That might be old new for some of you, I was, however thrown off a little bit.

I installed a new Git module as I was playing with GitHub and wanted to update check for updates and update files accordingly. I am specifically talking about the PowerShell Cheat Sheets, which is an awesome collection. Anywho after loading the module, I was a little stumped how to get the info of the cmdlets in the module. I tried

help *git*

Which only resulted in 2-3 commands.

Well the answer is easy:

Get-Command -Module $module

This will give you all the cmdlets in a module. Pretty cool. :o)

First from CMD, that is pretty easy:

rundll32.exe user32.dll, LockWorkStation

Now, with PowerShell, it is about the same, we call the user32.dll, just it is a little more work to get that to work right:

$script:nativeMethods = @();
function Register-NativeMethod([string]$dll, [string]$methodSignature)
{
    $script:nativeMethods += [PSCustomObject]@{ Dll = $dll; Signature = $methodSignature; }
}
function Add-NativeMethods()
{
    $nativeMethodsCode = $script:nativeMethods | foreach { "
        [DllImport(`"$($_.Dll)`")]
        public static extern $($_.Signature);
    " }
 
    Add-Type @"
        using System;
        using System.Runtime.InteropServices;
        public static class NativeMethods {
            $nativeMethodsCode
        }
"@
}
 
Register-NativeMethod "user32.dll" "bool LockWorkStation()"
Add-NativeMethods
[NativeMethods]::LockWorkStation()

Credit for how to call DLLs from PowerShell goes to Danny.

Ever wished you could have multiple consoles and stuff open without carefully rearranging them and then the Windows dock features messes it up and yaddi yadda?

Well, I found a superb solution for that: ConEmu

The 2 most handy commands you’ll need:

# Split window horizontally:
powershell.exe -new_console:s

# Split window vertically:
powershell.exe -new_console:sV

^ That is needed to create the Windows as you want. From there you can use them as regular console Windows. So handy!

I found this pretty cool website with ‘music for programming’, go check them out.

So since I just wasted more time than I want to admit getting this figured out, I’ going to share here how to add  Group permissions. Googeling, there is not a whole lot of info about it out there and most sites even say it is not supported. There is unfortunately no ‘Get-SPOGroup’ cmdlet, so PowerShell does not help in this case. Ugg, Microsoft, I thought that was the whole point of PowerShell!? Well, you can get the needed info via GUI.

The problem:

We need to be able to access and manage the SharePoint and mainly the OneDrive for Business content for users. We can do that easily via GUI, but going to the

Sharepoint Admincenter -> User Profiles -> Type in a name -> Right-click on ‘Manage Site Collection Owners’ -> Add the ‘AD Admin Group’ 

Now, that is all fine and dandy, but we have thousands of users, so if doing the above thousands of times, does not sound too fun. We also don’t have an intern handy to do this…

Now, the really frustrating part is, that you can not do that easily via PowerShell either!?!

Set-SPOUser -Site $sitename -LoginName $secondaryadmin -IsSiteCollectionAdmin $true -Verbose

# Error:
Set-SPOUser : The user does not exist or is not unique.

Now the good news is, yes you can do it via PowerShell, the bad news is, to get the needed info, you can not use PowerShell, you have to do some diggin’ to get the SID form the Sharepoint Online GUI:

1. Navigate to the root of the sharepoint site: <pre class="lang:default decode:true">https://yoursite.sharepoint.com/

</pre>

1. Click on the gear/cog on the top right and click on  ‘Site settings‘
2. Under ‘Users and Permissions, click on ‘Site permissions’
3. In the top ribbon, click on ‘Check Permissions’
4. Type in the ‘AD ADMIN GROUP’ name and click on ‘Check Now’

On the bottom you’ll see a tiny line coming up, giving you the SID of the group

Permission levels given to AD ADMIN GROUP (c:0-.f|rolemanager|s-1-5-21-123123123-123123123-123123123-123123123)

The final PowerShell command to set the group permission for a single user is like so:

Set-SPOUser -Site 'https://yourdomain-my.sharepoint.com/personal/yourdomain' `
-LoginName 'c:0-.f|rolemanager|s-1-5-21-123123123-123123123-132123123-13123123' `
-IsSiteCollectionAdmin $true -Verbose

And the following script will iterate through all SPO users and assign the rights

# Specify your organization admin central url 
$AdminURI 	  = 'https://yourdomain-admin.sharepoint.com'
# Specify the User account for an Office 365 global admin in your organization
$AdminAccount = 'adadmingroup@yourdomain'
$AdminPass    = 'yoursupersecurepasswordmuahahah'

# Specify the secondary admin account and the url for the onedrive site
# This is the SID that we had to get with a lof of clickedy GUI work
$secondaryadmin = 'c:0-.f|rolemanager|s-1-5-21-123123123-123123123-123123123-123123123'
$siteURI   = 'https://yourdomain-my.sharepoint.com' 

$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SharePoint.Client')
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SharePoint.Client.Runtime')
$loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SharePoint.Client.UserProfiles')

$sstr           = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass      = ''
$creds          = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr)
$UserCredential = New-Object System.Management.Automation.PSCredential -argumentlist $AdminAccount, $sstr

# Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it
$proxyaddr          = "$AdminURI/_vti_bin/UserProfileService.asmx?wsdl"
$UserProfileService = New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
$UserProfileService.Credentials = $creds

# Set variables for authentication cookies
$strAuthCookie = $creds.GetAuthenticationCookie($AdminURI)
$uri           = New-Object System.Uri($AdminURI)
$container     = New-Object System.Net.CookieContainer
$container.SetCookies($uri, $strAuthCookie)
$UserProfileService.CookieContainer = $container

# Sets the first User profile, at index -1
$UserProfileResult = $UserProfileService.GetUserProfileByIndex(-1)
Write-Host 'Starting- This could take a while.'
$NumProfiles       = $UserProfileService.GetUserProfileCount()
$i = 1

Connect-SPOService -Url $AdminURI -Credential $UserCredential

# As long as the next User profile is NOT the one we started with (at -1)...
While ($UserProfileResult.NextValue -ne -1) 
{
  Write-Host "Examining profile $i of $NumProfiles"
  # Look for the Personal Space object in the User Profile and retrieve it 
  # (PersonalSpace is the name of the path to a user's OneDrive for Business site. Users who have not yet created a  
  # OneDrive for Business site might not have this property set.)
  $Prop = $UserProfileResult.UserProfile | Where-Object { $_.Name -eq 'PersonalSpace' } 
  $Url  = $Prop.Values[0].Value

  # If OneDrive is activated for the user, then set the secondary admin
  if ($Url) {
    $sitename = $siteURI + $Url
    write-verbose $sitename -Verbose
    Set-SPOUser -Site $sitename -LoginName $secondaryadmin -IsSiteCollectionAdmin $true -ErrorAction SilentlyContinue -Verbose
    Write-Host "Added secondary admin to the site $($sitename)" 
  }

  # And now we check the next profile the same way...
  $UserProfileResult = $UserProfileService.GetUserProfileByIndex($UserProfileResult.NextValue)
  $i++
}

Credit mainly goes to http://www.jijitechnologies.com for the iteration part.

I hope for you avid Googler who has to do the same, this will save you some time.