I
have worked with user accounts for a long time now and while working with the
default Active Directory GUI is very easy, I wanted more "POWER!" and
I’m talking PowerShell.
I first wrote this little script as a basic user copy at first. Three or four lines of code were all i was really comfortable to do. This really got my PowerShell juices flowing and i wanted more.
$Copied = Get-ADUser -Identity $user -Properties *
$parent = $Copied.DistinguishedName -replace $copied.Name -replace "cn=,",""
New-ADUser -SamAccountName $person.SamAccountName -GivenName $person.GivenName -Surname $person.Surname -DisplayName $person.Name -Name $person.Name -UserPrincipalName "$($person.SamAccountName)$UserPrincipalmail" -Company $Copied.Company -Department $Copied.Department -Manager $Copied.Manager -title $Copied.Title -Description $Copied.Description -Office $Copied.Office -scriptpath informationFITS.cmd
Then
i got into reading more into PowerShell and saw how much power it really
has behind it. So i added the mailbox permissions copy and group
memberships. The first tricky part was getting just the names of the groups
back from the command. After i figured that out it kind of just fell into place
for me. I was hooked on what could be done with PowerShell.
$groups = (GET-ADUSER –Identity $user –Properties MemberOf).MemberOfforeach ($group in $groups) { Add-ADGroupMember -Identity $group -Members $person.SamAccountName}$count = $groups.count
Enable-Mailbox -Identity $person.SamAccountName -Database "Your Mail Database"Start-Sleep -s 10Set-Mailbox -Identity $person.SamAccountName -IssueWarningQuota 104857600 -ProhibitSendQuota 157286400 -ProhibitSendReceiveQuota 209715200 -UseDatabaseQuotaDefaults $false
So here it is folks the final result of my first ever PowerShell script.
################################################ Import AD snap-in ####################################################
Import-Module ActiveDirectory
######################################## Import the Exchange 2010 snap-in #############################################
if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null) {
Write-Verbose "Exchange 2010 snapin is not loaded. Loading it now."
try { Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010; Write-Verbose "Loaded Exchange 2010 snapin" }
catch { Write-Error "Could not load Exchange 2010 snapins!"; }
}
############################################## Countdown timer fuction ################################################
#put user to copy Username Here
$user = "Copied Username here"
# Imports user info from CSV file
$info = Import-Csv "Your CSV location here"
# Place your AD Ending for its Principal
$UserPrincipalmail = "@yourcompany.com"
foreach ($person in $info){
# Sets the users name for Output
$bigname = $person.Name
# Gets all of the users info to be copied to the new account
$Copied = Get-ADUser -Identity $user -Properties *
$parent = $Copied.DistinguishedName -replace $copied.Name -replace "cn=,",""
# Creates the user from the copied properties
New-ADUser -SamAccountName $person.SamAccountName -GivenName $person.GivenName -Surname $person.Surname -DisplayName $person.Name -Name $person.Name -UserPrincipalName "$($person.SamAccountName)$UserPrincipalmail" -Company $Copied.Company -Department $Copied.Department -Manager $Copied.Manager -title $Copied.Title -Description $Copied.Description -Office $Copied.Office -scriptpath informationFITS.cmd
# lets you know the account was created successfully
"$bigName Created Successfully"
# Moves the user from the default Users OU to its
dsmove "CN=$($person.name),OU=Sales,DC=Yourcompany,DC=Com" -newparent $parent
# Sets the Default password that the user will login with then change
Set-ADAccountPassword -Identity $person.SamAccountName -reset -NewPassword (ConvertTo-SecureString -AsPlainText "ABCD@1234" -Force)
# lets you know the password has been set
"$bigName Passowrd Set"
Start-Sleep -s 10
# Sets it so the new user will have to change the password upon logging in
Set-ADUser -Identity $person.SamAccountName -Enabled $TRUE -ChangePasswordAtLogon $true
# gets groups from the Copied user and populates the new user in them
$groups = (GET-ADUSER –Identity $user –Properties MemberOf).MemberOf
foreach ($group in $groups) {
Add-ADGroupMember -Identity $group -Members $person.SamAccountName
}
$count = $groups.count
"$bigName Added to $count Groups"
# Creates the New users mailbox with the mailbox quotas 100MB,150MB,200MB
Enable-Mailbox -Identity $person.SamAccountName -Database "Your Mail Database"
Start-Sleep -s 10
Set-Mailbox -Identity $person.SamAccountName -IssueWarningQuota 104857600 -ProhibitSendQuota 157286400 -ProhibitSendReceiveQuota 209715200 -UseDatabaseQuotaDefaults $false
"$bigName Mailbox Created"
# Gets the full access mailbox permissions of the copied user and applies them to the new user
$mailboxPerm = get-mailbox -ResultSize Unlimited | get-mailboxpermission -User $user
$mailboxes = 1..$mailboxPerm.count
$i = 0
while ($i -le $mailboxPerm.count-1) {
$mailboxes[$i] = $mailboxPerm[$i].Identity.Name
$i++
}
foreach ($Mailbox in $mailboxes) {
Add-MailboxPermission $mailbox -User $person.SamAccountName -AccessRights FullAccess
Set-Mailbox -GrantSendOnBehalfTo $person.SamAccountName -Identity $mailbox
}
# Copies the copied users script
pushd \\your\script\directory
copy "$($user).cmd" "$($person.SamAccountName).cmd"
popd
"$bigName Script Created"
}
No comments:
Post a Comment