Azure Active Directory : Bulk Create + License assignment / attribution via Powershell

One of my colleagues told me, how she struggles with creating 10 CRM Accounts everytime she has a new Demo(she does more than 3 a week). Plus manually assigning the licenses.

And as a hero i told her that Powershell is always the solution, so i wrote this script that bulk creates and assigns licenses.

This script creates Azure Active Directory accounts, that means it can be also used for Office365, SharePoint, CRM…etc

Azure Active Directory Powershell

The script uses the AzureAD Powershell.

First you need to install it on your computer by running this cmdlet :

Install-Module AzureAD

How to use it

Just download the 2 files and start the ps1 script.

Input.Json : input

Script : New-AzureADAccountBulk

Script Logic

The script’s Input is a file Input.json that provied those Infos

  • Tenant Name
  • Admin Login
  • Admin Password
  • List of Users to create
    • Display Name
    • Mail NickName(the email’s preffix)
    • Password
    • List of Licenses to Assign

License Names could be listed by running this command


License samples :



The Script

The scripts can be downloaded here. I changed the extension to pdf, because WordPress doesn’t allow ps1 and json extensions.

Input.Json : input

Script : New-AzureADAccountBulk

I will not go through the whole document, but i will comment the improtant commands.


$config = Get-Content .\input.json | Out-String | ConvertFrom-Json
#Reading the json file

$adminPwrd = ConvertTo-SecureString -String $config.AdminPassword -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $config.AdminLogin, $adminPwrd

#Using -Credential was to avoid the login popup
Connect-AzureAd -Credential $Credential


#Loading the License from Azure Active Directory. If license not found, a warning is displayed
$liceTemp = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $license -EQ)

#check if the User already exists
$user = Get-AzureADUser -ObjectId $userPrincipalName
$user = $null
if($user -eq $null)
write-host “Creating User ” $account.DisplayName
#Create the User. -UsageLocation is important for the license attribution
$newUSer = New-AzureADUser -DisplayName $account.DisplayName -PasswordProfile $PasswordProfile -UserPrincipalName $userPrincipalName -AccountEnabled $true -MailNickName $account.MailNickname -UsageLocation DE
write-host “User Created ” $account.DisplayName -ForeGroundColor Green
write-host “User ” $userPrincipalName ” already exsitst. Trying assigning License”
if($licensesObj.AddLicenses.Count -ne 0)

#Set the license only if found
Set-AzureADUserLicense -ObjectId $userPrincipalName -AssignedLicenses $licensesObj
write-host “Licenses for User ” $userPrincipalName -ForeGroundColor Green


SharePoint Search crawler : Object was not found sps3

Today i ran into a problem while trying to crawl/index from the User Profile :

The start address sps3://…. cannot be crawled

The object was not found

sps3 is the protocol to crawl User Profile informations on SharePoint.

Possible reasons :

  • You are having a multi farm architecture and configured AAM : solution is to change the URL after sps3 to use the Url you configured on your DNS and AAM
  • You are using HTTPS : change sps3:// with sps3s://


If it helped you, please leave a comment.

SharePoint : Connection with Office Web Apps via SSL/HTTPS : new-spwopibinding the server did not respond

Office Web Apps, which is now Office Online Server, allows to display/edit Office documents(Word, Powerpoint, Excel…etc) on a Web Browser, which is advantageous when working with SharePoint, thus Users don’t have to switch from a Browser to Office App to see or to edit a document.

Today i faced a Problem that made me crazy while connecting SharePoint and Office Webapps(Office Server Online).

When i run the command

New-SPWOPIbinding -ServerName srv-apps

I got the error : “The Server does not respond, trying again”, if i add the parameter -AllowHttp it works though… but here i am trying to implement a HTTPS connection.

So here the steps that i followed to resolve the problem.

Office Server Online :

Before starting the Setup.exe from the Installation DVD, you should install those Windows-Feature prerequisites :

   Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,

Now you are ready to start the Setup.exe.

After the installation let’s configure our Office Server Online Farm :

New-OfficeWebAppsFarm -ExternalUrl “” -InternalURL “” -EditingEnabled -CertificateName “SharePoint Certificate”

3 important things :

  • The Url i chose was a subdomain of my sharepoint domain for the only reason that i wanted to use one single Certificate for both of them
  • ExternalURL and InternalURL are also the same : it was unfortunately the only solution i found to bypass the LoadBalancer problem
  • Of course don’t forget the DNS entry <-> Officer Server Online

Last step on the Office Online Server is to load the certificate on IIS :


SharePoint :

Now lets move on to SharePoint and it is quite easy, we first need to set a Property on the Farm’s Propertybag.

$farm = Get-SPFarm

$farm.Properties.Add(“WopiLegacySoapSupport”, “;)


Another step is to allow OAuth over HTTP

$config = (Get-SPSecurityTokenServiceConfig)

$config.AllowOaAuthOverHttp = $true


Next Step is to create the Binding

New-SPWOPIBinding -ServerName

Here it is important to give the FQDN that you used as internal URL, if you just use the server name you will get the error mentioned up.

and last but not Least set the Zone, you can use “internal-https” if your farm is only internally accessible, otherwise you should use “external-https”

Set-SPWOPIZone -zone “external-https”


Finally :

To test if it worked navigate to a SharePoint SiteCollection and you will notice that when you click on “+ new” inside a Library you will now get the Office Templates, instead of the Upload Pop-Up.

You will also be able to see the Document Preview and of course open the document in the Browser instead of getting it downloaded.

SharePoint – AAM : Alternate Access Mapping with HTTPS/SSL

When you install a new SharePoint Farm the default URL will be the name of the server, which is usually not beautiful(http://sp-srv, http://sharepoint…etc).

Today we will se how to configure the AAM with HTTPS.

Certificate :

I will not explain how to get the certificate in this article, you can also use a self signed one.

Once you have the .ptx Certificate you double click on it(on the SharePoint Frontend Server) and follow the Wizard to install it on the computer.


We need to extend the Bindings of the SharePoint Website on IIS.

  1. Select the SharePoint Website
  2. Click on Bindings
  3. Add a new binding with 443 port and https
  4. Select the Certificate(the Certificate should appear on the list after being installed, if not you can import it via IIS).


SharePoint :

It is not enough to install the certificate on the server, this one should be also uploaded to SharePoint.

Open the Central Administration and then click on “Manage Trust” under “Security” and then click on new :

If you get an error that SharePoint doesn’t support certificates with password, don’t panic, you can export a copy of the certificate, that doesn’t require passwords.

  1. open “Manage Computer Certificates” on the Server(where you installed your certificate).
  2. Navigate to “SharePoint”
  3. right click on the Certificate(not the root!)
  4. Under “All Tasks” click on Export
  5. Click on “Next”
  6. Choose “do not export the private key”
  7. Choose the first format “DER encoded binary X.509”
  8. Choose a location and voila

Alternate Access Mapping :

Last but not least we should tell SharePoint that he has now to respond to requests from the adjusted URL.

Central Administration -> Application Management -> Configure alternate access mappings -> Edit Public URLs

  1. Select the correct Webapplication
  2. On the zone “Internet” add the full url with https
  3. Save

Your AAM settings should look like this now