This script uses the Quest AD Cmdlets that can be downloaded free from Quest.
# Add the Quest commandlets if not added
if(!(Get-PSSnapin |
Where-Object {$_.name -eq "quest.activeroles.admanagement"})) {
ADD-PSSnapin Quest.Activeroles.ADManagement
}
# Add Exchange 2010 commandlets (if not added)
if(!(Get-PSSnapin |
Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
################## SETTINGS
# Home directory for users
$homedir = "\contoso.comusers"
# Domain
$domain = "contoso.com"
# Email address to keep
$keepmail = "@contoso.com"
# The OU we are working on
$OU = "contoso.com/Users/migrated_users"
##################
# Run on all users in the defined OU
Get-QADUser -SearchRoot $OU |
foreach {
echo "-------------------------------------------------"
echo "Working on $($_.displayname)"
echo "-------------------------------------------------"
# Generate username after the 3+3 rule
$userprincipalname = ($_.firstname.substring(0,3) + $_.lastname.substring(0,3)).tolower()
$userprincipalname = $userprincipalname.replace("ø","o")
$userprincipalname = $userprincipalname.replace("å","a")
$userprincipalname = $userprincipalname.replace("æ","e")
# Make the changes on the user account
Set-QADUser -Identity $_ -UserPrincipalName $($userprincipalname + "@" + $domain) -SamAccountName "$($userprincipalname)" -HomeDirectory $($homedir + $userprincipalname) -HomeDrive "H:" #-whatif
# Check to see if the users homedirectory exists
if ( !(Test-Path -Path "$homedir$userprincipalname" -PathType Container) ) {
# Doesn't exist so create it.
Write-Host "home directory doesn't exist. Creating home directory."
# Create the directory
New-Item -path $homedir -Name $userprincipalname -ItemType Directory
$userDir = "$homedir$userprincipalname"
# Modify Permissions on homedir
$Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
$Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Propogation=[System.Security.AccessControl.PropagationFlags]::None
$Access=[System.Security.AccessControl.AccessControlType]::Allow
$AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule("$userprincipalname",$Rights,$Inherit,$Propogation,$Access)
$ACL = Get-Acl $userDir
$ACL.AddAccessRule($AccessRule)
$Account = new-object system.security.principal.ntaccount($userprincipalname)
$ACL.setowner($Account)
$ACL.SetAccessRule($AccessRule)
Set-Acl $userDir $ACL
}
# We need some sleep...
start-sleep -sec 20
# Now we need to clean up the users Exchange account
Get-Mailbox -Identity $userprincipalname |
# Loop through all the emailaddresses
foreach {
$a = $_.emailaddresses
$b = $_.emailaddresses
# Remove all but $keepmail
foreach($e in $a)
{
if ($e.tostring() -notmatch $keepmail )
{ $b -= $e; }
$_ | Set-mailbox -EmailAddressPolicyEnabled $false -emailaddresses $b -alias $userprincipalname
}
}
# We had to remove the emailaddresspolicy to make changes. Let's reactivate it
Set-mailbox -Identity $userprincipalname -EmailAddressPolicyEnabled $true
}
SuneWorld 