This script uses the Quest AD Cmdlets that can be downloaded free from Quest.
# Add the Quest commandlets if not added if(!(Get-PSSnapin | Where-Object {$_.name -eq "quest.activeroles.admanagement"})) { ADD-PSSnapin Quest.Activeroles.ADManagement } # Add Exchange 2010 commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) { ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 } ################## SETTINGS # Home directory for users $homedir = "\contoso.comusers" # Domain $domain = "contoso.com" # Email address to keep $keepmail = "@contoso.com" # The OU we are working on $OU = "contoso.com/Users/migrated_users" ################## # Run on all users in the defined OU Get-QADUser -SearchRoot $OU | foreach { echo "-------------------------------------------------" echo "Working on $($_.displayname)" echo "-------------------------------------------------" # Generate username after the 3+3 rule $userprincipalname = ($_.firstname.substring(0,3) + $_.lastname.substring(0,3)).tolower() $userprincipalname = $userprincipalname.replace("ø","o") $userprincipalname = $userprincipalname.replace("å","a") $userprincipalname = $userprincipalname.replace("æ","e") # Make the changes on the user account Set-QADUser -Identity $_ -UserPrincipalName $($userprincipalname + "@" + $domain) -SamAccountName "$($userprincipalname)" -HomeDirectory $($homedir + $userprincipalname) -HomeDrive "H:" #-whatif # Check to see if the users homedirectory exists if ( !(Test-Path -Path "$homedir$userprincipalname" -PathType Container) ) { # Doesn't exist so create it. Write-Host "home directory doesn't exist. Creating home directory." # Create the directory New-Item -path $homedir -Name $userprincipalname -ItemType Directory $userDir = "$homedir$userprincipalname" # Modify Permissions on homedir $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $Propogation=[System.Security.AccessControl.PropagationFlags]::None $Access=[System.Security.AccessControl.AccessControlType]::Allow $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule("$userprincipalname",$Rights,$Inherit,$Propogation,$Access) $ACL = Get-Acl $userDir $ACL.AddAccessRule($AccessRule) $Account = new-object system.security.principal.ntaccount($userprincipalname) $ACL.setowner($Account) $ACL.SetAccessRule($AccessRule) Set-Acl $userDir $ACL } # We need some sleep... start-sleep -sec 20 # Now we need to clean up the users Exchange account Get-Mailbox -Identity $userprincipalname | # Loop through all the emailaddresses foreach { $a = $_.emailaddresses $b = $_.emailaddresses # Remove all but $keepmail foreach($e in $a) { if ($e.tostring() -notmatch $keepmail ) { $b -= $e; } $_ | Set-mailbox -EmailAddressPolicyEnabled $false -emailaddresses $b -alias $userprincipalname } } # We had to remove the emailaddresspolicy to make changes. Let's reactivate it Set-mailbox -Identity $userprincipalname -EmailAddressPolicyEnabled $true }