365 Powershell Load User Info - powershell

I'm new to Exchange 365 and Powershell. I have user information that I want to add and am trying to use the Powershell code below. However, it errors out on me. Thoughts?
Here is the code:
$input=Import-Csv D:\Users.csv
foreach($line in $input)
{
Set-MsolUser -UserPrincipalName $line.UserPrincipalName -Title $line.Title -City $line.City -Country $line.Country -Department $line.Department -Fax $line.Fax -MobilePhone $line.MobilePhone -Office $line.Office -PhoneNumber $line.PhoneNumber -PostalCode $line.PostalCode -State $line.State -StreetAddress $line.StreetAddress
}
The error I get is attached says: method invocation failed because system object doesn't contain a method Foreach.

Try pipelining the CSV directly like Matt's suggestion:
Import-Csv D:\Users.csv | ForEach-Object{Set-MsolUser -UserPrincipalName $_.UserPrincipalName -Title $_.Title -City $_.City -Country $_.Country -Department $_.Department -Fax $_.Fax -MobilePhone $_.MobilePhone -Office $_.Office -PhoneNumber $_.PhoneNumber -PostalCode $_.PostalCode -State $_.State -StreetAddress $_.StreetAddress}

Related

Powershell Instance Parameter

I am automating the creation of user accounts in our Windows AD. I am trying to copy the permissions from one account to another,(like you would if you right click and copied a user inside of the "Active Directory Users and Computers" application) but when using the cmdlet 'New AD-User' and passing in a variable to the 'instance' parameter, it does nothing different than if I do not pass the variable at all.
This is what I am using to obtain the $userInstance variable:
$userInstance = Get-ADUser -Identity $department User
This is the code I am using to create a new user:
New-ADUser `
-SamAccountName $userName `
-UserPrincipalName "$userName#123.COM" `
-Name "$firstName $lastName" `
-GivenName $firstName `
-Surname $lastName `
-Enabled $true `
-DisplayName "$firstName $lastName" `
-City $city `
-PostalCode $zip `
-Company $company `
-State $state `
-EmailAddress $email `
-Department $department `
-Instance $userInstance `
-AccountPassword (ConvertTo-SecureString "1234" -AsPlainText -Force)
When I run this command, it does the same exact thing as if I ran this command without the instance parameter.
New-ADUser `
-SamAccountName $userName `
-UserPrincipalName "$userName#123.COM" `
-Name "$firstName $lastName" `
-GivenName $firstName `
-Surname $lastName `
-Enabled $true `
-DisplayName "$firstName $lastName" `
-City $city `
-PostalCode $zip `
-Company $company `
-State $state `
-EmailAddress $email `
-Department $department `
-AccountPassword (ConvertTo-SecureString "1234" -AsPlainText -Force)
Am I missing something? I do not understand what the 'instance' parameter is supposed to be doing if it only copies certain attributes that are easily obtainable(state, company, city). Is there something out there that actually copies a template account or do I need to write a loop that goes through every single attribute, permission, and group in the template account that provides some sort of meaning to my organization and assign them manually?
What exactly do you mean by "permission"?
Permissions on resources are set based on the objectSid of a user. Since this is unique to every user you can never "copy" them (and related permissions) to a new user.
Group memberships are stored on groups not on users. The memberOf attribute is just a "backLink" so this won't be copied neither.
Group membership needs to be added in a separate step, e.g. by using
Add-ADGroupMember
cmdlet in PowerShell...
"Permissions" might not have been the word I was looking for necessarily. I wanted to create the user and assign them the same groups and directory location as a previous User. I was able to add group membership to my new users by using the method stated by #Oliver Hauck earlier
Add-ADGroupMember
This aided me in my findings, but what I desired was to not have to write long, repetitive switch code for each new employee type, along with their groups, we could onboard. In hopes that someone sees this and doesn't feel intrigued in writing super long, boring switch code, I wanted to share how I achieved this if it helps anyone else in the future. I still obtained the $userInstance variable in the same way, but adding the -Property parameter defined to MemberOf
$userInstance = Get-ADUser -Identity $department User -Properties MemberOf
I then used the $userInstance variable to obtain the properties I needed from it (Groups to copy, Directory Path)
//Obtains the Path from the copied User, without their common name (CN) attached
$path = $userInstance.DistinguishedName.split(",",2)[-1]
I still created the new user with the same command as above but added the -Path parameter to assign the directory path to the New-ADUser cmd
New-ADUser `
-SamAccountName $userName `
-UserPrincipalName "$userName#123.COM" `
-Name "$firstName $lastName" `
-GivenName $firstName `
-Surname $lastName `
-Enabled $true `
-DisplayName "$firstName $lastName" `
-City $city `
-PostalCode $zip `
-Company $company `
-State $state `
-Path $path `
-EmailAddress $email `
-Department $department `
-AccountPassword (ConvertTo-SecureString "1234" -AsPlainText -Force)
And here is how I obtained and assigned the Group Membership to the New User
//Obtains the groups to be copied from the existing User
$refGroups = $userInstance.MemberOf
//Adds AD Group Membership to User
$refGroups | Add-ADGroupMember -Members $userName

New-QADUser : A parameter cannot be found that matches parameter name 'proxyAddresses'

I created a script for bulk user creation in AD and it works correctly:
Import-CSV C:\Users\NewUsers.csv |
ForEach-Object {
New-QADUser -Name $_.Name -FirstName $_.FirstName -LastName $_.LastName -Office $_.Office -Title $_.Title -Description $_.Description -Department $_.Department -Company $_.Company -City $_.City -StateOrProvince $_.State -UserPassword $_.UserPassword -SamAccountName $_.SamAccountName -UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName -ParentContainer $_.ParentContainer -mail $_.mail -manager $_.manager
}
But I want another thing.
Apart from creating a user with those parameters I want to also get the following:
proxyAddresses
targetAddress
extensionAttribute1
extensionAttribute3
But when running the script adding those parameters it gives me an error:
Import-CSV C:\Users\NewUsers.csv |
ForEach-Object {
New-QADUser -Name $_.Name -FirstName $_.FirstName -LastName $_.LastName -Office $_.Office -Title $_.Title -Description $_.Description -Department $_.Department -Company $_.Company -City $_.City -StateOrProvince $_.State -UserPassword $_.UserPassword -SamAccountName $_.SamAccountName -UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName -ParentContainer $_.ParentContainer -mail $_.mail -manager $_.manager -proxyAddresses $_.proxyAddresses -targetAddress $_.targetAddress -extensionAttribute1$_. extensionAttribute1 -extensionAttribute3 $_.extensionAttribute3
}
The error is:
[PS] C:\Users\Prueba>.\NewUsers.ps1 New-QADUser : A parameter cannot
be found that matches parameter name 'proxyAddresses'. At
C:\Users\Prueba\NewUsers.ps1:1 char:505
+ ... ger $.manager -proxyAddresses $.proxyAddresses -targetAddress $_.targetAddress ...
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-QADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.NewUserCmdlet
How can I solve this issue?
Looks from your error like there is no specific ProxyAddresses parameter switch, there isn't one for the native PS New-AdUser command either, but this works:
New-AdUser -Name $name -OtherSettings #{
'proxyAddresses' = $myproxyaddresses
}

Encoding limit exceeded

I have a pretty lengthy script that takes either user input or data from a .csv file to create AD accounts. Not all the time, but sometimes I receive the following error while running it:
New-ADUser : The server has returned the following error: encoding limit exceeded.
Is there a limit on the amount of variables I can use? Because I do have quite a few.. here's what the sample code looks like where it sometimes get stuck:
If($GuardAccount){
If($Clone){
If($Attribute6){
$newuser = New-ADUser -SamAccountName $Username -Enabled $true -Name $DisplayName -Path $Path -AccountPassword $Password `
-GivenName $FirstName -Surname $LastName -Initials $Initials -DisplayName $DisplayName -City $City `
-Company $Company -Department $Department -Country $Country -State $State `
-StreetAddress $Street -PostalCode $Postal -OfficePhone $Telephone -Fax $Fax -Description $Description `
-Title $Title -Office $Office -Instance $Cloneuser -UserPrincipalName "$Username#business.com" -PassThru `
-OtherAttributes #{
'extensionattribute6'=$Attribute6;
}
...
So what does encoding limit exceeded mean? Is there any way around it?
I've tried googling for answers but there doesn't seem to be much info on this error.

How to add user in a Active directory Group using powershell

The code I have used to create user is:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++)
{
$userID = “{0:0000}” -f ($userIndex + 1)
$userName = “Super.admin$userID”
Write-Host “Creating user” ($userIndex + 1) “of” $total “:” $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString “admin#123” -AsPlainText -Force) `
-City “City” `
-Company “Company” `
-Country “US” `
-Department “Department” `
-Description (“TEST ACCOUNT ” + $userID + “: This user account does not represent a real user and is meant for test purposes only”)`
-DisplayName “Test User ($userID)” `
-Division “Division” `
-EmailAddress “$userName#DESMOSEDICI.local” `
-EmployeeNumber “$userID” `
-EmployeeID “ISED$userID” `
-Enabled $true `
-Fax “703-555-$userID” `
-GivenName “Test” `
-HomePhone “703-556-$userID” `
-Initials “TU$userID” `
-MobilePhone “703-557-$userID” `
-Name “Super.Admin ($userID)” `
-Office “Office: $userID”`
-OfficePhone “703-558-$userID” `
-Organization “Organization” `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox “PO Box $userID”`
-PostalCode $userID `
-SamAccountName $userName `
-State “VA – Virginia” `
-StreetAddress “$userID Any Street” `
-Surname “User ($userID)” `
-Title “Title” `
-UserPrincipalName “$userName#Domain.com“
}
Under my business unit group HR is created. How can I add a user in this group or create the users and assign the HR group to the users using the above script?
I tried to change the -Path
-Path "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com"
But it is not working.
Path is the Organizational Unit (or Container) the account will be created in. It has nothing to do with Group membership.
Use:
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
Edit: This shows the command in the context of your script:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++) {
$userID = "{0:0000}" -f ($userIndex + 1)
$userName = "Super.admin$userID"
Write-Host "Creating user" ($userIndex + 1) "of" $total ":" $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString "admin#123" -AsPlainText -Force) `
-City "City" `
-Company "Company" `
-Country "US" `
-Department "Department" `
-Description ("TEST ACCOUNT " + $userID + ": This user account does not represent a real user and is meant for test purposes only")`
-DisplayName "Test User ($userID)" `
-Division "Division" `
-EmailAddress "$userName#DESMOSEDICI.local" `
-EmployeeNumber "$userID" `
-EmployeeID "ISED$userID" `
-Enabled $true `
-Fax "703-555-$userID" `
-GivenName "Test" `
-HomePhone "703-556-$userID" `
-Initials "TU$userID" `
-MobilePhone "703-557-$userID" `
-Name "Super.Admin ($userID)" `
-Office "Office: $userID"`
-OfficePhone "703-558-$userID" `
-Organization "Organization" `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox "PO Box $userID"`
-PostalCode $userID `
-SamAccountName $userName `
-State "VA – Virginia" `
-StreetAddress "$userID Any Street" `
-Surname "User ($userID)" `
-Title "Title" `
-UserPrincipalName "$userName#Domain.com"
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
}
If you are receiving errors from New-ADUser something is wrong with your existing script, the new command is entirely separate and must fall after New-ADUser has done its job.

Powershell new-aduser attribute was not in the acceptable range

I'm having an issue with the following Powershell script. It is
a value for the attribute was not in the acceptable range of values Line 1 char 59
Import-Csv .\tableofusers.csv | foreach-object {New-ADUser -Path "ou=ou,dc=dc" -SamAccountName $_.SamAccountName -Name $_.name -DisplayName $_.name -GivenName $_.gn -SurName $_.sn -StreetAddress $_.SA -city $_.city -state $_.state -PostalCode $_.PostalCode -Country $_.Country -officephone $_.officephone -emailaddress $_.emailaddress -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -force) -enabled $true -PasswordNeverExpires $false -Passthru}
I have been over it many times I cannot see the issue in or arround on character 59
any help would be welcome
it was country that was the problem, it took a bit but I was able to comment out most of the block until I found that $_.Country did not work
Your piped variable token is wrong, it should be $_ rather than $ ie:
Import-Csv .\tableofusers.csv | foreach-object {New-ADUser -Path "ou=ou,dc=dc" -SamAccountName $_.SamAccountName -Name $_.name -DisplayName $_.name -GivenName $_.gn -SurName $_.sn -StreetAddress $_.SA -city $_.city -state $_.state -PostalCode $_.PostalCode -Country $_.Country -officephone $_.officephone -emailaddress $_.emailaddress -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -force) -enabled $true -PasswordNeverExpires $false -Passthru}
This should do the trick.
At a guess the value given to -country in the CSV file was something like United Kingdom instead of the code for the country which is GB.
You can look up a country code by setting the country/region in AD on the address page using the drop down list. Then whilst you have Advanced Features turned on (View>Advanced Features) open the user and on the Attribute Editor tab look look for the value of attribute c to see the code for the country you've set. Put that country code into the CSV file and it should work.
In my case it was using initials with more than 6 characters. Using dots between the initials means that > 6 is already reached when the initials are "A.B.C."