I am trying to import users into AD using a CSV file, PowerShell, and Quest's AD CmdLets. When the users are added the UserPrincipleName is not added.
Here is a sample CSV:
FirstName,LastName,DisplayName,SamAccount,UserPrincipleName,Email
FirstA,LastA,"First Last",FLastAL.ou1,FLastAL.ou1#clients.domain.local,FLastA#outemail.com
First2A,Last2A,"First2 Last",FLast2AL.ou1,FLast2AL.ou1#clients.domain.local,FLast2A#outemail.com
Here is the PowerShell snippit:
$Users = Import-Csv $UserFile
foreach ($User in $Users)
{
New-QADUser -FirstName $User.FirstName -LastName $User.LastName -DisplayName $User.DisplayName -SamAccountName $User.SamAccount -Name $User.SamAccount -UserPrincipalName $User.UserPrincipalName -ParentContainer "OU=$OUName,OU=Customers,DC=clients,DC=domain,DC=local"
}
Also, is this maybe a better question for ServerFault now that it is live? I feel it is definitely in a gray area.
FWIW, I checked with the latest QAD release (v1.2) and it works.
I think the problem was the fact that we are using Exchange 2007 which does not use RUS. When I used the Exchange 2007 CmdLets to do the same thing everything is working correctly.
Related
Powershell novice here. I need a script to create bulk AD groups and set the email address for the group. We do not use exchange. I have not been able to find good examples when not using exchange.
$Example = get-content c:\temp\Example.txt
foreach($Example in $Example){
New-ADGroup -Name "$Example.###" -SamAccountName "$Example.###" -Email "$Example.####Anywhere.com" -ParentContainer "OU=THERE,OU=Organization,DC=HERE,DC=NET" -GroupType "Security" -GroupScope "Global"
}
New-AdGroup doesn't have a parameter Email. You will have to use
-OtherAttributes #{mail = "$Example.####Anywhere.com"}
PS. If the dot after the variable leads to problems, you can also format like
-OtherAttributes #{mail = ('{0}.####Anywhere.com' -f $Example)}
I have a script that allows people to create a new user from scratch or copying another user but for some reason it is not copying AD group memberships. Any help would be greatly appreciated.
I am getting the user information with this command which is working fine.
$userToCopy = Get-ADUser -identity $copyUsername -Properties Department, title, Company, MemberOf
Then I am asking questions to get updated info for the new user then creating the new use with this command and everything works but the group memberships do not copy over which I was expecting that using the $userToCopy as the -Instance would do.
New-ADUser -SamAccountName "$username" -Name "$fname $lname" -DisplayName "$fname $lname" -Surname "$lname" -GivenName "$fname" -userprincipalname "$fname.$lname#$domain" `
-AccountPassword $secPassword -ChangePasswordAtLogon $True -Office "$empID" -MobilePhone "$mobilePhone" -OfficePhone "$officePhone" -Title "$jobTitle" -department "$department" `
-ProfilePath "" -Path "$OUDN" -Instance $userToCopy -Credential $UserCredential -Server "BOM.chris.domain" -Enabled $True -Company "Chris"
This issue makes sense and then again it doesn't. Since ADUC supports copying groups from another account, it would seem like the same feature would be available with New-ADUser -Instance. However, New-ADUser does not seem to support updating group membership with any of its parameters. I can only guess, but I imagine this is because MemberOf is a calculated property rather than a direct attribute defined by the schema. You could do the following though with one line of code after creating the user.
Add-ADPrincipalGroupMembership -Identity $username -MemberOf $UserToCopy.MemberOf -Server "BOM.chris.domain"
The code above without -Identity $username could be piped into after the New-ADUser command provided you add the -Passthru switch to New-ADUser.
I am using the following powershell code for creating new mailboxes in my organization.
$users = Import-CSV C:\mailboxes.csv
$users| foreach {
$Password = convertto-securestring $_.password -asplaintext -force
new-mailbox -name $_.name -alias $_.alias -FirstName $_.Firstname -LastName $_.Lastname -userPrincipalName $_.userPrincipalName -PrimarySmtpAddress $_.PrimarySmtpAddress -Database $_.database -RetentionPolicy "b3a83dc4-e471-4d05-b357-25535aa027af" -OrganizationalUnit $_.OrganizationalUnit -Password $Password –ResetPasswordOnNextLogon:$false
}
Is there a way to insert a static text/value to this "zip code" and "po box" boxes, on the new active directory user, created along with this mailboxes?
for example , zip code should contain: "0101010101" and P.O Box should contain "000"
Your assistance is most appreciated
One option is to use Set-ADUser from the ActiveDirectory module. At the beginning of your script (before any loops), you can run the following if you have the module available to your current session.
Import-Module ActiveDirectory
After your New-Mailbox command, you can add the Set-ADUser command:
Set-ADUser -Filter "UserPrincipalName -eq '$($_.userprincipalname)'" -PostalCode "01010101" -POBox "000"
Sometimes AD replication can cause inconsistencies with multiple commands against AD objects. To get around that, you would typically use the -Server parameter to consistently target a domain controller that will see all of your read and write operations. The alternative (a slower one) is to run the AD user modifications after all of the mailboxes have been created and data has replicated to the AD Site you would be targeting.
AdminOfThings - Thanks for your reply.
So tell me,
Considering your last comment about the AD User modification conflict that i might occur,
i`m thinking some sort of "time delay" code might resolve such issues.
would it be logical to add something like "Start-Sleep" command to add a delay between
the "new-mailbox" and "Set-ADUser" commands as you suggested?
if so can you...write down how my script should like exactly, adding all things together please?
Thanks.
Firstly, I'm by no means a PS expert, total newbie - admission done. I have scoured the internet for what I need in order to get the script to do what I want, but I've reached a point where I'm struggling and in need of help.
Basically, I've created a script using ISE that grabs the users in an AD OU, processes them by disabling the accounts, renaming them, stripping out the groups and moving them to another folder. In order to automate the deactivation process for users. But I now need to create a log file every time this runs, to show a) if it found any Users in the original OU (ToBeProcessed) and b) what processes were run and if they were successful. Here is the code.
$OUToBeProcessed = "OU=ToBeProcessed,OU=Users,OU=World,DC=local"
$OURetired = "OU=RetiredUsers,OU=Users,OU=World,DC=local"
$Users = Get-ADUser -SearchBase $OUToBeProcessed -Filter 'name -Like "*"' -Properties MemberOf
ForEach($User in $Users){
$SAN = $User.SamAccountName
#Disable user account
Disable-ADAccount -Identity $SAN
#Remove membership from groups for user
$User.Memberof | Remove-ADGroupMember -Member $User -Confirm:$False
$NewDN = "zzz_" + $User.Name
#Change display name
set-aduser $User -Displayname $newDN -ErrorAction SilentlyContinue
#Change distinguished name
Get-ADUser $SAN | Rename-ADObject -Newname $NewDN
Write-Host "$SAN may already exist."
#Move account to RetiredUsers
Get-Aduser $SAN | Move-ADObject -TargetPath $OURetired
}
I'm assuming I'll need to either use a Write-Output or Log-File cmdlet, though someone had also suggested Transcript, but I don't think that's what I need.
I've tried a number of ways to incorporate the Write-Output into the script, it runs without errors, but no text file is produced. But I'm placing it within the loop which may be the issue. I've placed it outside the loop but I think because it's not being passed anything it's creating the file with nothing in it. Would really appreciate some help as to where the Write-Output might need to go if that is the right cmdlet.
Personally I tend to add a Log function to my scripts. Something like this (where I output to the host and file):
Function Log {
Param (
[Parameter(Mandatory=$true)] [string] $String,
[Parameter(Mandatory=$true)] [string] $LogFilePath,
[Parameter(Mandatory=$false)][ValidateSet("ERROR","WARN","INFO","DEBUG")] [string] $Level = "INFO"
)
$LogString = ((Get-Date -Format "s") +" $Level $env:USERNAME $String")
Write-Host $LogString
Out-File -Append -FilePath $LogFilePath -InputObject $LogString
}
Then you could do logging:
Log "Something wrong!" "c:\mylog.log" "WARN"
Log "Updated stuff" "c:\mylog.log"
Or search the http://www.powershellgallery.com/ for logging modules.
Example (haven't tried this one myself):
https://www.powershellgallery.com/packages/PSLogging/2.5.2
I am a kind of a newbie in Powershell yet, can someone please tell me how i can create a loop (purpose is to add the info to all the people (usernames) in the .CSV list)
This is what i got now, tryed many things but still no good..
Import-Module ActiveDirectory
$username = Import-Csv c:\user.csv
Set-ADuser -Identity $Username -Company "Company name"
Try a foreach loop.
Example:
foreach($user in $username)
{
//some action for example
Set-ADuser -Identity $user -Company "A Company"
}
Reference:
http://www.powershellpro.com/powershell-tutorial-introduction/logic-using-loops/
I'd also recommend adding some sort of logging (using either add-content or write-host) to track the progress of the script, if the file has a lot of entries.
regards
Arcass