords all BITS communication for policy or package access.Client
EndpointProtectionAgentClient operationsRecords information about the installation of the Endpoint Protection client and the application of antimalware policy to that client.Client
execmgr.logClient operationsRecords details about packages and task sequences that run on the client.Client
ExpressionSolver.logClient operationsRecords details about enhanced detection methods that are used when verbose or debug logging is enabled.Client
ExternalEventAgent.logClient operationsRecords the history of Endpoint Protection malware detection and events related to client status.Client
FileBITS.logClient operationsRecords all SMB package access tasks.Client
FileSystemFile.logClient operationsRecords the activity of the Windows Management Instrumentation (WMI) provider for software inventory and file collection.Client
FSPStateMessage.logClient operationsRecords the activity for state messages that are sent to the fallback status point by the client.Client
InternetProxy.logClient operationsRecords the network proxy configuration and usage activity for the client.Client
InventoryAgent.logClient operationsRecords activities of hardware inventory, software inventory, and heartbeat discovery actions on the client.Client
LocationCache.logClient operationsRecords the activity for location cache usage and maintenance for the client.Client
LocationServices.logClient operationsRecords the client activity for locating management points, software update points, and distribution points.Client
MaintenanceCoordinator.logClient operationsRecords the activity for general maintenance task activity for the client.Client
Mifprovider.logClient operationsRecords the activity of the WMI provider for .MIF files.Client
mtrmgr.logClient operationsMonitors all software metering processes.Client
PolicyAgent.logClient operationsRecords requests for policies made by using the Data Transfer service.Client
PolicyAgentProvider.logClient operationsRecords policy changes.Client
PolicyEvaluator.logClient operationsRecords details about the evaluation of policies on client computers, including policies from software updates.Client
PolicyPlatformClient.logClient operationsRecords the process of remediation and compliance for all providers located in %Program Files%\Microsoft Policy Platform, except the file provider.Client
PolicySdk.logClient operationsRecords activities for policy system SDK interfaces.Client
Pwrmgmt.logClient operationsRecords information about enabling or disabling and configuring the wake-up proxy client settings.Client
PwrProvider.logClient operationsRecords the activities of the power management provider (PWRInvProvider) hosted in the Windows Management Instrumentation (WMI) service. On all supported versions of Windows, the provider enumerates the current settings on computers during hardware inventory and applies power plan settings.Client
SCClient_@_1.logClient operationsRecords the activity in Software Center for the specified user on the client computer.Client
SCClient_@_2.logClient operationsRecords the historical activity in Software Center for the specified user on the client computer.Client
Scheduler.logClient operationsRecords activities of scheduled tasks for all client operations.Client
SCNotify_@_1.logClient operationsRecords the activity for notifying users about software for the specified user.Client
SCNotify_@_1-.logClient operationsRecords the historical information for notifying users about software for the specified user.Client
setuppolicyevaluator.logClient operationsRecords configuration and inventory policy creation in WMI.Client
SleepAgent_@<@SYSTEM_0.logClient operationsMain log file for wake-up proxy.Client
smscliui.logClient operationsRecords usage of the Configuration Manager client in Control Panel.Client
SrcUpdateMgr.logClient operationsRecords activity for installed Windows Installer applications that are updated with current distribution point source locations.Client
StatusAgent.logClient operationsRecords status messages that are created by the client components.Client
SWMTRReportGen.logClient operationsGenerates a usage data report that is collected by the metering agent. This data is logged in Mtrmgr.log.Client
UserAffinity.logClient operationsRecords details about user device affinity.Client
VirtualApp.logClient operationsRecords information specific to the evaluation of App-V deployment types.Client
Wedmtrace.logClient operationsRecords operations related to write filters on Windows Embedded clients.Client
wakeprxy-install.logClient operationsRecords installation information when clients receive the client setting option to enable wake-up proxy.Client
wakeprxy-uninstall.logClient operationsRecords information about uninstalling wake-up proxy when clients receive the client setting option to disable wake-up proxy, if wake-up proxy was previously enabled.Client
ccmsetup.logClient installationRecords ccmsetup tasks for client setup, client upgrade, and client removal. Can be used to troubleshoot client installation problems.Client
ccmsetup-ccmeval.logClient installationRecords ccmsetup tasks for client status and remediation.Client
CcmRepair.logClient installationRecords the repair activities of the client agent.Client
client.msi.logClient installationRecords setup tasks performed by client.msi. Can be used to troubleshoot client installation or removal problems.Client
scxcm.logClient for Linux and UNIXThis is the log file for the core service of the Configuration Manager client for Linux and UNIX (ccmexec.bin). This log file contains information about the installation and ongoing operations of ccmexec.bin.Client
scxcmprovider.logClient for Linux and UNIXThis is the log file for the CIM service of the Configuration Manager client for Linux and UNIX (omiserver.bin). This log file contains information about the ongoing operations of nwserver.bin.Client
CCMClient-.logClient for Mac ComputersRecords activities that are related to the Mac client operations, which includes application management, inventory, and error logging.Client
CCMAgent-.logClient for Mac ComputersRecords information that is related to client operations, which includes user logon and logoff operations and Mac computer activity.Client
CCMNotifications-.logClient for Mac ComputersRecords activities that are related to Configuration Manager notifications displayed on the Mac computer.Client
CCMPrefPane-.logClient for Mac ComputersRecords activities related to the Configuration Manager preferences dialog box on the Mac computer, which includes general status and error logging.Client
adctrl.logCM Site ServerRecords enrollment processing activity.Site server
ADForestDisc.logCM Site ServerRecords Active Directory Forest Discovery actions.Site server
ADService.logCM Site ServerRecords account creation and security group details in Active Directory.Site server
adsgdis.logCM Site ServerRecords Active Directory Group Discovery actions.Site server
adsysdis.logCM Site ServerRecords Active Directory System Discovery actions.Site server
adusrdis.logCM Site ServerRecords Active Directory User Discovery actions.Site server
ccm.logCM Site ServerRecords client push installation activities.Site server
CertMgr.logCM Site ServerRecords the certificate activities for intra-site communications.Site system server
chmgr.logCM Site ServerRecords activities of the client health manager.Site server
Cidm.logCM Site ServerRecords changes to the client settings by the Client Install Data Manager (CIDM).Site server
colleval.logCM Site ServerRecords details about when collections are created, changed, and deleted by the Collection Evaluator.Site server
compmon.logCM Site ServerRecords the status of component threads monitored for the site server.Site system server
compsumm.logCM Site ServerRecords Component Status Summarizer tasks.Site server
ComRegSetup.logCM Site ServerRecords the initial installation of COM registration results for a site server.Site system server
dataldr.logCM Site ServerRecords information about the processing of Management Information Format (MIF) files and hardware inventory in the Configuration Manager database.Site Server
ddm.logCM Site ServerRecords activities of the discovery data manager.Site server
despool.logCM Site ServerRecords incoming site-to-site communication transfers.Site server
distmgr.logCM Site ServerRecords details about package creation, compression, delta replication, and information updates.Site server
EPCtrlMgr.logCM Site ServerRecords information about the synchronization of malware threat information from the Endpoint Protection site system role server into the Configuration Manager database.Site server
EPMgr.logCM Site ServerRecords the status of the Endpoint Protection site system role.Site system server
EPSetup.logCM Site ServerProvides information about the installation of the Endpoint Protection site system role.Site system server
EnrollSrv.logCM Site ServerRecords activities of the enrollment service process.Site system server
EnrollWeb.logCM Site ServerRecords activities of the enrollment website process.Site system server
fspmgr.logCM Site ServerRecords activities of the fallback status point site system role.Site system server
hman.logCM Site ServerRecords information about site configuration changes, and the publishing of site information in Active Directory Domain Services.Site server
Inboxast.logCM Site ServerRecords the files that are moved from the management point to the corresponding INBOXES folder on the site server.Site server
inboxmgr.logCM Site ServerRecords file transfer activities between inbox folders.Site server
inboxmon.logCM Site ServerRecords the processing of inbox files and performance counter updates.Site server
invproc.logCM Site ServerRecords the forwarding of MIF files from a secondary site to its parent site.Site server
migmctrl.logCM Site ServerRecords information for Migration actions involving migration jobs, shared distribution points, and distribution point upgrades.The top-level site and each child primary site
mpcontrol.logCM Site ServerRecords the registration of the management point with WINS. Records the availability of the management point every 10 minutes.Site system server
mpfdm.logCM Site ServerRecords the actions of the management point component that moves client files to the corresponding INBOXES folder on the site server.Site system server
mpMSI.logCM Site ServerRecords details of about the management point installation.Site server
MPSetup.logCM Site ServerRecords the management point installation wrapper process.Site server
netdisc.logCM Site ServerRecords Network Discovery actions.Site server
ntsvrdis.logCM Site ServerRecords the discovery activity of site system servers.Site server
ObjreplmgrCM Site ServerRecords the processing of object change notifications for replication.Site server
offermgr.logCM Site ServerRecords advertisement updates.Site server
offersum.logCM Site ServerRecords the summarization of deployment status messages.Site server
OfflineServicingMgr.logCM Site ServerRecords the activities of applying updates to operating system image files.Site server
outboxmon.logCM Site ServerRecords the processing of outbox files and performance counter updates.Site server
PerfSetup.logCM Site ServerRecords the results of the installation of performance counters.Site system server
PkgXferMgr.logCM Site ServerRecords the actions of the SMS Executive component that is responsible for sending content from a primary site to a remote distribution point.Site server
policypv.logCM Site ServerRecords updates to the client policies to reflect changes to client settings or deployments.Primary site server
rcmctrl.logCM Site ServerRecords the activities of database replication between sites in the hierarchy.Site server
replmgr.logCM Site ServerRecords the replication of files between the site server components and the Scheduler component.Site server
ResourceExplorer.logCM Site ServerRecords errors, warnings, and information about running the Resource Explorer.CM console
ruleengine.logCM Site ServerRecords details about automatic deployment rules for the identification, content download, and software update group and deployment creation.Site server
schedule.logCM Site ServerRecords details about site-to-site job and file replication.Site server
sender.logCM Site ServerRecords the files that transfer by file-based replication between sites.Site server
sinvproc.logCM Site ServerRecords information about the processing of software inventory data to the site database.Site server
sitecomp.logCM Site ServerRecords details about the maintenance of the installed site components on all site system servers in the site.Site server
sitectrl.logCM Site ServerRecords site setting changes made to site control objects in the database.Site server
sitestat.logCM Site ServerRecords the availability and disk space monitoring process of all site systems.Site server
SmsAdminUI.logCM Site ServerRecords Configuration Manager console activity.CM console
SMSAWEBSVCSetup.logCM Site ServerRecords the installation activities of the Application Catalog web service.Site system server
smsbkup.logCM Site ServerRecords output from the site backup process.Site server
smsdbmon.logCM Site ServerRecords database changes.Site server
SMSENROLLSRVSetup.logCM Site ServerRecords the installation activities of the enrollment web service.Site system server
SMSENROLLWEBSetup.logCM Site ServerRecords the installation activities of the enrollment website.Site system server
smsexec.logCM Site ServerRecords the processing of all site server component threads.Site server or site system server
SMSFSPSetup.logCM Site ServerRecords messages generated by the installation of a fallback status point.Site system server
SMSPORTALWEBSetup.logCM Site ServerRecords the installation activities of the Application Catalog website.Site system server
SMSProv.logCM Site ServerRecords WMI provider access to the site database.SMS Provider
srsrpMSI.logCM Site ServerRecords detailed results of the reporting point installation process from the MSI output.Site system server
srsrpsetup.logCM Site ServerRecords results of the reporting point installation process.Site system server
statesys.logCM Site ServerRecords the processing of state system messages.Site server
statmgr.logCM Site ServerRecords the writing of all status messages to the database.Site server
swmproc.logCM Site ServerRecords the processing of metering files and settings.Site server
ConfigMgrPrereq.logSite Server InstRecords pre-requisite component evaluation and installation activities.Site server
ConfigMgrSetup.logSite Server InstRecords detailed output from site server setup.Site Server
ConfigMgrSetupWizard.logSite Server InstRecords information related to activity in the Setup wizard.Site Server
SMS_BOOTSTRAP.logSite Server InstRecords information about the progress of launching the secondary site installation process. Details of the actual setup process are contained in ConfigMgrSetup.log.Site Server
smstsvc.logSite Server InstRecords information about the installation, use, and removal of a Windows service that is used to test network connectivity and permissions between servers, using the computer account of the server initiating the connection.Site server and site systems
FspIsapiFSP Log FilesRecords details about communications to the fallback status point from mobile device legacy clients and client computers.Site system server
fspMSI.logFSP Log FilesRecords messages generated by the installation of a fallback status point.Site system server
fspmgr.logFSP Log FilesRecords activities of the fallback status point site system role.Site system server
CcmIsapi.logMP Log FilesRecords client messaging activity on the endpoint.Site system server
MP_CliReg.logMP Log FilesRecords the client registration activity processed by the management point.Site system server
MP_Ddr.logMP Log FilesRecords the conversion of XML.ddr records from clients, and copies them to the site server.Site system server
MP_Framework.logMP Log FilesRecords the activities of the core management point and client framework components.Site system server
MP_GetAuth.logMP Log FilesRecords client authorization activity.Site system server
MP_GetPolicy.logMP Log FilesRecords policy request activity from client computers.Site system server
MP_Hinv.logMP Log FilesRecords details about the conversion of XML hardware inventory records from clients and the copy of those files to the site server.Site system server
MP_Location.logMP Log FilesRecords location request and reply activity from clients.Site system server
MP_OOBMgr.logMP Log FilesRecords the management point activities related to receiving OTP from a client.Site system server
MP_Policy.logMP Log FilesRecords policy communication.Site system server
MP_Relay.logMP Log FilesRecords the transfer of files that are collected from the client.Site system server
MP_Retry.logMP Log FilesRecords the hardware inventory retry processes.Site system server
MP_Sinv.logMP Log FilesRecords details about the conversion of XML software inventory records from clients and the copy of those files to the site server.Site system server
MP_SinvCollFile.logMP Log FilesRecords details about file collection.Site system server
MP_Status.logMP Log FilesRecords details about the conversion of XML.svf status message files from clients and the copy of those files to the site server.Site system server
mpcontrol.logMP Log FilesRecords the registration of the management point with WINS. Records the availability of the management point every 10 minutes.Site server
mpfdm.logMP Log FilesRecords the actions of the management point component that moves client files to the corresponding INBOXES folder on the site server.Site system server
mpMSI.logMP Log FilesRecords details of about the management point installation.Site server
MPSetup.logMP Log FilesRecords the management point installation wrapper process.Site server
objreplmgr.logSUP Log FilesRecords details about the replication of software updates notification files from a parent to child sites.Site server
PatchDownloader.logSUP Log FilesRecords details about the process of downloading software updates from the update source to the download destination on the site server.The computer hosting the Configuration Manager console from which downloads are initiated
ruleengine.logSUP Log FilesRecords details about automatic deployment rules for the identification, content download, and software update group and deployment creation.Site server
SUPSetup.logSUP Log FilesRecords details about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.Site system server
WCM.logSUP Log FilesRecords details about the software update point configuration and connections to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.Site server that connects to the (WSUS) server
WSUSCtrl.logSUP Log FilesRecords details about the configuration, database connectivity, and health of the WSUS server for the site.Site system server
wsyncmgr.logSUP Log FilesRecords details about the software updates synchronization process.Site system server
WUSSyncXML.logSUP Log FilesRecords details about the Inventory Tool for the Microsoft Updates synchronization process.The client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
AppIntentEval.logApp MgmtRecords details about the current and intended state of applications, their applicability, whether requirements were met, deployment types, and dependencies.Client
AppDiscovery.logApp MgmtRecords details about the discovery or detection of applications on client computers. Client
AppEnforce.logApp MgmtRecords details about enforcement actions (install and uninstall) taken for applications on the client.Client
awebsctl.logApp MgmtRecords the monitoring activities for the Application Catalog web service point site system role.Site system server
awebsvcMSI.logApp MgmtRecords detailed installation information for the Application Catalog web service point site system role.Site system server
Ccmsdkprovider.logApp MgmtRecords the activities of the application management SDK.Client
colleval.logApp MgmtRecords details about when collections are created, changed, and deleted by the Collection Evaluator.Site system server
ConfigMgrSoftwareCatalog.logApp MgmtRecords the activity of the Application Catalog, which includes its use of Silverlight.Client
portlctl.logApp MgmtRecords the monitoring activities for the Application Catalog website point site system role.Site system server
portlwebMSI.logApp MgmtRecords the MSI installation activity for the Application Catalog website role.Site system server
PrestageContent.logApp MgmtRecords the details about the use of the ExtractContent.exe tool on a remote prestaged distribution point. This tool extracts content that has been exported to a file.Site system server
ServicePortalWebService.logApp MgmtRecords the activity of the Application Catalog web service.Site system server
ServicePortalWebSite.logApp MgmtRecords the activity of the Application Catalog website.Site system server
SMSdpmon.logApp MgmtRecords details about the distribution point health monitoring scheduled task that is configured on a distribution point.Site server
SoftwareCatalogUpdateEndpoint.logApp MgmtRecords the activities for managing the URL for the Application Catalog shown in Software Center.Client
SoftwareCenterSystemTasks.logApp MgmtRecords the activities for Software Center prerequisite component validation.Client
colleval.logPkg deploiymentRecords details about when collections are created, changed, and deleted by the Collection Evaluator.Site server
execmgr.logPkg deploiymentRecords details about packages and task sequences that run.Client
AssetAdvisor.logAsset IntelligenceRecords the activities of Asset Intelligence inventory actions.Client
aikbmgr.logAsset IntelligenceRecords details about the processing of XML files from the inbox for updating the Asset Intelligence catalog.Site server
AIUpdateSvc.logAsset IntelligenceRecords the interaction of the Asset Intelligence synchronization point with SCO (System Center Online), the online web service.Site system server
AIUSMSI.logAsset IntelligenceRecords details about the installation of Asset Intelligence synchronization point site system role.Site system server
AIUSSetup.logAsset IntelligenceRecords details about the installation of Asset Intelligence synchronization point site system role.Site system server
ManagedProvider.logAsset IntelligenceRecords details about discovering software with an associated software identification tag. Also records activities relating to hardware inventory.Site system server
MVLSImport.logAsset IntelligenceRecords details about the processing of imported licensing files.Site system server
ConfigMgrSetup.logBackup and RecoveryRecords information about setup and recovery tasks when Configuration Manager recovers a site from backup.Site server
Smsbkup.logBackup and RecoveryRecords details about the site backup activity.Site server
smssqlbkup.logBackup and RecoveryRecords output from the site database backup process when SQLÂ Server is installed on a different server than the site server.Site database server
Smswriter.logBackup and RecoveryRecords information about the state of the Configuration Manager VSS writer that is used by the backup process.Site server
Crp.logCertificate EnrollmentRecords the enrollment activities.Certificate registration point
Crpctrl.logCertificate EnrollmentRecords the operational health of the certificate registration point.Certificate registration point
Crpsetup.logCertificate EnrollmentRecords details about the installation and configuration of the certificate registration point.Certificate registration point
Crpmsi.logCertificate EnrollmentRecords details about the installation and configuration of the certificate registration point.Certificate registration point
NDESPlugin.logCertificate EnrollmentRecords the challenge verification and certificate enrollment activities.Configuration Manager Policy Module and the Network Device Enrollment Service
bgbmgr.logClient NotificationRecords details about the activities of the site server relating to client notification tasks and processing online and task status files.Site server
BGBServer.logClient NotificationRecords the activities of the notification server such as client-server communications and pushing tasks to clients. Also records information about online and task status files generation to be sent to the site server.Management point
BgbSetup.logClient NotificationRecords the activities of the notification server installation wrapper process during installation and uninstall.Management point
bgbisapiMSI.logClient NotificationRecords details about the notification server installation and uninstall.Management point
BgbHttpProxy.logClient NotificationRecords the activities of the notification HTTP proxy as it relays the messages of clients using HTTP to and from the notification server.Client
CcmNotificationAgent.logClient NotificationRecords the activities of the notification agent such as client-server communication and information about tasks received and dispatched to other client agents.Client
CIAgent.logCompliance SettingsRecords details about the process of remediation and compliance for compliance settings, software updates, and application management.Client
CITaskManager.logCompliance SettingsRecords information about configuration item task scheduling.Client
DCMAgent.logCompliance SettingsRecords high-level information about the evaluation, conflict reporting, and remediation of configuration items and applications.Client
DCMReporting.logCompliance SettingsRecords information about reporting policy platform results into state messages for configuration items.Client
DcmWmiProvider.logCompliance SettingsRecords information about reading configuration item synclets from Windows Management Instrumentation (WMI).Client
ConfigMgrAdminUISetup.logCMr ConsoleRecords the installation of the Configuration Manager console.CM console
SmsAdminUI.logCMr ConsoleRecords information about the operation of the Configuration Manager console.CM console
Smsprov.logCMr ConsoleRecords activities performed by the SMS Provider. Configuration Manager console activities use the SMS provider.Site server or site system server
CloudDP-.logContent Management
CloudMgr.logContent ManagementRecords details about the provisioning of content, collecting storage and bandwidth statistics, and administrator initiated actions to stop or start the cloud service that runs a cloud-based distribution point.Site system server
DataTransferService.logContent Management
PullDP.logContent Management
PrestageContent.logContent ManagementRecords the details about the use of the ExtractContent.exe tool on a remote prestaged distribution point. This tool extracts content that has been exported to a file.Site system role
SMSdpmon.logContent ManagementRecords details about the distribution point health monitoring scheduled task that are configured on a distribution point.Site system role
smsdpprov.logContent ManagementRecords details about the extraction of compressed files received from a primary site. This log is generated by the WMI Provider of the remote distribution point.A distribution point computer that is not co-located with the site server.
adsgdis.logDiscoveryRecords Active Directory Security Group Discovery actions.Site server
adsysdis.logDiscoveryRecords Active Directory System Discovery actions.Site server
adusrdis.logDiscoveryRecords Active Directory User Discovery actions.Site server
ADForestDisc.LogDiscoveryRecords Active Directory Forest Discovery actions.Site server
ddm.logDiscoveryRecords activities of the discovery data manager.Site server
InventoryAgent.logDiscoveryRecords activities of hardware inventory, software inventory, and heartbeat discovery actions on the client.Client
netdisc.logDiscoveryRecords Network Discovery actions.Site server
EndpointProtectionAgent.logEndpoint ProtectionRecords details about the installation of the Endpoint Protection client and the application of antimalware policy to that client.Client
EPCtrlMgr.logEndpoint ProtectionRecords details about the synchronization of malware threat information from the Endpoint Protection role server into the Configuration Manager database.Site system server
EPMgr.logEndpoint ProtectionMonitors the status of the Endpoint Protection site system role.Site system server
EPSetup.logEndpoint ProtectionProvides information about the installation of the Endpoint Protection site system role.Site system server
AdminUI.ExtensionInstaller.logExtensionsRecords information about the download of extensions from Microsoft, and the installation and uninstallation of all extensions.CM console
FeatureExtensionInstaller.logExtensionsRecords information about the installation and removal of individual extensions when they are enabled or disabled in the Configuration Manager console.CM console
SmsAdminUI.logExtensionsRecords Configuration Manager console activity.CM console
dataldr.logInventoryRecords information about the processing of Management Information Format (MIF) files and hardware inventory in the Configuration Manager database.Site server
invproc.logInventoryRecords the forwarding of MIF files from a secondary site to its parent site.Secondary site server
sinvproc.logInventoryRecords information about the processing of software inventory data to the site database.Site server
mtrmgr.logMeteringMonitors all software metering processes.Site server
migmctrl.logMigrationRecords information about migration actions that involve migration jobs, shared distribution points, and distribution point upgrades.The top-level site in the System Center 2012 Configuration Manager hierarchy, and each child primary site
DMPRP.logMobile DevicesRecords communication between management points that are enabled for mobile devices and the management point endpoints.Site system server
dmpmsi.logMobile DevicesRecords the Windows Installer data for the configuration of a management point that is enabled for mobile devices.Site system server
DMPSetup.logMobile DevicesRecords the configuration of the management point when it is enabled for mobile devices.Site system server
enrollsrvMSI.logMobile DevicesRecords the Windows Installer data for the configuration of an enrollment point.Site system server
enrollmentweb.logMobile DevicesRecords communication between mobile devices and the enrollment proxy point.Site system server
enrollwebMSI.logMobile DevicesRecords the Windows Installer data for the configuration of an enrollment proxy point.Site system server
enrollmentservice.logMobile DevicesRecords communication between an enrollment proxy point and an enrollment point.Site system server
SMS_DM.logMobile DevicesRecords communication between mobile devices, Mac computers and the management point that is enabled for mobile devices and Mac computers.Site system server
easdisc.logExchange Server ConnectorRecords the activities and the status of the Exchange Server connector.Site server
DmCertEnroll.logMobile Device LegacyRecords details about certificate enrollment data on mobile device legacy clients.Client
DMCertResp.htmMobile Device LegacyRecords the HTML response from the certificate server when the mobile device legacy client enroller program requests a PKI certificate.Client
DmClientHealth.logMobile Device LegacyRecords the GUIDs of all the mobile device legacy clients that communicate with the management point that is enabled for mobile devices.Site system server
DmClientRegistration.logMobile Device LegacyRecords registration requests and responses to and from mobile device legacy clients.Site system server
DmClientSetup.logMobile Device LegacyRecords client setup data for mobile device legacy clients.Client
DmClientXfer.logMobile Device LegacyRecords client transfer data for mobile device legacy clients and for ActiveSync deployments.Client
DmCommonInstaller.logMobile Device LegacyRecords client transfer file installation for configuring mobile device legacy client transfer files.Client
DmInstaller.logMobile Device LegacyRecords whether DMInstaller correctly calls DmClientSetup, and whether DmClientSetup exits with success or failure for mobile device legacy clients.Client
DmpDatastore.logMobile Device LegacyRecords all the site database connections and queries made by the management point that is enabled for mobile devices.Site system server
DmpDiscovery.logMobile Device LegacyRecords all the discovery data from the mobile device legacy clients on the management point that is enabled for mobile devices.Site system server
DmpHardware.logMobile Device LegacyRecords hardware inventory data from mobile device legacy clients on the management point that is enabled for mobile devices.Site system server
DmpIsapi.logMobile Device LegacyRecords mobile device legacy client communication with a management point that is enabled for mobile devices.Site system server
dmpmsi.logMobile Device LegacyRecords the Windows Installer data for the configuration of a management point that is enabled for mobile devices.Site system server
DMPSetup.logMobile Device LegacyRecords the configuration of the management point when it is enabled for mobile devices.Site system server
DmpSoftware.logMobile Device LegacyRecords software distribution data from mobile device legacy clients on a management point that is enabled for mobile devices.Site system server
DmpStatus.logMobile Device LegacyRecords status messages data from mobile device clients on a management point that is enabled for mobile devices.Site system server
DmSvc.logMobile Device LegacyRecords client communication from mobile device legacy clients with a management point that is enabled for mobile devices.Client
FspIsapi.logMobile Device LegacyRecords details about communications to the fallback status point from mobile device legacy clients and client computers.Site system server
CAS.logOSDRecords details when distribution points are found for referenced content.Client
ccmsetup.logOSDRecords ccmsetup tasks for client setup, client upgrade, and client removal. Can be used to troubleshoot client installation problems.Client
CreateTSMedia.logOSDRecords details for task sequence media creation.CM console
DeployToVhd.logOSD
Dism.logOSDRecords driver installation actions or update apply actions for offline servicing.Site system server
Distmgr.logOSDRecords details about the configuration of enabling a distribution point for PXE.Site system server
DriverCatalog.logOSDRecords details about device drivers that have been imported into the driver catalog.Site system server
mcsisapi.logOSDRecords information for multicast package transfer and client request responses.Site system server
mcsexec.logOSDRecords health check, namespace, session creation and certificate check actions.Site system server
mcsmgr.logOSDRecords changes to configuration, security mode and availability.Site system server
mcsprv.logOSDRecords multicast provider interaction with Windows Deployment Services (WDS).Site system server
MCSSetup.logOSDRecords details about multicast server role installation.Site system server
MCSMSI.logOSDRecords details about multicast server role installation.Site system server
Mcsperf.logOSDRecords details about multicast performance counter updates.Site system server
MP_ClientIDManager.logOSDRecords management point responses to the client ID requests task sequences initiated from PXE or boot media.Site system server
MP_DriverManager.logOSDRecords management point responses to Auto Apply Driver task sequence action requests.Site system server
OfflineServicingMgr.logOSDRecords details of offline servicing schedules and update apply actions on operating system .wim files.Site system server
Setupact.logOSDRecords details about Windows Sysprep and setup logs.Client
Setupapi.logOSDRecords details about Windows Sysprep and setup logs.Client
Setuperr.logOSDRecords details about Windows Sysprep and setup logs.Client
smpisapi.logOSDRecords details about the client state capture and restore actions, and threshold information.Client
Smpmgr.logOSDRecords details about the results of state migration point health checks and configuration changes.Site system server
smpmsi.logOSDRecords installation and configuration details about the state migration point.Site system server
smpperf.logOSDRecords the state migration point performance counter updates.Site system server
smspxe.logOSDRecords details about the responses to clients that PXE boot and details about the expansion of boot images and boot files.Site system server
smssmpsetup.logOSDRecords installation and configuration details about the state migration point.Site system server
Smsts.logOSDRecords task sequence activities.Client
TSAgent.logOSDRecords the outcome of task sequence dependencies before starting a task sequence.Client
TaskSequenceProvider.logOSDRecords details about task sequences when they are imported, exported, or edited.Site system server
loadstate.logOSDRecords details about the User State Migration Tool (USMT) and restoring user state data.Client
scanstate.logOSDRecords details about the User State Migration Tool (USMT) and capturing user state data.Client
amtopmgr.logOOBMRecords the activities of the out of band service point, which include the discovery of management controllers, provisioning, audit log control, and power control commands.Out of band service point site system server
adctrl.logOOBMRecords details about managing Active Directory accounts that are used by out of band management.Site server
ADService.logOOBMRecords details about account creation and security group details in Active Directory.Site server
amtproxymgr.logOOBMRecords details about the activities of the site server relating to provisioning and sending instruction files to the out of band service point, which include the following:Site server
amtspsetup.logOOBMRecords details about the installation of the out of band service point.Out of band service point site system server
pwrmgmt.logPower ManagementRecords details about power management activities on the client computer, which include monitoring and the enforcement of settings by the Power Management Client Agent.Client
CMRcViewer.logRemote ControlRecords details about the activity of the remote control viewer.Located in the %temp% folder on the computer running the remote control viewer.
srsrp.logReportingRecords information about the activity and status of the reporting services point.Site system server
srsrpMSI.logReportingRecords detailed results of the reporting services point installation process from the MSI output.Site system server
srsrpsetup.logReportingRecords results of the reporting services point installation process.Site system server
hman.logRBACRecords information about site configuration changes, and the publishing of site information to Active Directory Domain Services.Site server
SMSProv.logRBACRecords WMI provider access to the site database.Computer with the SMS Provider
ccmcca.logSU/NAPRecords details about the processing of compliance evaluation based on Configuration Manager NAP policy processing, and contains the processing of remediation for each software update required for compliance.Client
ccmperf.logSU/NAPRecords activities related to the maintenance and capture of data related to client performance counters.Client
PatchDownloader.logSU/NAPRecords details about the process of downloading software updates from the update source to the download destination on the site server.The computer hosting the Configuration Manager console from which downloads are initiated
PolicyEvaluator.logSU/NAPRecords details about the evaluation of policies on client computers, including policies from software updates.Client
RebootCoordinator.logSU/NAPRecords details about the coordination of system restarts on client computers after software update installations.Client
ScanAgent.logSU/NAPRecords details about scan requests for software updates, the WSUS location, and related actions.Client
SdmAgent.logSU/NAPRecords details about tracking of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.Client
ServiceWindowManager.logSU/NAPRecords details about the evaluation of maintenance windows.Client
smssha.logSU/NAPThe main log file for the Configuration Manager Network Access Protection client and it contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.Client
Smsshv.logSU/NAPThis is the main log file for the System Health Validator point and records the basic operations of the System Health Validator service, such as the initialization progress.Site system server
Smsshvadcacheclient.logSU/NAPRecords details about the retrieval of Configuration Manager health state references from Active Directory Domain Services.Site system server
SmsSHVCacheStore.logSU/NAPRecords details about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.Site system server
smsSHVQuarValidator.logSU/NAPRecords client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBALSite system server
smsshvregistrysettings.logSU/NAPRecords any dynamic change to the System Health Validator component configuration while the service is running.Site system server
SMSSHVSetup.logSU/NAPRecords the success or failure (with failure reason) of installing the System Health Validator point.Site system server
SmsWusHandler.logSU/NAPRecords details about the scan process for the Inventory Tool for Microsoft Updates.Client
StateMessage.logSU/NAPRecords details about software updates state messages that are created and sent to the management point.Client
SUPSetup.logSU/NAPRecords details about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.Site system server
UpdatesDeployment.logSU/NAPRecords details about deployments on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.Client
UpdatesHandler.logSU/NAPRecords details about software update compliance scanning and about the download and installation of software updates on the client.Client
UpdatesStore.logSU/NAPRecords details about compliance status for the software updates that were assessed during the compliance scan cycle.Client
WCM.logSU/NAPRecords details about software update point configurations and connections to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.Site server
WSUSCtrl.logSU/NAPRecords details about the configuration, database connectivity, and health of the WSUS server for the site.Site system server
wsyncmgr.logSU/NAPRecords details about the software updates synchronization process.Site server
WUAHandler.logSU/NAPRecords details about the Windows Update Agent on the client when it searches for software updates.Client
wolcmgr.logWake On LANRecords details about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.Site server
wolmgr.logWake On LANRecords details about wake-up procedures, such as when to wake up deployments that are configured for Wake On LAN.Site server
CertMgr.logIntuneRecords certificate and proxy account information.Site server
CollEval.logIntuneRecords details about when collections are created, changed, and deleted by the Collection Evaluator.Primary site and central administration site
Cloudusersync.logIntuneRecords license enablement for users.Computer with the Windows Intune connector
Dataldr.logIntuneRecords information about the processing of MIX files.Site server
ddm.logIntuneRecords activities of the discovery data manager.Site server
Distmgr.logIntuneRecords details about content distribution requests.Top-level site server
Dmpdownloader.logIntuneRecords details on downloads from Microsoft Intune.Computer with the Windows Intune connector
Dmpuploader.logIntuneRecords details for uploading database changes to Microsoft Intune.Computer with the Windows Intune connector
hman.logIntuneRecords information about message forwarding.Site server
objreplmgr.logIntuneRecords the processing of policy and assignment.Primary site server
PolicyPV.logIntuneRecords policy generation of all policies.Site server
outgoingcontentmanager.logIntuneRecords content uploaded to Microsoft Intune.Computer with the Windows Intune connector
Sitecomp.logIntuneRecords details of connector role installation.Site server
SmsAdminUI.logIntuneRecords Configuration Manager console activity.Computer that runs the Configuration Manager console
Smsprov.logIntuneRecords activities performed by the SMSÂ Provider. Configuration Manager console activities use the SMSÂ Provider.Computer with the SMSÂ Provider
SrvBoot.logIntuneRecords details about the Widows Intune connector installer service.Computer with the Windows Intune connector
Statesys.logIntuneRecords the processing of mobile device management messages.Primary site and central administration site
WindowsUpdate.logWindows Update AgentRecords details about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.Client
Change.logWSUS ServerRecords details about the WSUS server database information that has changed.WSUS server
SoftwareDistribution.logWSUS ServerRecords details about the software updates that are synchronized from the configured update source to the WSUS server database.WSUS server

 

MDT PropertyDescription
_SMSTSOrgNameCustomizes the Task Sequencer engine's display banner.
ADDSLogPathFully qualified, non-UNC directory on a hard disk on the local computer to host the AD DS log files. If the directory exists it must be empty. If it does not exist, it will be created.
ADDSPasswordAccount credentials that can be used when promoting the server to a domain controller.
ADDSUserDomainThis is the domain the account specified by ADDSUserName should be taken from. If the operation is to create a new forest or to become a member server from a backup domain controller upgrade there is no default. If the operation is to create a new tree, the default is the DNS name of the forest the computer is currently joined to. If the operation is to create a new child domain or a replica then the default is the DNS name of the domain the computer is joined to. If the operation is to demote the computer and the computer is a domain controller in a child domain, the default is the DNS name of the parent domains. If the operation is to demote the computer, and the computer is a domain controller of a tree root domain, the default is the DNS name of the forest.
ADDSUserNameAccount credentials that will be used when promoting the server to a domain controller.
AdministratorsA list of user accounts and domain groups that will be added to the local Administrator group on the target computer. The Administrators property is a list of text values that can be any non-blank value. The Administrators property has a numeric suffix (for example, Administrators001 or Administrators002).
AdminPasswordDefines the password that will be assigned to the local Administrator user account on the target computer. If not specified, the pre-deployment password of the Administrator user account will be used.
ArchitectureThe processor architecture of the processor that is currently running, which is not necessarily the processor architecture supported by the target computer. For example, when running a 32-bit–compatible operating system on a 64-bit processor, Architecture will indicate that the processor architecture is 32 bit.
AreaCodeThe area code to be configured for the operating system on the target computer. This property allows only numeric characters. This value is inserted into the appropriate configuration settings in Unattend.xml.
AssetTagThe asset tag number associated with the target computer. The format for asset tag numbers is undefined. Use this property to create a subsection that contains settings targeted to a specific computer.
AutoConfigDNSSpecifies whether the Active Directory Installation Wizard configures DNS for the new domain if it detects that the DNS dynamic update protocol is not available.
BackupDirThe folder in which backups of the target computer are stored. This folder exists beneath the UNC path specified in the BackupShare property. If the folder does not already exist, it will be created automatically.
BackupDriveThe drive to include in the backup of the target computer. This property defaults to the drive that contains disk 0 partition 1. It can be also set to ALL.
BackupFileSpecifies the WIM file that will be used by the ZTIBackup.wsf script. For more information about what script uses this property, see ZTIBackup.wsf.
BackupShareThe shared folder in which backups of the target computer are stored.
BitsPerPelA setting for displaying colors on the target computer. The property can contain numeric digits and corresponds to the color quality setting. In the example, 32 indicates 32 bits per pixel for color quality. This value is inserted into the appropriate configuration settings in Unattend.xml.
CapableArchitectureThe processor architecture of the processor supported by the target computer, not the current processor architecture that is running. For example, when running a 32-bit-compatible operating system on a 64-bit processor, CapableArchitecture will indicate that the processor architecture is 64 bit.
CaptureGroupsControls whether the group membership of local groups on the target computer is captured. This group membership is captured during the State Capture Phase and is restored during the State Restore Phase.
ChildNameSpecifies whether to append the DNS label at the beginning of the name of an existing directory service domain when installing a child domain.
ComputerBackupLocationThe network shared folder where the computer backup is stored. If the target folder does not already exist, it is automatically created.
ConfigFileNameSpecifies the name of the configuration file used during OEM deployments.
ConfigFilePackageSpecifies the package ID for the configuration package used during OEM deployments.
ConfirmGCSpecifies whether the replica is also a global catalog.
CountryCodeThe country code to be configured for the operating system on the target computer. This property allows only numeric characters. This value is inserted into the appropriate configuration settings in Unattend.xml.
CriticalReplicationOnlySpecifies whether the promotion operation performs only critical replication and then continues, skipping the noncritical (and potentially lengthy) portion of replication.
DatabaseThe property that specifies the database to be used for querying property values from columns in the table specified in the Table property. The database resides on the computer specified in the SQLServer property. The instance of Microsoft SQL Server® on the computer is specified in the Instance property.
DatabasePathSpecifies the fully qualified, non-UNC path to a directory on a fixed disk of the target computer that contains the domain database.
DBIDSpecifies the user account used to connect to the computer running SQL Server (specified by the SQLServer property) using SQL Server authentication. The DBPwd property provides the password for the user account in the DBID property.
DBPwdSpecifies the password for the user account specified in the DBID property. The DBID and DBPwd properties provide the credentials for performing SQL Server authentication to the computer running SQL Server (specified by the SQLServer property).
DebugControls the verbosity of messages written to the MDT log files. This property can be configured to help assist in troubleshooting deployments by providing extended information about the MDT deployment process.
DefaultGatewayThe IP address of the default gateway being used by the target computer. The format of the IP address returned by the property is standard dotted-decimal notation; for example, 192.168.1.1. Use this property to create a subsection that contains settings targeted to a group of computers based on the IP subnets on which they are located.
DeployDriveThe value used by the scripts to access files and run programs in the deployment share that the Deployment Workbench creates. The property returns the drive letter mapped to the DeployRoot property. ZTIApplications.wsf uses the DeployDrive property when running any command-line programs with a .cmd or .bat extension.
DeploymentMethodThe method being used for the deployment (UNC, media, or Configuration Manager).
DeploymentTypeThe type of deployment being performed based on the deployment scenario. For ZTI, this property is set dynamically by MDT scripts and is not configured in CustomSettings.ini. For LTI, you can bypass the page in the Deployment Wizard on which the deployment type is selected. In addition, you can specify the deployment type by passing one of the values listed below to the LiteTouch.wsf script as a command-line option.
DeployRootSpecifies the UNC or local path to the folder that is the root of the folder structure that MDT uses. This folder structure contains configuration files, scripts, and other folders and files that MDT uses. The value of this property is set based on the following MDT deployment technologies:
DHCPScopesSpecifies the number of DHCP scopes to configure.
DHCPScopesxDescriptionThe description of the DHCP scope.
DHCPScopesxEndIPSpecifies the ending IP address for the DHCP scope.
DHCPScopesxExcludeEndIPSpecifies the ending IP address for the DHCP scope exclusion. IP addresses that are excluded from the scope are not offered by the DHCP server to clients obtaining leases from this scope.
DHCPScopesxExcludeStartIPSpecifies the starting IP address for the DHCP scope exclusion. IP addresses that are excluded from the scope are not offered by the DHCP server to clients obtaining leases from this scope.
DHCPScopesxIPSpecifies the IP subnet of the scope.
DHCPScopesxNameA user-definable name to be assigned to the scope.
DHCPScopesxOptionDNSDomainNameSpecifies the domain name that the DHCP client should use when resolving unqualified domain names with the DNS.
DHCPScopesxOptionDNSServerSpecifies a list of IP addresses for DNS name servers available to the client. When more than one server is assigned, the client interprets and uses the addresses in the specified order.
DHCPScopesxOptionLeaseThe duration that the DHCP lease is valid for the client.
DHCPScopesxOptionNBTNodeTypeSpecifies the client node type for NetBT clients.
DHCPScopesxOptionPXEClientSpecifies the IP address used for PXE client bootstrap code.
DHCPScopesxOptionRouterSpecifies a list of IP addresses for routers on the client subnet. When more than one router is assigned, the client interprets and uses the addresses in the specified order. This option is normally used to assign a default gateway to DHCP clients on a subnet.
DHCPScopesxOptionWINSServerSpecifies the IP addresses to be used for NBNSes on the network.
DHCPScopesxStartIPThe starting IP address for the range of IP addresses that are to be included in the scope.
DHCPScopesxSubnetMaskSpecifies the subnet mask of the client subnet.
DHCPServerOptionDNSDomainNameSpecifies the connection-specific DNS domain suffix of client computers.
DHCPServerOptionDNSServerSpecifies a list of IP addresses to be used as DNS name servers that are available to the client.
DHCPServerOptionNBTNodeTypeSpecifies the client node type for NetBT clients.
DHCPServerOptionPXEClientSpecifies the IP address used for PXE client bootstrap code.
DHCPServerOptionRouterSpecifies a list of IP addresses for routers on the client subnet. When more than one router is assigned, the client interprets and uses the addresses in the specified order. This option is normally used to assign a default gateway to DHCP clients on a subnet.
DHCPServerOptionWINSServerSpecifies the IP addresses to be used for NBNSes on the network.
DialingThe type of dialing supported by the telephony infrastructure where the target computer is located. This value is inserted into the appropriate configuration settings in Unattend.xml.
DNSServerOptionBINDSecondariesDetermines whether to use fast transfer format for transfer of a zone to DNS servers running legacy BIND implementations.
DNSServerOptionDisableRecursionDetermines whether or not the DNS server uses recursion. By default, the DNS Server service is enabled to use recursion.
DNSServerOptionEnableNetmaskOrderingDetermines whether the DNS server reorders address (A) resource records within the same resource record that is set in the server's response to a query based on the IP address of the source of the query.
DNSServerOptionEnableRoundRobinDetermines whether the DNS server uses the round robin mechanism to rotate and reorder a list of resource records if multiple resource records exist of the same type that exist for a query answer.
DNSServerOptionEnableSecureCacheDetermines whether the DNS server attempts to clean up responses to avoid cache pollution. This setting is enabled by default. By default, DNS servers use a secure response option that eliminates adding unrelated resource records that are included in a referral answer to their cache. In most cases, any names that are added in referral answers are typically cached, and they help expedite the resolution of subsequent DNS queries.
DNSServerOptionFailOnLoadSpecifies that loading of a zone should fail when bad data is found.
DNSServerOptionNameCheckFlagSpecifies which character standard is used when checking DNS names.
DNSZonesSpecifies the number of DNS zones to configure.
DNSZonesxDirectoryPartitionSpecifies the directory partition on which to store the zone when configuring secondary or stub zones.
DNSZonesxFileNameSpecifies the name of the file that will store the zone information.
DNSZonesxMasterIPA comma delimited list of IP addresses of the master servers to be used by the DNS server when updating the specified secondary zones. This property must be specified when configuring a secondary or stub DNS zone.
DNSZonesxNameSpecifies the name of the zone.
DNSZonesxScavengeConfigures the Primary DNS server to "scavenge" stale records—that is, to search the database for records that have aged and delete them.
DNSZonesxTypeSpecifies the type of zone to create.
DNSZonesxUpdateConfigures the Primary DNS server to perform dynamic updates.
DoCaptureIndicator of whether an image of the target computer is to be captured. If it is, Sysprep is run on the target computer to prepare for image creation. After Sysprep has run, a new WIM image is created and stored in the folder within the shared folder designated for target computer backups (BackupDir and BackupShare, respectively).
DomainAdminThe user account credentials used to join the target computer to the domain specified in JoinDomain. Specify as UserName .
DomainAdminDomainThe domain in which the user’s credentials specified in DomainAdmin reside.
DomainAdminPasswordThe password used for the domain Administrator account specified in the DomainAdmin property to join the computer to the domain.
DomainLevelThis entry specifies the domain functional level. This entry is based on the levels that exist in the forest when a new domain is created in an existing forest.
DomainNetBiosNameAssigns a NetBIOS name to the new domain.
EventServiceThe EventService property specifies the URL where the MDT monitoring service is running. By default, the service uses TCP port 9800 to communicate. The MDT monitoring service collects deployment information on the deployment process that can be viewed in the Deployment Workbench and using the Get-MDTMonitorData cmdlet.
EventShareThe EventShare property points to a shared folder in which the MDT scripts record events.
ForestLevelThis entry specifies the forest functional level when a new domain is created in a new forest.
FullNameThe full name of the user of the target computer provided during the installation of the operating system. This value is inserted into the appropriate configuration settings in Unattend.xml.
GroupsThe list of local groups on the target computer whose membership will be captured. This group membership is captured during the State Capture Phase and is restored during the State Restore Phase. (The default groups are Administrators and Power Users.) The Groups property is a list of text values that can be any non-blank value. The Groups property has a numeric suffix (for example, Groups001 or Groups002).
OSHome_PageThe URL to be used as the Windows Internet Explorer® home page after the target operating system is deployed.
HostNameThe IP host name of the target computer (the name assigned to the target computer).
ImagePackageIDThe package ID used for the operating system to install during OEM deployments.
InputLocaleA list of input locales to be used with the target operating system. More than one input locale can be specified for the target operating system. Each locale must be separated by a semicolon (;). If not specified, the Deployment Wizard uses the input locale configured in the image being deployed.
InstallPackageIDThe package ID used for the operating system to install during OEM deployments.
InstanceThe instance of SQL Server used for querying property values from columns in the table specified in the Table property. The database resides on the computer specified in the SQLServer property. The instance of SQL Server on the computer is specified in the Instance property.
IPAddressThe IP address of the target computer. The format of the IP address returned by the property is standard dotted-decimal notation; for example, 192.168.1.1. Use this property to create a subsection that contains settings targeted to a specific target computer based on the IP address.
IsDesktopIndicator of whether the computer is a desktop, because the Win32_SystemEnclosure ChassisType property value is 3, 4, 5, 6, 7, or 15.
IsHypervisorRunningSpecifies whether a hypervisor is present on the target computer. This property is set using information from the CPUID interface.
IsLaptopIndicator of whether the computer is a portable computer, because the Win32_SystemEnclosure ChassisType property value is 8, 10, 12, 14, 18, or 21.
IsServerIndicator of whether the computer is a server, because the Win32_SystemEnclosure ChassisType property value is 23.
IsServerCoreOSIndicator of whether the current operating system running on the target computer is the Server Core installation option of the Windows Server operating system.
IsServerOSIndicator of whether the current operating system running on the target computer is a server operating system.
IsUEFISpecifies whether the target computer is currently running with Unified Extensible Firmware Interface (UEFI). The UEFI is a specification that defines a software interface between an operating system and platform firmware. UEFI is a more secure replacement for the older BIOS firmware interface present in some personal computers. For more information on UEFI, go to http://www.uefi.org.
IsVMSpecifies whether the target computer is a VM based on information gathered from the CPUID interface. You can determine the specific VM environment using the VMPlatform property.
JoinDomainThe domain that the target computer joins after the target operating system is deployed. This is the domain where the computer account for the target computer is created. The JoinDomain property can contain alphanumeric characters, hyphens (-), and underscores (_). The JoinDomain property cannot be blank or contain spaces.
JoinWorkgroupThe workgroup that the target computer joins after the target operating system is deployed. The JoinWorkgroup property can contain alphanumeric characters, hyphens (-), and underscores (_). The JoinWorkgroup property cannot be blank or contain spaces.
KeyboardLocaleA list of keyboard locales to be used with the target operating system. More than one keyboard locale can be specified for the target operating system. Each locale must be separated by a semicolon (;). If not specified, the Deployment Wizard uses the keyboard locale configured in the image being deployed.
KeyboardLocalePEThe name of the keyboard locale to be used while in Windows PE only.
LocationThe geographic location of the target computers. A list of IP addresses that correspond to the default gateways defined for the computers within that location defines the Location property. An IP address for a default gateway can be associated with more than one location.
LongDistanceAccessThe dialing digits to gain access to an outside line to dial long distance. The property can contain only numeric digits. This value is inserted into the appropriate configuration settings in Unattend.xml.
MACAddressThe media access control (MAC) layer address of the primary network adapter of the target computer. The MACAddress property is included on the Priority line so that property values specific to a target computer can be provided. Create a section for each MAC address for each of the target computers (such as [00:0F:20:35:DE:AC] or [00:03:FF:FE:FF:FF]) that contain target computer–specific settings.
MachineObjectOUThe AD DS OU in the target domain where the computer account for the target computer is created.
MakeThe manufacturer of the target computer. The format for Make is undefined. Use this property to create a subsection that contains settings targeted to a specific computer manufacturer (most commonly in conjunction with the Model and Product properties).
MandatoryApplicationsA list of application GUIDs that will be installed on the target computer. These applications are specified on the Applications node in the Deployment Workbench. The GUIDs are stored in the Applications.xml file. The MandatoryApplications property is a list of text values that can be any non-blank value. The MandatoryApplications property has a numeric suffix (for example, MandatoryApplications001 or MandatoryApplications002).
MemoryThe amount of memory installed on the target computer in megabytes. For example, the value 2038 indicates 2,038 MB (or 2 GB) of memory is installed on the target computer.
ModelThe model of the target computer. The format for Model is undefined. Use this property to create a subsection that contains settings targeted to a specific computer model number for a specific computer manufacturer (most commonly in conjunction with the Make and Product properties).
NetLibThe protocol to be used to communicate with the computer running SQL Server specified in the SQLServer property.
NewDomainIndicates the type of a new domain: whether a new domain in a new forest, the root of a new tree in an existing forest, or a child of an existing domain.
NewDomainDNSNameSpecifies the required name of a new tree in an existing domain or when Setup installs a new forest of domains.
OrderThe sorting order for the result set on a database query. The result set is based on the configuration settings of the Database, Table, SQLServer, Parameters, and ParameterCondition properties. More than one property can be provided to sort the results by more than one property.
OrgNameThe name of the organization that owns the target computer. This value is inserted into the appropriate configuration settings in Unattend.xml.
OSCurrentBuildThe build number of the currently running operating system.
OSCurrentVersionThe version number of the currently running operating system.
OSDAdapterxDNSDomainSpecifies the DNS domain name (DNS suffix) that will be assigned to the network connection. This property is for ZTI only. For LTI, see the OSDAdapterxDNSSuffix property.
OSDAdapterxDNSServerListThis is a comma-delimited list of DNS server IP addresses that will be assigned to the network connection.
OSDAdapterxEnableDHCPSpecifies whether the network connection will be configured via DHCP.
OSDAdapterxEnableDNSRegistrationSpecifies whether DNS registration is enabled on the network connection.
OSDAdapterxEnableFullDNSRegistrationSpecifies whether full DNS registration is enabled on the network connection.
OSDAdapterxEnableLMHostsSpecifies whether LMHOSTS lookup is enabled on the network connection.
OSDAdapterxEnableIPProtocolFilteringThis property specifies whether IP protocol filtering should be enabled on the network connection.
OSDAdapterxEnableTCPFilteringSpecifies whether TCP/IP filtering should be enabled on the network connection. This property is for ZTI only. For LTI, see the OSDAdapterxEnableTCPIPFiltering property.
OSDAdapterxEnableWINSSpecifies whether WINS will be enabled on the network connection.
OSDAdapterxGatewayCostMetricA comma-delimited list of Gateway Cost Metrics specified as either integers or the string "Automatic" (if empty, uses "Automatic") that will be configured on the connection.
OSDAdapterxGatewaysA comma-delimited list of gateways to be assigned to the network connection.
OSDAdapterxIPProtocolFilterListA comma-delimited list of IP protocol filters to be assigned to the network connection. This property can be configured using the CustomSettings.ini file or the MDT DB but not the Deployment Workbench. If using Configuration Manager it is also configurable using an Apply Network Settings task sequence step.
OSDAdapterxMacAddressAssign the specified configuration settings to the network interface card that matches the specified MAC address.
OSDAdapterxNameAssign the specified configuration settings to the network adapter that matches the specified name. This property is for ZTI only. For the equivalent property for LTI, see OSDAdapterxDescription.
OSDAdapterxSubnetMaskA comma-delimited list of IP subnet masks to be assigned to the network connection.
OSDAdapterxTCPFilterPortListA comma-delimited list of TCP filter ports to be assigned to the network connection. This property can be configured using the CustomSettings.ini file or the MDT DB but not the Deployment Workbench. If using Configuration Manager it is also configurable using an Apply Network Settings task sequence step.
OSDAdapterxTCPIPNetBiosOptionsSpecifies the TCP/IP NetBIOS options to be assigned to the network connection.
OSDAdapterxUDPFilterPortListA comma-delimited list of User Datagram Protocol (UDP) filter ports to be assigned to the network connection. This property can be configured using the CustomSettings.ini file and the MDT DB but not the Deployment Workbench. If using Configuration Manager it is also configurable using an Apply Network Settings task sequence step.
OSDAdapterxWINSServerListA two-element, comma-delimited list of WINS server IP addresses to be assigned to the network connection.
OSDAdapterCountSpecifies the number of network connections that are to be configured.
OSDBitLockerCreateRecoveryPasswordA Boolean value that indicates whether the process creates a recovery key for BitLocker. The key is used for recovering data encrypted on a BitLocker volume. This key is cryptographically equivalent to a startup key. If available, the recovery key decrypts the VMK, which, in turn, decrypts the FVEK.
OSDBitLockerModeThe type of BitLocker installation to be performed. Protect the target computer using one of the following methods:
OSDBitLockerRecoveryPasswordInstead of generating a random recovery password, the Enable BitLocker task sequence action uses the specified value as the recovery password. The value must be a valid numerical BitLocker recovery password.
OSDBitLockerStartupKeyInstead of generating a random startup key for the key management option Startup Key on USB only, the Enable BitLocker task sequence action uses the value as the startup key. The value must be a valid, Base64-encoded BitLocker startup key.
OSDBitLockerStartupKeyDriveThe location for storing the BitLocker recovery key and startup key.
OSDBitLockerTargetDriveSpecifies the drive to be encrypted. The default drive is the drive that contains the operating system.
OSDBitLockerWaitForEncryptionSpecifies that the deployment process should not proceed until BitLocker has completed the encryption process for all specified drives. Specifying TRUE could dramatically increase the time required to complete the deployment process.
OSDComputerNameThe new computer name to assign to the target computer.
OSDDiskIndexSpecifies the disk index that will be configured.
OSDDiskOffsetThis property is used to pass a value to the offset parameter of the create partition primary command in the DiskPart command. For more information on the offset parameter, see Create partition primary.
OSDDiskPartBiosCompatibilityModeThis property specifies whether to disable cache alignment optimizations when partitioning the hard disk for compatibility with certain types of BIOS.
OSDImageCreatorSpecifies the name of the installation account that will be used during OEM deployments.
OSDImageIndexSpecifies the index of the image in the .wim file. This property is referenced during OEM deployments.
OSDImagePackageIDSpecifies the package ID for the image to install during OEM deployments.
OSDInstallEditionIndexSpecifies the index of the image in the WIM file. This property is referenced during OEM deployments.
OSDInstallTypeSpecifies the installation type used for OEM deployments. The default is Sysprep .
OSDiskSpecifies the drive used to install the operating system during OEM deployments. The default value is C:.
OSDPreserveDriveLetterThis property is used to determine whether the Apply OS task sequence step should preserve the drive letter in the operating system image file (.wim file) being deployed to the target computer.
OSDStateStorePathLTI and ZTI use this property to set the path where the user state migration data will be stored, which can be a UNC path, a local path, or a relative path.
OSFeaturesA comma-delimited list of server feature IDs that will be installed on the target computer.
OSInstallIndicates whether the target computer is authorized to have the target operating system installed. If the OSInstall property is not listed, the default is to allow deployment of operating systems to any target computer.
OSRolesA comma-delimited list of server role IDs that will be installed on the target computer.
OSRoleServicesA comma-delimited list of server role service IDs that will be installed on the target computer.
OSSKUThe edition of the currently running operating system. The operating system edition is determined by using the OperatingSystemSKU property of the Win32_OperatingSystem WMI class. For a list of the editions the OperatingSystemSKU property returns, see the section, "OperatingSystemSKU," at Win32_OperatingSystem class.
OSVersionThe version of the currently running operating system. This property should only be used to detect if the currently running operating system is Windows PE. Use the OSVersionNumber property to detect other operating systems.
OSVersionNumberThe operating system major and minor version number. This property is referenced during OEM deployments.
OverrideProductKeyThe Multiple Activation Key (MAK) string to be applied after the target operating is deployed to the target computer. The value specified in this property is used by the ZTILicensing.wsf script during the State Restore Phase to apply the MAK to the target operating system. The script also configures the volume licensing image to use MAK activation instead of Key Management Service (KMS). The operating system needs to be activated with Microsoft after the MAK is applied. This is used when the target computer is unable to access a server that is running KMS.
PackagesThe list of Configuration Manager packages to be deployed to the target computer. The Packages property has a numeric suffix (for example, Packages001 or Packages002).
ParametersThe parameters to be passed to a database query that returns property values from columns in the table specified in the Table property. The table is located in the database specified in the Database property on the computer specified in the SQLServer property. The instance of SQL Server on the computer is specified in the Instance property.
ParameterConditionIndicator of whether a Boolean AND or OR operation is performed on the properties listed in the Parameters property.
ParentDomainDNSNameSpecifies the DNS domain name of an existing directory service domain when installing a child domain.
PasswordSpecifies the password for the user name (account credentials) to use for promoting the member server to a domain controller.
PhaseThe current phase of the deployment process. The Task Sequencer uses these phases to determine which tasks must be completed.
PortThe number of the port that should be used when connecting to the SQL Server database instance that is used for querying property values from columns in the table specified in the Table property. The database resides on the computer specified in the SQLServer property. The instance of SQL Server on the computer is specified in the Instance property. The port used during connection is specified in the Port property.
PowerUsersA list of user accounts and domain groups to be added to the local Power Users group on the target computer. The PowerUsers property is a list of text values that can be any non-blank value. The PowerUsers property has a numeric suffix (for example, PowerUsers1 or PowerUsers2).
ProcessorSpeedThe speed of the processor installed on the target computer in MHz. For example, the value 1995 indicates the processor on the target computer is running at 1,995 MHz or 2 gigahertz.
ProductThe product name of the target computer. With some computer vendors, the make and model might not be sufficiently unique to identify the characteristics of a particular configuration (for example, hyperthreaded or non-hyperthreaded chipsets). The Product property can help to differentiate.
ProductKeyThe product key string to be configured for the target computer. Before the target operating system is deployed, the product key specified is automatically inserted into the appropriate location in Unattend.xml.
PropertiesA reserved property that defines any custom, user-defined properties. These user-defined properties are located by the ZTIGather.wsf script in the CustomSettings.ini file, BootStrap.ini file, or the MDT DB. These properties are additions to the predefined properties in MDT.
ReplicaDomainDNSNameSpecifies the DNS domain name of the domain to replicate.
ReplicaOrNewDomainSpecifies whether to install a new domain controller as the first domain controller in a new directory service domain or to install it as a replica directory service domain controller.
ReplicationSourceDCIndicates the full DNS name of the domain controller from which you replicate the domain information.
ResourceDriveThe drive letter mapped to the ResourceRoot property for the ZTIDrivers.wsf and ZTIPatches.wsf scripts to use to install drivers and patches to the target computer.
ResourceRootThe value of this property is used by the ZTIDrivers.wsf and ZTIPatches.wsf scripts to install drivers and patches to the target computer.
RoleThe purpose of a computer based on the tasks performed by the user on the target computer. The Role property lists text values that can be any non-blank value. The Role property value has a numeric suffix (for example, Role1 or Role2). When defined, a role is associated with a computer. A computer can perform more than one role.
SafeModeAdminPasswordSupplies the password for the administrator account when starting the computer in Safe mode or a variant of Safe mode, such as Directory Services Restore mode.
SerialNumberThe serial number of the target computer. The format for serial numbers is undefined. Use this property to create a subsection that contains settings targeted to a specific computer.
SLShareThe network shared folder in which the deployment logs are stored at the end of the deployment process.
SLShareDynamicLoggingThe network shared folder in which all MDT logs should be written during deployment. This is used for advanced real-time debugging only.
SMSTSAssignUserModeSpecifies whether user device affinity (UDA) should be enabled and whether approval is required. This property only works with the UDA feature in Configuration Manager.
SMSTSRunCommandLineUserNameSpecifies the user name in Domain\User_Name format that should be used with a Run Command Line step that is configured to run as a user.
SMSTSRunCommandLineUserPasswordSpecifies the password that should be used with a Run Command Line step that is configured to run as a user.
SQLServerThe identity of the computer running SQL Server that performs a database query that returns property values from columns in the table specified in the Table property. The query is based on parameters specified in the Parameters and ParameterCondition properties. The instance of SQL Server on the computer is specified in the Instance property.
SQLShareThe name of a shared folder on the computer running SQL Server (specified by the SQLServer property). The credentials used for authentication are provided by the UserDomain, UserID, and UserPassword properties (for LTI and ZTI) or by the Configuration Manager Advanced Client account credentials (ZTI only).
StoredProcedureThe name of the stored procedure used when performing a database query that returns property values from columns in the table or view. The stored procedure is located in the database specified in the Database property. The computer running SQL Server is specified in the SQLServer property. The instance of SQL Server on the computer is specified in the Instance property. The name of the stored procedure is specified in the StoredProcedure property.
SupportsHyperVRoleSpecifies whether the processor resources on the target computer can support the Hyper-V server role in Windows Server. This property is True if the value for the following properties is set to TRUE:
SupportsNXSpecifies whether the processor resources on the target computer support the No Execute (NX) technology. The NX technology is used in processors to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data. This property is set using information from the CPUID interface.
SupportsVTSpecifies whether the processor resources on the target computer support the Virtualization Technology (VT) feature. VT is used to support current virtualized environments, such as Hyper-V. This property is set using information from the CPUID interface.
Supports64BitSpecifies whether the processor resources on the target computer support Windows 64-bit operating systems. Most modern virtualization environments require 64-bit processor architecture. This property is set using information from the CPUID interface.
SysVolPathSpecifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer.
TableThe name of the table or view to be used in performing a database query that returns property values from columns in the table or view. The query is based on parameters specified in the Parameters and ParameterCondition properties. The table or view is located in the database specified in the Database property. The computer running SQL Server is specified in the SQLServer property. The instance of SQL Server on the computer is specified in the Instance property.
TimeZoneNameThe time zone in which the target computer is located. This value is inserted into the appropriate configuration settings in Unattend.xml.
ToolRootSpecifies the UNC path to the Tools\ proc_arch folder (where proc_arch is the processor architecture of the currently running operating system and can have a value of x86 or x64), which is immediately beneath the root of the folder structure specified in the DeployRoot property. The Tools\ proc_arch folder contains utilities that MDT uses during the deployment process.
TPMOwnerPasswordThe TPM password (also known as the TPM administration password ) for the owner of the target computer. The password can be saved to a file or stored in AD DS.
UILanguageThe default language to be used with the target operating system. If not specified, the Deployment Wizard uses the language configured in the image being deployed.
UserLocaleThe user locale to be used with the target operating system. If not specified, the Deployment Wizard uses the user locale configured in the image being deployed.
USMTOfflineMigrationThis property determines whether MDT uses USMT to perform an offline user state migration. In an offline migration, the capture is performed in Windows PE instead of the existing operating system.
UUIDThe Universal Unique Identifier (UUID) stored in the System Management BIOS of the target computer.
VMNameSpecifies the name of the VM where MDT is running. This property is only available when the Hyper-V Integration Components are installed and running.
VMPlatformSpecifies specific information about the virtualization environment for the target computer when the target computer is a VM. The VM platform is determined by using WMI.
VRefreshThe vertical refresh rate for the monitor on the target computer. The vertical refresh rate is specified in Hertz. In the example, the value 60 indicates that the vertical refresh rate of the monitor is 60 Hz. This value is inserted into the appropriate configuration settings in Unattend.xml.
VSSMaxSizeThis property is used to pass a value to the maxsize parameter of the vssadmin resize shadowstorage command in the Vssadmin command. The maxsize parameter is used to specify the maximum amount of space on the target volume that can be used for storing shadow copies. For more information on the maxsize parameter, see Vssadmin resize shadowstorage.
WindowsSourceMDT uses this property to set the location of the sources\sxs folder in a network shared folder that contains the operating system source files. This property is used when:
WipeDiskSpecifies whether the disk should be wiped. If WipeDisk is TRUE, the ZTIWipeDisk.wsf script will clean the disk using the Format command. The Format command is not the most "secure" way of wiping the disk.
WSUSServerThis is the name of the Windows Server Update Services (WSUS) server that the target computer should use when scanning for, downloading, and installing updates.
XResolutionThe horizontal resolution of the monitor on the target computer, specified in pixels. In the example, the value 1024 indicates the horizontal resolution of the monitor is 1,024 pixels. This value is inserted into the appropriate configuration settings in Unattend.xml.
YResolutionThe vertical resolution of the monitor on the target computer, specified in pixels. In the example, the value 768 indicates the vertical resolution of the monitor is 768 pixels. This value gets inserted into the appropriate configuration settings in Unattend.xml.

after completing these updated, check via the O365 portal that O365 is reporting the Skype DNS entries as all good. I find this is generally pretty quick, so I assume that the source DNS server is used for DNS record checks and it doesn’t have to wait for convergence.

 

Step 2 – Check functionality

After an appropriate convergence time, check that all functionality is working before moving on to further steps.

Again, this depends on the size of your environment and your internal and external DNS configuration.

Marks post has a couple of scripts you can run if you wish to speed up the process internally.

 

Step 3 – Disable Shared SIP Address Space

Ensure you have the Skype for business powershell module

  • Import-Module LyncOnlineConnector
  • $credential = Get-Credential “<yourSkypeForBusinessAdminAccount”
  • $session = New-CsOnlineSession -Credential $credential
  • Import-PSSession $session
  • Set-CsTenantFederationConfiguration –SharedSipAddressSpace $false

 

Step 4 – Uninstall on premise components

On one of your home servers

  • Open the Skype for Business server control panel or PowerShell (whichever way you prefer)
    • Remove all objects possible (see Phase 3 of this document). These will vary greatly, so I have not listed all of the things to remove, but let me know if you are having trouble with one.
  • Open the Skype of Business topology manager
    • Download your existing topology
    • Remove configuration and components to allow you to strip the environment bare
      • Remove global routes to your edge servers, which will allow the edge servers to be removed
      • Remove application servers
      • Remove any configuration pointing to your mediation servers, then remove them
      • Remove persistent chant pools
      • Remove everything you can, which will be everything except the last server where your CSS is stored (if running standard)
    • Publish the topology
      • Run Skype for Business Server Deployment wizard on the edge and mediation (if this is co-located, there will not be additional mediation servers) servers, and allow it to remove all roles
      • These servers can now be switched off
  • Open the Skype of Business topology manager
    • Download your existing topology
    • Now when right clicking on your final server, if you to “topology” you will have an option of “Remove Deployment”
    • Select this and publish your topology again
  • Open Skype for business management shell
    • Get-CsConferenceDirectory | Remove-CsConferenceDirectory -Force
    • Publish-CsTopology -FinalizeUninstall
    • Run C:\Program Files\Skype for Business Server 2015\Deployment\bootstrapper.exe /scorch
    • Remove-CsConfigurationStoreLocation
    • Disable-CsAdDomain (This will remove the RTC groups from your AD permissions structure)
    • Disable-CsAdForest ((This will remove the CS* groups from your AD)
    • I found once this had completed, a couple of RTC groups still existed under the “users” container. This is likely due to the fact that the domain has hosted versions of Lync/OCS etc. sync LCS 2005. I deleted these manually.
  • Once this was completed, shut down your last Skype for business server on premise.

 

 

References

Mark Vale, August 17 2015, Decommissioning Skype for Business Hybrid and Going Cloud Only

Microsoft,  September 11 2013, Decommissioning a Deployment

Microsoft, March 26 2012, Remove-CsConfigurationStoreLocation

Microsoft, April 12 2011, Publish Final Topology and Remove Last Front End

Scripting Office 365 licensing with disabled services

In the past I’ve had a few clients request scripts to automatically set/assign licenses to users in Office 365 – Generally pretty simple stuff. Recently I had a client ask to disable a particular service within a license – again, not all that difficult – unless you want to actually check if a license/service is already configured correctly (and not make any changes if it is). Took a little while to work out, so figured I’d share the love!

Just to set a license for a user is a pretty simple process – all you need is the license ‘SkuId’ value of the relevant license. To get a list of the ones available in your tenant, run: Get-MsolAccountSku You’ll get a list of the available license SkuId’s and how many are active/consumed. In this article we’ll use an example SkuId of Contoso:STANDARDWOFFPACK_IW_STUDENT. Once you have the SkuId, all you need to run to assign the license is:

Set-MsolUser -UserPrincipalName user@contoso.com -UsageLocation AU
Set-MsolUserLicense -UserPrincipalName user@contoso.com -AddLicenses "Contoso:STANDARDWOFFPACK_IW_STUDENT"

You’ll notice that the code above sets the location first – this is required, as you can’t apply a license without a location being set! What if you didn’t want to have all the applications available for the user? For example, the above license includes Yammer Education. In this case, we need to create a ‘License Options’ object first.

$LicenseOption = New-MsolLicenseOptions -AccountSkuId "Contoso:STANDARDWOFFPACK_IW_STUDENT" -DisabledPlans YAMMER_EDU
Set-MsolUserLicense -UserPrincipalName user@contoso.com –LicenseOptions $LicenseOption

 So where did we get the “YAMMER_EDU” from? You can list the available services for a license by running:

(Get-MsolAccountSku | where {$_.AccountSkuId -eq 'Contoso:STANDARDWOFFPACK_IW_STUDENT'}).ServiceStatus

What if we wanted to disable multiple services in the License Option? The “-DisabledPlans” option accepts a comma-separated list. For example:

$LicenseOption = New-MsolLicenseOptions -AccountSkuId "Contoso:STANDARDWOFFPACK_IW_STUDENT" -DisabledPlans YAMMER_EDU, SWAY

Ok, so now we know how to get the available licenses and related services – as well as how to assign the license to the user. What if we wanted to check if a license is assigned to a user first? Personally, I’m not a huge fan of just re-stamping settings each time you run a script – so I thought I’d look into it. The easiest method I’ve found is to try bind to the license, then check if it’s $null or not:

$User = Get-MsolUser -UserPrincipalName user@contoso.com
$License = $User.Licenses | Where{$_.AccountSkuId -ieq "Contoso:STANDARDWOFFPACK_IW_STUDENT"}
If ($License) {Write-Host "Found License"} else { Write-Host "Didn't Find License"}
From there we can do whatever we want – if the license is found and that’s all you care about, you can skip – otherwise you can use the other commands to set the license.
So what if we also want to make sure YAMMER_EDU is disabled as well? That’s a little trickier. First we need to bind to the license like we did above, then we need to check the status of the relevant ‘ServicePlan’.
$User = Get-MsolUser -UserPrincipalName user@contoso.com
$License = $User.Licenses | Where{$_.AccountSkuId -ieq "Contoso:STANDARDWOFFPACK_IW_STUDENT"}
If($License)
    {
    If($License.ServiceStatus | Where{$_.ServicePlan.ServiceName -ieq "YAMMER_EDU" -and $_.ProvisioningStatus -ine "Disabled"})
        {
        Write-Host "YAMMER_EDU isn't disabled"
        }
    }

At this point it’s probably a good idea to talk about the structure of these objects – you may not need to know it, but for anyone trying to modify these commands it might be helpful:

  • A ‘User’ object contains an attribute ‘Licenses’. This attribute is an array – as a user can have multiple licenses assigned.
  • A ‘License’ object contains two attributes relevant to this script; ‘AccountSkuID’ and ‘ServiceStatus’
    • AccountSkuId is the attribute that matches up with the AccountSkuId we’re using above
    • ServiceStatus is another array – it contains an array of objects representing the individual services available in that license – and their status.

The two attributes attached to a ‘ServiceStatus’ object that we care about are:

  • ServicePlan.ServiceName – this is the name to match the service above (eg: YAMMER_EDU)
  • ProvisioningStatus – this can be a bunch of values, but mostly ‘Success’, ‘Disabled’ or ‘PendingInput’. I’d assume there’s also ‘Provisioning’, but I’ve never seen it.

With this in mind, we can put together a script like the following – it reads the UPN and AccountSkuID from a CSV file, though you could use whatever source you like and update the script accordingly.

Note: In order to run this script, you’ll need:

#Input File
$File = "D:\_Temp\ExchangeOnline\Source.csv"

#Log Variables
$LogFile = "D:\_Temp\ExchangeOnline\SetLicenses_$((Get-Date).ToString("yyyyMMdd")).log"
$AuditFile = "D:\_Temp\ExchangeOnline\SetLicenses_Audit.log"

#Credentials
$AdminUser = "admin@contoso.com"
$PasswordFile = "D:\_Temp\ExchangeOnline\EO_Password.txt"
$KeyFile = "D:\_Temp\ExchangeOnline\EO_AES.key"

Write-Output "$(Get-Date -format 'G') ========Script Started========" | Tee-Object $LogFile -Append

#Build the credentials object
Write-Output "$(Get-Date -format 'G') Creating credentials object" | Tee-Object $LogFile -Append
$key = Get-Content $KeyFile
$SecurePassword = Get-Content $PasswordFile | ConvertTo-SecureString -Key $key
$Creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AdminUser, $SecurePassword

#Import the MSOnline Module
IMport-Module MSOnline

#Connect to MSOnline
Write-Output "$(Get-Date -format 'G') Connecting to MSOnline" | Tee-Object $LogFile -Append
Connect-MsolService -Credential $Creds

#Grab the CSV contents
$CSV = Import-CSV $File
#Go through each entry
Foreach($Line in $CSV)
    {
    $samAccountName = $line.samAccountName
    $UPN = $Line.UPN
    $SKUID = $Line.license

    Write-Output "$(Get-Date -format 'G') Processing User $UPN" | Tee-Object $LogFile -Append

    #Make sure the user exists in MSOnline
    If(Get-MsolUser -UserPrincipalName $UPN)
        {
        #Found in MSOnline. Put the user account into a variable
        Write-Output "$(Get-Date -format 'G') – Located in MSOnline" | Tee-Object $LogFile -Append
        $User = Get-MsolUser -UserPrincipalName $UPN
        #Check the UsageLocation
        If($User.UsageLocation -ine "AU")
            {
            Write-Output "$(Get-Date -format 'G') – Location not set to AU. Updating…" | Tee-Object $LogFile -Append
            #Update it
            Set-MsolUser -UserPrincipalName $User.UserPrincipalName -UsageLocation AU
            Write-Output "$(Get-Date -format 'G') $UPN Location set to AU" | Out-File $AuditFile -Append
            }

        #Check if the license is attached to the user
        $SetLicense = $false
        Write-Output "$(Get-Date -format 'G') – Checking for License: $SKUID" | Tee-Object $LogFile -Append
        $License = $User.Licenses | Where{$_.AccountSkuId -ieq $SKUID}
        If($License)
            {
            #License is attached. Check to make sure that any services to be disabled are actually disabled
            Write-Output "$(Get-Date -format 'G') – License already attached. Checking if required services are disabled" | Tee-Object $LogFile -Append
            If($License.ServiceStatus | Where{$_.ServicePlan.ServiceName -ieq "YAMMER_EDU" -and $_.ProvisioningStatus -ine "Disabled"})
                {
                Write-Output "$(Get-Date -format 'G') – YAMMER_EDU not disabled." | Tee-Object $LogFile -Append
                $SetLicense = $True
                }

            If($SetLicense){Write-Output "$(Get-Date -format 'G') – One or more services not disabled. License requires updating." | Tee-Object $LogFile -Append}
        }
    Else
        {
        #License is not attached.
        Write-Output "$(Get-Date -format 'G') – License is not attached. Will be attached." | Tee-Object $LogFile -Append
        $SetLicense = $True
    }

    If($SetLicense)
        {
        #License is not attached or not configured correctly. Build up the license with required options
        $LicenseOption = New-MsolLicenseOptions -AccountSkuId $SKUID -DisabledPlans YAMMER_EDU
        #Set the License
        Write-Output "$(Get-Date -format 'G') – Setting/Updating license" | Tee-Object $LogFile -Append
        Set-MsolUserLicense -UserPrincipalName $User.UserPrincipalName –LicenseOptions $LicenseOption
        Write-Output "$(Get-Date -format 'G') $UPN License set/updated for SkuId: $SKUID" | Out-File $AuditFile -Append
        }
    else
        {
        Write-Output "$(Get-Date -format 'G') – No changes to license required" | Tee-Object $LogFile -Append
        }

    # Clear loop variables for the next run
    $samAccountName = $Null
    $UPN = $Null
    $SKUID = $Null
    $User = $Null
    $License = $Null
    $SetLicense = $Null
    $LicenseOption = $Null
    }
else
    {
    Write-Output "$(Get-Date -format 'G') – Error: User not found in MSOnline" | Tee-Object $LogFile -Append
    }

}

Write-Output "$(Get-Date -format 'G') ========Script Complete========" | Tee-Object $LogFile -Append