随着Office 365 在中国的迅速普及,越来越多的公司开始使用Office 365及相关服务。能够熟练使用并管理Office 365 就成为广大公司IT管理员的一个必备技能。
今天我们就来介绍一种较为安全便捷的方式的连接Office 365 Online,即在PowerShell界面,通过加密用户名和密码的方式连接Office 365 Online。那我们使用PowerShell对Office 365 Online进行远程管理,有如下优点:
- Office 365 拥有仅可使用 Office 365 PowerShell 配置的功能
- Office 365 PowerShell 善于执行批量操作
- Office 365 PowerShell 善于筛选数据
- Office 365 PowerShell 方便打印或保存数据
- Office 365 PowerShell 支持跨服务器产品管理
- Office 365 PowerShell 会显示无法通过 Microsoft 365 管理中心看到的其他信息
在连接过程中,如果用户名和密码以明文形式输入,就会带来安全风险。如果采用以下PowerShell脚本就可以避免这个缺点:预先定义两个函数,分别用于加密和解密字符串;然后检查本地是否存在已经加密的用户名和密码文件,如果没有,提示用户输入用户名和密码,并将其以密文形式存到本地;最后,读取本地加密的用户名和密码,并将其解密,用于远程连接Office 365 Online。
脚本代码分为以下三个部分介绍给大家。
第一部分,定义加密和解密的函数。
# This function is to encrypt a string.
function Encrypt-String($String, $Passphrase, $salt="SaltCrypto", $init="IV_Password", [switch]$arrayOutput)
{
$r = new-Object System.Security.Cryptography.RijndaelManaged
$pass = [Text.Encoding]::UTF8.GetBytes($Passphrase)
$salt = [Text.Encoding]::UTF8.GetBytes($salt)
$r.Key = (new-Object `
Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32)
$r.IV = (new-Object `
Security.Cryptography.SHA1Managed).ComputeHash `
[Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$c = $r.CreateEncryptor()
$ms = new-Object IO.MemoryStream
$cs = new-Object Security.Cryptography.CryptoStream $ms,$c,"Write"
$sw = new-Object IO.StreamWriter $cs
$sw.Write($String)
$sw.Close()
$cs.Close()
$ms.Close()
$r.Clear()
[byte[]]$result = $ms.ToArray()
return [Convert]::ToBase64String($result)
}
# This function is to de-encrypt a string.
function Decrypt-String($Encrypted, $Passphrase, $salt="SaltCrypto", $init="IV_Password")
{
if($Encrypted -is [string]){
$Encrypted = [Convert]::FromBase64String($Encrypted)
}
$r = new-Object System.Security.Cryptography.RijndaelManaged
$pass = [Text.Encoding]::UTF8.GetBytes($Passphrase)
$salt = [Text.Encoding]::UTF8.GetBytes($salt)
$r.Key = (new-Object Security.Cryptography.PasswordDeriveBytes `
$pass, $salt, "SHA1", 5).GetBytes(32)
$r.IV = (new-Object `
Security.Cryptography.SHA1Managed).ComputeHash `
( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$d = $r.CreateDecryptor()
$ms = new-Object IO.MemoryStream @(,$Encrypted)
$cs = new-Object Security.Cryptography.CryptoStream $ms,$d,"Read"
$sr = new-Object IO.StreamReader $cs
Write-Output $sr.ReadToEnd()
$sr.Close()
$cs.Close()
$ms.Close()
$r.Clear()
}
Clear-Host
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
第二部分,从本地的文本文件中读取加密的Office 365用户名和密码。只第一次需要手工输入用户名和密码,然后将加密的用户名和密码以密文形式存储到本地磁盘。此后无需输入。
#Try to read the encrypted user name and password from the specific path, if there are, read and de-encrypt them. If there are not, prompt for input and encrypt them.
$uencrypted = Get-Content -ErrorAction SilentlyContinue -Path 'C:\$Home\Desktop\Username.txt'
$pencrypted = Get-Content -ErrorAction SilentlyContinue -Path 'C:\$Home\Desktop\password.txt'
If ($null -ne $uencrypted -and $null -ne $pencrypted)
{
$udecrypted = Decrypt-String $uencrypted "U_MyStrongPassword"
$pdecrypted = Decrypt-String $pencrypted "P_MyStrongPassword"
$pdecrypted = ConvertTo-SecureString $pdecrypted -AsPlainText -Force
}
Else
{
$ustring = read-host "Please Enter Office 365 User name"
$pstring = read-host "Please Enter Office 365 User Password"
$uencrypted = Encrypt-String $ustring "U_MyStrongPassword"
$uencrypted | Out-File "$HOME\Desktop\Username.txt"
write-host "Store the encrypted Username successfully!"
$pencrypted = Encrypt-String $pstring "P_MyStrongPassword"
$pencrypted | Out-File "$HOME\Desktop\password.txt"
write-host "Store the encrypted password successfully!"
$udecrypted = Decrypt-String $uencrypted "U_MyStrongPassword"
$pdecrypted = Decrypt-String $pencrypted "P_MyStrongPassword"
$pdecrypted = ConvertTo-SecureString $pdecrypted -AsPlainText -Force
}
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
第三部分,连接Office 365 Online。 执行以下命令后,就可以在PowerShell下,远程管理Office 365 Exchange Online了。
#Connect to Office 365 online or Azure
$LiveCred = New-Object System.Management.Automation.PSCredential $udecrypted, $pdecrypted
$Session = New-PSSession -ConfigurationName Microsoft.Exchange `
-ConnectionUri https://partner.outlook.cn/powershell -Credential $LiveCred `
-Authentication Basic –AllowRedirection -ErrorAction Stop `
-Name "$($Credential.UserName)"
Import-PSSession $Session
Connect-MsolService –Credential $LiveCred -AzureEnvironment AzureChinaCloud
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
注意:执行最后一个命令,需要预先安装Microsoft Online Services Sign-In Assistant。安装方法可自行百度,本篇不做介绍。
