First you’d maybe like to count members;
(Get-QADGroupMember "Group").count
And then you can add them to another group:
Get-QADGroupMember "Group to copy from" | Add-QADGroupMember "Group to copy to"
First you’d maybe like to count members;
(Get-QADGroupMember "Group").count
And then you can add them to another group:
Get-QADGroupMember "Group to copy from" | Add-QADGroupMember "Group to copy to"
This will export data in the following order (with scandinavian letters)
Givenname, Surname, SamAccountname, PrimarySMTPAddress
Get-QADUser -sizelimit 0 | where {$_.accountisdisabled -eq $true} | select givenname,sn,SamAccountName,PrimarySMTPAddress | Export-Csv -Encoding utf8 c:tempdisabled_users.csv
# Make utf8 to include special characters
cat .list.csv > .list2.csv
# Import the file and process export as utf8
Import-Csv .list2.csv | foreach {
Get-QADUser -lastname $_.lastname -firstname $_.firstname | select firstname,lastname,mobile,primarysmtpaddress,logonname
} | Export-Csv .list3.csv -Encoding “UTF8”
# Add +47 in “mobile”
$Users = Get-QADUser -SearchRoot “domain/A1/users” -sizelimit 0 | where { $_.mobile.length -eq 8 }
foreach ($user in $users) {
Set-QADUser -id $user -mobile ($user.mobile.insert(0,’+47′))
}
# Number of users with 8 characters mobile
(Get-QADUser -sizelimit 0 | where { $_.mobile.length -eq 8 }).count
# Remove whitespaces in mobile
$Users = Get-QADUser -SearchRoot “domain/A1/users” -sizelimit 0 | where {$_.mobile -match “s”}
foreach ($user in $users) {
Set-QADUser -id $user -mobile ($user.mobile -replace “s”)
}
# Count users with whitespace in mobile
(Get-QADUser -sizelimit 0 | where {$_.mobile -match “s”}).count
This script uses the Quest AD Cmdlets that can be downloaded free from Quest.
# Add the Quest commandlets if not added if(!(Get-PSSnapin | Where-Object {$_.name -eq "quest.activeroles.admanagement"})) { ADD-PSSnapin Quest.Activeroles.ADManagement } # Add Exchange 2010 commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) { ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 } ################## SETTINGS # Home directory for users $homedir = "\contoso.comusers" # Domain $domain = "contoso.com" # Email address to keep $keepmail = "@contoso.com" # The OU we are working on $OU = "contoso.com/Users/migrated_users" ################## # Run on all users in the defined OU Get-QADUser -SearchRoot $OU | foreach { echo "-------------------------------------------------" echo "Working on $($_.displayname)" echo "-------------------------------------------------" # Generate username after the 3+3 rule $userprincipalname = ($_.firstname.substring(0,3) + $_.lastname.substring(0,3)).tolower() $userprincipalname = $userprincipalname.replace("ø","o") $userprincipalname = $userprincipalname.replace("å","a") $userprincipalname = $userprincipalname.replace("æ","e") # Make the changes on the user account Set-QADUser -Identity $_ -UserPrincipalName $($userprincipalname + "@" + $domain) -SamAccountName "$($userprincipalname)" -HomeDirectory $($homedir + $userprincipalname) -HomeDrive "H:" #-whatif # Check to see if the users homedirectory exists if ( !(Test-Path -Path "$homedir$userprincipalname" -PathType Container) ) { # Doesn't exist so create it. Write-Host "home directory doesn't exist. Creating home directory." # Create the directory New-Item -path $homedir -Name $userprincipalname -ItemType Directory $userDir = "$homedir$userprincipalname" # Modify Permissions on homedir $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $Propogation=[System.Security.AccessControl.PropagationFlags]::None $Access=[System.Security.AccessControl.AccessControlType]::Allow $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule("$userprincipalname",$Rights,$Inherit,$Propogation,$Access) $ACL = Get-Acl $userDir $ACL.AddAccessRule($AccessRule) $Account = new-object system.security.principal.ntaccount($userprincipalname) $ACL.setowner($Account) $ACL.SetAccessRule($AccessRule) Set-Acl $userDir $ACL } # We need some sleep... start-sleep -sec 20 # Now we need to clean up the users Exchange account Get-Mailbox -Identity $userprincipalname | # Loop through all the emailaddresses foreach { $a = $_.emailaddresses $b = $_.emailaddresses # Remove all but $keepmail foreach($e in $a) { if ($e.tostring() -notmatch $keepmail ) { $b -= $e; } $_ | Set-mailbox -EmailAddressPolicyEnabled $false -emailaddresses $b -alias $userprincipalname } } # We had to remove the emailaddresspolicy to make changes. Let's reactivate it Set-mailbox -Identity $userprincipalname -EmailAddressPolicyEnabled $true }
Connect-QADService -service ‘server.company.com’
This requires the Quest commandlets.
# Import the ActiveDirectory cmdlets Import-Module ActiveDirectory # List available snapins on your system: Get-PSSnapin # List registered snapins Get-PSSnapin -Registered # Alias: gsnp # Add Snapin: Add-PSSnapin # Examples: Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin # Exchange 2007 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 # Exchange 2010 Add-PSSnapin Microsoft.SystemCenter.VirtualMachineManager # WMM (Hyper-V) Add-PSSnapin Quest.Activeroles.ADManagement # Quest commandlets
(You can download the Quest Commandlets from <a href="# Install from http://www.quest.com/powershell/activeroles-server.aspx” title=”# Install from http://www.quest.com/powershell/activeroles-server.aspx“>here.)
You will get an error if you try to add a snapin that is already added. Your script will continue to run but you’ll have a bunch of nasty red letters in your shell. Not too sexy, eh? The way to avoid this is to first check if the snapin is loaded and then only load if it is not.
Do it like this:
# Add Exchange 2007 commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.Admin"})) { ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin } # Add Exchange 2010 commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) { ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 } # Add Virtual Machine Manager (Hyper-V) commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.SystemCenter.VirtualMachineManager"})) { ADD-PSSnapin Microsoft.SystemCenter.VirtualMachineManager } # Add Quest commandlets (if not added) if(!(Get-PSSnapin | Where-Object {$_.name -eq "Quest.Activeroles.ADManagement"})) { ADD-PSSnapin Quest.Activeroles.ADManagement }
Head on over to http://blogs.technet.com/b/heyscriptingguy/archive/2010/10/16/learn-how-to-load-and-use-powershell-snap-ins.aspx to learn more about snapins.