Hello, I was wondering if I could get some help on a script I created. Our environment is setup with Windows server 2008 R2 (just recently upgraded to 2012 R2) we do not use ADFS servers we use DirSync to import AD to O365 and we use Password sync from Messageops so AD passwords are passed along to O365.
What I need help on is truncating the users sAMaccountName (the pre-windows 2000) as any user with over 20 characters fails to create. The format we are using is Firstname.Lastname, if I manually create the account ADUC automatically truncates the logon name. So that is one thing I need help on.
The second part I need help on is exporting to the CSV file portion. I have it set up now to basically pull the LastName, mail and ID headers from the first CSV file and rename the expressions to Last_name, email and id_num and input the values from those columns into the new columns. However it does this even if part of the script failed because I have it set up that way. I need it to query the AD and verify those accounts have been created and input those verified accounts into the new CSV file and email me if any user is not created.
Below is the script I run, everything works I just need help truncating SamAccountName (pre-windows 200) and after script runs to verify if all accounts were made and export them to a CSV file containing LastName, email and ID number.
The CSV file that I use is laid out like this...
SamAccountName, FirstName, LastName, Displayname, Mail, ID, UPN, Company, Department, Title, Phone, Password, path
The exported CSV is laid out like this...
Last_name, email, id_num
What this script does is import a CSV file, takes data from the CSV and creates the AD account. After the account is created it pauses for 15 mins to allow the account to replicate out to O365 (I set up Directsync to update every 15mins vs the 3 hour default).
Import-Module ActiveDirectory #CREATE ACTIVE DIRECTORY ACCOUNT import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object { New-ADUser -Name $_.SamAccountName -UserPrincipalName ($_.UPN + "@my.domain.com") -GivenName $_.FirstName -Surname $_.LastName -Displayname $_.displayname -EmailAddress $_.mail -path $_.path -AccountPassword (ConvertTo-SecureString -AsPlainText $_.Password -Force) -title "Student" -company "My Company" -department $_.Department -employeeID $_.ID -HomePhone $_.Phone -Enabled $true -passwordneverexpires $true } import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-ADUser -identity $_.SamAccountName -Add @{targetAddress="SMTP:" + $_.UPN + "@domain.mail.onmicrosoft.com"}} import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-ADUser -identity $_.SamAccountName -Add @{ProxyAddresses="smtp:" + $_.UPN + "@domain.mail.onmicrosoft.com"}} import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-ADUser -identity $_.SamAccountName -Add @{ProxyAddresses="smtp:" + $_.UPN + "@domain.onmicrosoft.com"}} import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-ADUser -identity $_.SamAccountName -Add @{ProxyAddresses="SMTP:" + $_.UPN + "@my.domain.com"}} #ADD USERS TO SPECIFIED GROUPS import-csv "C:\NewStudents\o365-Students.csv" | ForEach-object { Add-ADGroupMember -identity "Password Sync" -Member $_.SamAccountName} import-csv "C:\NewStudents\o365-Students.csv" | ForEach-object { Add-ADGroupMember -identity "All Students" -Member $_.SamAccountName}
start-sleep -s 900
After the 15 min pause the script then continues by signing into my Office 365 with my credentials saved as a secure-string.(To save the password as a secure-string I did this "read-host -prompt "Enter password to be encrypted in mypassword.txt " -assecurestring | convertfrom-securestring | out-file C:\Office365\cred.txt")
#Input username and password for O365 admin account cd C:\Office365 $password = Get-content C:\Office365\cred.txt | ConvertTo-SecureString $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ebert98@my.stmary.edu,$password $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection Connect-MsolService -Credential $cred
After it's signed into Office 365 it then creates a special O365 license for students disabling everything but Exchange Online.
#Creates special O365 license for students disabling everything but Exchange Online $myO365Sku = New-MsolLicenseOptions -AccountSkuId domain:STANDARDWOFFPACK_STUDENT -DisabledPlans MCOSTANDARD,SHAREPOINTWAC_EDU,SHAREPOINTSTANDARD_EDU start-sleep -s 1 import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-MsolUser -UserPrincipalName ($_.UPN + "@my.domain.com") -UsageLocation US} import-csv "C:\NewStudents\o365-Students.csv" | ForEach-Object {Set-MsolUserLicense -Userprincipalname ($_.UPN + "@my.domain.com") -AddLicenses domain:STANDARDWOFFPACK_STUDENT -LicenseOptions $myO365Sku}
Then I need the script to output to a CSV file first query the AD to verify if the account exists. Currently it is just set up like this...
#Outputs csv file to update EX Import-Csv C:\NewStudents\o365-Students.csv | select @{Name="Last_name";Expression={$_."LastName"}},@{Name="email";Expression={$_."mail"}},@{Name="id_num";Expression={$_."ID"}} | Export-Csv -Path c:\NewStudents\email-idnumupdate.csv –NoTypeInformation
The very last thing the script does is to reset the newly created student AD password so MessageOps password sync utility can grab the new password.
foreach($user in (import-Csv C:\NewStudents\o365-Students.csv)) { Write-Host "Setting Password for $($User.UPN)" $ds = new-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=user)(sAMAccountName=$($user.UPN)))") $usr = ($ds.Findone()).GetDirectoryEntry() $usr.SetPassword($user.password) $usr.SetInfo() }
Any help with the truncating sAMaccountName and exporting CSV file after query of AD verifies the account is there would be extremely helpful. Also if an account is skipped/errors out to have it email me that the account was not created.
Thanks!