You sometimes need some (or even many) test user objects in Active Directory.
This script helps you create any number of test users in your Active Directory domain, which you can easily enable for on-premises or remote mailboxes afterward.
# Number of user accounts to create $UserCount = 5 $RandomPassword = $true $DefaultPassword = 'Pa55w.rd' # User name prefix # New user object will be named TestUser1, TestUser2, ... $TestUserPrefix = 'TestUser' # User object properties $GivenName = 'Test' $Surname = 'User' $Company = 'Varunagroup' $JobTitle = @('Junior Consultant','Senior Consultant','Technical Consultant','Business Consultant') $PreferredLanguage = 'de-DE' # Name of the new organizational unit for test user object $TestOU = 'Test User' # Target OU path where the script creates the new OU $TargetOU = 'OU=IT,dc=varunagroup,dc=de' # Import Active Directory PowerShell Module Import-Module -Name ActiveDirectory # Build OU Path $UserOUPath = ("OU={0},{1}" -f $TestOU, $TargetOU) # Check if OU exists $OUExists = $false try { $OUExists = [adsi]::Exists("LDAP://$UserOUPath") } catch { $OUExists =$true } if(-not $OUExists) { # Create new organizational unit for test users New-ADOrganizationalUnit -Name $TestOU -Path $TargetOU -ProtectedFromAccidentalDeletion:$false -Confirm:$false } else { Write-Warning ('OU {0} exists please delete the OU and user objects manually, before running this script.' -f $UserOUPath) Exit } Write-Output ("Creating {0} user object in {1}" -f $UserCount, $UserOUPath) # Create new user objects 1..$UserCount | ForEach-Object { # Get a random number for selecting a job title $random = Get-Random -Minimum 0 -Maximum (($JobTitle | Measure-Object). Count - 1) # Set user password if($RandomPassword) { # Create a random password $UserPassword = ConvertTo-SecureString -String (-join ((33..93) + (97..125) | Get-Random -Count 25 | % {[char]$_})) -AsPlainText -Force } else { # Use a fixed password $UserPassword = ConvertTo-SecureString -String $DefaultPassword -AsPlainText -Force } # Create a new user object # Adjust user name template and other attributes as needed New-ADUser -Name ("{0}{1}" -f $TestUserPrefix, $_) ` -DisplayName ("{0} {1}" -f $TestUserPrefix, $_) ` -GivenName $GivenName ` -Surname ("$Surname{0}" -f $_) ` -OtherAttributes @{title=$JobTitle[$random];company=$Company;preferredLanguage=$PreferredLanguage} ` -Path $UserOUPath ` -AccountPassword $UserPassword ` -Enabled:$True ` -Confirm:$false }
Use your on-premises Exchange Management Shell to enable all test users with an on-premises mailbox.
$UserOU = 'OU=Test User,OU=IT,dc=varunagroup,dc=de' Get-User -OrganizationalUnit $UserOU | Enable-Mailbox -Confirm:$false
Use your on-premises Exchange Management Shell to enable all test users with a new remote mailbox in Exchange Online. Do not forget to change the tenant name of the remote routing address.
Get-User -OrganizationalUnit 'OU=Test User,OU=IT,dc=varunagroup,dc=de' | %{Enable-RemoteMailbox -Identity $_ -Confirm:$false -RemoteRoutingAddress "$($_.SamAccountName)@TENANT.mail.onmicrosoft.com"}
You find the most recent version of the script at GitHub.
Enjoy.
Sometimes you might be interested in gathering a list of all computer from an Active Directory domain in preparation for migration.
You can gather a list of all computer objects using the following command.
# Fetch a sorted list of all computer objects Get-ADComputer -Filter * -Property * | Sort-Object Name
The wildcard used with the Property parameter fetches all available attributes for a computer object. Check the available attributes in the result set to identify the attributes you are interested in.
# Example output for the first computer object gathered from Active Directory (Get-ADComputer -Filter * -Property * | Sort-Object Name)[0] AccountExpirationDate : accountExpires : 9223372036854775807 AccountLockoutTime : AccountNotDelegated : False AllowReversiblePasswordEncryption : False BadLogonCount : 0 badPasswordTime : 0 badPwdCount : 0 CannotChangePassword : False CanonicalName : DOMAIN.local/Computers/COMPUTER01 Certificates : {} CN : COMPUTER01 codePage : 0 CompoundIdentitySupported : {False} countryCode : 0 Created : 9/2/2013 3:01:13 PM createTimeStamp : 9/2/2013 3:01:13 PM Deleted : Description : DisplayName : DistinguishedName : CN=COMPUTER01,CN=Computers,DC=DOMAIN,DC=local DNSHostName : COMPUTER01.DOMAIN.local DoesNotRequirePreAuth : False dSCorePropagationData : {12/31/1600 7:00:00 PM} Enabled : True HomedirRequired : False HomePage : instanceType : 4 IPv4Address : IPv6Address : isCriticalSystemObject : False isDeleted : KerberosEncryptionType : {RC4, AES128, AES256} LastBadPasswordAttempt : LastKnownParent : lastLogoff : 0 lastLogon : 130942520427754509 LastLogonDate : 12/10/2015 3:02:53 PM lastLogonTimestamp : 130942513734007331 localPolicyFlags : 0 Location : LockedOut : False logonCount : 194 ManagedBy : MemberOf : {} MNSLogonAccount : False Modified : 12/10/2015 3:02:53 PM modifyTimeStamp : 12/10/2015 3:02:53 PM msDS-SupportedEncryptionTypes : 28 msDS-User-Account-Control-Computed : 0 Name : COMPUTER01 nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity ObjectCategory : CN=Computer,CN=Schema,CN=Configuration,DC=DOMAIN,DC=local ObjectClass : computer ObjectGUID : da59afcc-e00a-430b-9cbc-01adeed568f3 objectSid : S-1-5-21-3143343262-845931634-422089675-1179 OperatingSystem : Windows 7 Professional OperatingSystemHotfix : OperatingSystemServicePack : Service Pack 1 OperatingSystemVersion : 6.1 (7601) PasswordExpired : False PasswordLastSet : 12/2/2014 7:21:09 AM PasswordNeverExpires : False PasswordNotRequired : False PrimaryGroup : CN=Domain Computers,CN=Users,DC=DOMAIN,DC=local primaryGroupID : 515 PrincipalsAllowedToDelegateToAccount : {} ProtectedFromAccidentalDeletion : False pwdLastSet : 130619964697110685 SamAccountName : COMPUTER01$ sAMAccountType : 805306369 sDRightsEffective : 15 ServiceAccount : {} servicePrincipalName : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} ServicePrincipalNames : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} SID : S-1-5-21-3143343262-845931634-422089675-1179 SIDHistory : {} TrustedForDelegation : False TrustedToAuthForDelegation : False UseDESKeyOnly : False userAccountControl : 4096 userCertificate : {} UserPrincipalName : uSNChanged : 1721509 uSNCreated : 45981 whenChanged : 12/10/2015 3:02:53 PM whenCreated : 9/2/2013 3:01:13 PM
As a next step, you gather the selected information and
# Fetch data for an operating system overview, sorted by property Name only Get-ADComputer -Filter * -Property * | Sort-Object Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion # Fetch data for an operating system overview, sorted by property OperatingSystem first, then Name Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion
You can export the gathered information to a comma separated file easily using the Export-Csv cmdlet.
# Export the gathered and sorted information to a CSV file using a semicolon as the delimiter # Adjust the file path for the CSV file to fit your environment Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Path C:\SCRIPTS\ComputerOverview.csv -NoClobber -NoTypeInformation -Delimiter ';'
Enjoy!
The PowerShell script to set Client Access mailbox settings based on AD group membership has been updated.
The issue fixed had been registered as issue #1.
The new release version is v1.1.
When you run the following cmdlet to prepare Active Directory for the installation of an Exchange Server Cumulative Update (in this case CU17) you might encounter a System.UnauthorizedAccessException.
D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup Unhandled Exception: System.UnauthorizedAccessException: Access to the path 'C:\ Windows\Temp\ExchangeSetup\ExSetup.exe' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.SetAttributes(String path, FileAttributes fileAttributes) at Microsoft.Exchange.Setup.CommonBase.SetupHelper.DeleteDirectory(String pat h) at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.CopySetupBootstrapp erFiles() at Microsoft.Exchange.Bootstrapper.Setup.Setup.Run() at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.MainCore[T](String[ ] args) at Microsoft.Exchange.Bootstrapper.Setup.Setup.Main(String[] args)
There is a simple reason for the the System.UnauthorizedAccessException:
The required .NET Framework 4.6.2 had been installed just minutes before executing setup.exe. Preparation of the Active Directory schema ran without any issues. But when the /PrepareSchema call finished, the temporary folder in C:\Windows\Temp\ExchangeSetup could not be fully cleaned up, as mscorsvw.exe had an open file handle on ExSetup.exe.
Additionally, when you run Setup.exe and the folder C:\Windows\Temp\ExchangeSetup exists, the setup will not try to copy required installation files. Regardless if the folder files exists in the folder or not.
D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup Copying Files... File copy complete. Setup will now collect additional information needed for installation. Performing Microsoft Exchange Server Prerequisite Check Prerequisite Analysis COMPLETED Configuring Microsoft Exchange Server Organization Preparation COMPLETED The Exchange Server setup operation completed successfully.
Enjoy Exchange!
The PowerShell module GlobalFunctions got updated to Version 2.0. This module is used by some of my PowerShell scripts which utilize centralized logging.
The new release contains the first functions required for some upcoming scripts for managing on-boarding process for joiners and the off-boarding process for leavers for companies utilizing Office 365.
The New-RandomPassword functions is based on Simon Wahlin's script published here: https://gallery.technet.microsoft.com/scriptcenter/Generate-a-random-and-5c879ed5