Commsverse Blog



#script to import users from old domain. This requires a CSV export using CSVDE from the old domain to feed inputs from$ErrorActionPreference = "Stop"Import-Module ActiveDirectory#Get Domain $getDomain = Get-ADDomain#write log file$logFolder = New-Item -ItemType Directory -Path C:\ADMigration -Force$logFile = New-Item -ItemType File -Path $logFolder"\userimport.txt" -Force$passwordFile = New-Item -ItemType File -Path $logFolder"\userpasswords.txt" -Force#import the csv$csvPath = Read-Host "Please enter CSV path (e.g C:\users.csv)" $csvImport = Import-CSV -Path $csvPath#count objects in CSV$countObjects = $csvImport | Measure-Object | Select-Object -Expand Count$index = 0#set destination OU $destinationOU = Read-Host "Please enter the destination OU to import the objects (e.g OU=users,DC=domain,DC=local)"if ($destinationOU -eq $null){ $destinationOU = "OU=users,$($getDomain.DistinguishedName)"}#set destination group ou$destinationGroupOU = Read-Host "Enter Destination Security Group OU (e.g OU=groups,DC=domain,DC=local)"if ($destinationGroupOU -eq $null){ $destinationGroupOU = "OU=Users,$($getDomain.DistinguishedName)"}#set exchange mailboxes$setExchangeMailboxes = Read-Host "Enable Users for Exchange? (Exchange must be installed) Y/N?"if ($setExchangeMailboxes -eq "Y" -or $setExchangeMailboxes -eq "y"){ $exchangePowershellURL = Read-Host "Please enter Exchange Powershell URL (e.g. )"}#connect to exchange server if requiredif ($setExchangeMailboxes -eq "Y" -or $setExchangeMailboxes -eq "y" -and $exchangePowershellURL -ne $null){ $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exchangePowershellURL -Authentication Kerberos Import-PSSession $exchangeSession } write-host "There are $countObjects to import. Beginning import...." -ForegroundColor Yellow#random user password function$passwordContent = [Char[]]"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@!$?%"#import usersForEach ($user in $csvImport){ #check to see if object already exists) try{ Get-ADUser -Identity $user.sAMAccountName -ErrorAction SilentlyContinueWrite-Host $user.sAMAccountName " already exists and will not be processed" -ForegroundColor Red Add-Content -Path $logFile -Value "$($user.sAMAccountName) already exists and will not be processed" } catch{ #if not exists, create object $newTempPassword = $null $newTempPassword = ($passwordContent | Get-Random -Count 10) -join "" $newObject = New-ADUser -Name $user.samAccountName -SamAccountName $user.sAMAccountName -GivenName "$($user.givenName)" -Surname "$($user.sn)" -UserPrincipalName "$($user.sAMAccountName)@$($getDomain.DNSRoot)"` -DisplayName "$($user.displayName)" -ScriptPath "$($user.scriptPath)" -AccountPassword (ConvertTo-SecureString -AsPlainText $newTempPassword -Force) -ChangePasswordAtLogon $true -Department "$($user.department)" ` -Mobile "0$($user.mobile)"` -OfficePhone "0$($user.telephoneNumber)" -Description "$($user.description)" -StreetAddress "$($user.streetAddress)"` -Path $destinationOU -OtherAttributes @{proxyAddresses = "X500:$($user.legacyExchangeDN)"} -Enabled $true #check that account has been made $checkNewUser = Get-ADUser -Identity $user.sAMAccountName if ($checkNewUser){ Add-Content -Path $logFile -Value "$($user.sAMAccountName) has been created in new domain" Add-Content -Path $passwordFile -Value "$($user.sAMAccountName) - Temp Password: $($newTempPassword)" #check if user groups exist, if they don't create them, if they do add user to group $userMemberOfGroup = $user.memberOf $groupArray = $userMemberOfGroup -split (";") $countGroups = $groupArray.Count For ($i=0;$i -le $countGroups; $i++){ if ($groupArray[$i] -like "CN=*"){ $newGroupArray = $groupArray[$i].split(",") ForEach ($adGroup in $newGroupArray){ if ($adGroup -like "CN=*"){ $adGroup = $adGroup.replace("CN=","") $adGroup = $adGroup.replace("\\","") try{ Get-ADObject -Filter {(name -eq "$($adGroup)")} -ErrorAction SilentlyContinue #AD Group Already Exists, add the user $addUserToGroup = Add-ADGroupMember -Identity $adGroup -Members $user.sAMAccountNameAdd-Content -Path $logFile -Value "AD Group: $($adGroup) added user $($user.sAMAccountName) to it" }catch{ #group does not exist, creating one and adding the user as a member $adGroupSAM = $adGroup.replace(" ","") $adGroupSAM = $adGroup.replace("\\","") try { $newADGroup = New-ADGroup -Name "$adGroup" -SamAccountName "$adGroupSAM" -GroupCategory Security -GroupScope Global -DisplayName $adGroup ` -Path "$destinationGroupOU" $addUserToGroup = Add-ADGroupMember -Identity $adGroupSAM -Members $user.sAMAccountNameAdd-Content -Path $logFile -Value "AD Group: $($adGroup) added user $($user.sAMAccountName) to it" } catch{ Add-Content -Path $logFile -Value "Could not add AD Group $($adGroup) and failed to add user $($user.sAMAccountName) to it" Write-Host "Failed to add ad group " $adGroup -ForegroundColor Yellow } } } } } } #if enable users for mail if ($setExchangeMailboxes -eq "Y" -or $setExchangeMailboxes -eq "y" -and $exchangePowershellURL -ne $null){ Enable-Mailbox -Identity $user.sAMAccountName Start-Sleep -s 5 Write-Host "Waiting 5 Seconds For Mailbox to Generate" -ForegroundColor Yellow $checkMailboxCreation = Get-Mailbox -Identity $user.sAMAccountName -ErrorAction SilentlyContinue if ($checkMailboxCreation -eq $null){ Add-Content -Path $logFile -Value "$($user.sAMAccountName) mailbox has not been created" } else{ Add-Content -Path $logFile -Value "$($user.sAMAccountName) mailbox has been created in exchange" } } else { Add-Content -Path $logFile -Value "$($user.sAMAccountName) is not mail enabled due to admin decision" } }else{ Add-Content -Path $logFile -Value "$($user.sAMAccountName) failed to add in new domain" } } $index ++ Write-Host "Processed User Object " $user.sAMAccountName "($index of $countObjects)" -ForegroundColor Green}Write-Host "Script Processing Complete, Check Logs" -ForegroundColor DarkGreen ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download