Archive for the 'provisioning' Category

AD User Provisioning from CSV Got Easier

Creating new AD user accounts from a csv-file data has become even easier. In versions prior to 1.0.6 you could import a csv file, and then use ForEach-Object and manual column mapping to assign the values to the attributes (for example, see this post on populating test environments):

Import-CSV c:\users.csv | ForEach-Object { New-QADUser -Name $_.Name -SamAccountName $_.Name -Department $_.Department -ParentContainer mydoman.local/demo }

This works but is somewhat redundant. If the CSV file already has a column named Name, why wouldn’t PowerShell assign that column to the Name property automatically?

This is exactly what we have added in AD cmdlets 1.0.6. Now you no longer have to use ForEach-Object (pipe import- directly into new-!) and don’t need to specify the parameters which are already in the CSV file!

This means that if I have a csv file like this:

"Aaron Nelson",anelson,Engineer
"Justin Starin",jstarin,Janitor

I can create these two new user accounts with the simple command below:

Import-Csv users.csv | New-QADUser -ParentContainer mydomain.local/test Import

Notice how much simpler it has become compared to the one used in the beginning of the post!

But wait, it becomes even better! You can mix and match the approaches by using some of the parameters from the CSV and adding others in the command-line. Let’s use the same CSV but set the City property to the accounts we create:

Import-Csv users.csv | New-QADUser -ParentContainer mydomain.local/test -City Melbourne Import

This takes the Name, SamAccountName, and Title from CSV, and adds the City from our command:

Get-QADUser -SearchRoot mydomain.local/test | Format-Table Name,samAccountName,Title,City

Name          samaccountname Title    City
----          -------------- -----    ----
Aaron Nelson  anelson        Engineer Melbourne
Justin Starin jstarin        Janitor  Melbourne

The whole purpose of PowerShell and AD cmdlets is to make AD management easier and more intuitive, and it is good to see another step in that direction.

By the way, this feature was influenced by the requests we were getting from the community: for example, from Jonathan Walz and his comments here. Thanks Jonathan and everyone on the AD PowerShell discussion forum!

Tags: , , , , , , ,

Copy AD accounts with PowerShell

Being able to copy AD accounts with one line of PowerShell code is probably my favorite feature of AD cmdlets RTM version.

Suppose you have an account the properties of which you would like to use to create another account? You probably want the new account to have a different name, password, etc. but it needs to have the same location, department and other attributes. The solution is extremely easy and straight-forward. You just need to do Get-QADUser for the sample account, and pipe into New-QADUser while specifying the new location and unique properties.

For example:

Get-QADUser 'James Johns' -export | New-QADUser -ParentContainer mydomain.local/test -Name 'Janny Grant' -SamAccountName jgrant -DisplayName 'Janny Grant' -FirstName Janny -LastName Grant -UserPassword 'J@nnysPwd' -import

One gotcha is that it will not copy the group membership, so you will have to use another oneliner for that:

(Get-QADUser 'James Johns').MemberOf | Add-QADGroupMember -Member ps64\jgrant

How cool is that? 😉

Tags: , , , , , ,

Creating test AD users (improved)

One of the kicks of PowerShell is taking someone else’s script and making it even shorter. 😉 This was exactly my first thought when I found this test AD user creation script by Austin (found via Bob).

Austin’s script is perfectly fine but you can make it shorter by getting rid of csv step and enabling the accounts on the fly.

So here’s how I would create 500 test user accounts:

1..500 | ForEach-Object {
New-QADUser -ParentContainer ps64.local/test -Name "testuser$_" -SamAccountName "testuser$_" -UserPrincipalName "testuser$" -FirstName "testUser$_" -LastName "example$_" -UserPassword "password_123" | Enable-QADUser

I think this is pretty self-describing. I am using the 1..500 cycle to get a collection of these 500 numbers, and then put them inside the string parameters (make sure you use double quotes!) in the ForEach-Object cycle. Finally the objects are passed to Enable-QADUser so the accounts get enabled.

Pretty cool, eh?

Tags: , , , , , , , ,

Updated PowerGUI Active Directory Pack

Our AD PowerPack has been quite outdated for a long time. I think it has been more or less the way it was initially created to demo AD cmdlets 1.0.1 integration at MMS. Not anymore! Last week we’ve set down and added a bunch of new features to the pack taking advantages of the enhancements introduced to both cmdlets (in versions 1.0.2 and 1.0.3) and PowerGUI itself (the pack now works with PowerGUI 1.0.8 or later).

Here’s the quick what’s new:

  • Description and system requirements shown/enforced on import
  • User password reset
  • OU browsing
  • Remove the default 100 item limits
  • User CSV Provisioning (!)
  • Enable User
  • Recursive Member Of
  • New User
  • New Group
  • Remove User
  • Remove Group

And here’s how it looks like:

Updated Active Directory PowerPack for PowerGUI

And don’t forget that all of that comes with the standard PowerGUI sorting, filtering, reporting, and bulk operations capabilities. And, if you are using Windows Server 2008 it integrates with the new Fine-Grained Password Policies UI. And, everything you do is also output as PowerShell code on the corresponding tab. And, you can add/remove/modify any node, link, or action. Etc., etc.

Go download it here.

Tags: , , , , ,

New episode of PowerScripting podcast

Jonathan has just published episode 5 of his PowerScripting podcast. Among other things he is sharing his experience using AD cmdlets and creating new user accounts with a single PowerShell command.

As Jonathan states it in his blog motto: get the podcast and pipe it into your ears. 😉

Tags: , , ,

Demo: Advanced Exchange 2007 Management

PowerGUI documentation section got updated with a new demo – Advanced Exchange 2007 Management.

Although PowerGUI introductory demo indeed used Exchange 2007 it mostly had basic mailbox and Exchange management.

However, there are tasks for which Exchange 2007 Management Console at the moment does not provide any user interface and in this demo we concentrated on some of them, namely:

  • Mailbox provisioning from CSV files, and using existing mailboxes as a model,
  • Managing Public Folders (browse, create, mail-enable and so on),
  • Manage certificates, request and generate new x.509 Transport Security certificates.

This all makes PowerGUI really handy when managing Exchange 2007 deployments, and learning PowerShell for automating such tasks.

Are there any other tasks that native UI does not cover at the moment? Leave your comments or participate in PowerGUI Discussion Forums.

Tags: , , , , , , ,

Enable User Accounts with PowerShell

Question: How to enable AD user account using Windows PowerShell cmdlets?

Answer (shamelessly stolen from Andrei’s post in the PowerGUI discussion forum):

1. [If this is a new account] Create the account using New-QADUser. Make sure the password is also set (-UserPassword parameter)

2. Enable the account by setting userAccountControl to 512: e.g.

Set-QADUser TEST\testuser -ObjectAttributes @{userAccountControl=512}

Bulk account provisioning: 

If you want to do that in bulk using csv file for bulk user account provisioning this might (depending on the columns in your file and attributes being set) look like:

PS C:\> Import-Csv users.csv | ForEach-Object {New-QADUser -ou acme.local/demo -name $_.Name -UserPassword $_.Password

PS C:\> Import-Csv users.csv | ForEach-Object {Set-QADUser $_.Name -ObjectAttributes @{userAccountControl=512}}

Due to AD cmdlets not having a community site of their own we have created a forum for Active Directory PowerShell discussions on Andrei and other members of his team are there for your questions, feature requests, etc.

Tags: , , , ,

PowerShell Script for Mailbox Provisioning

Yesterday I posted a blogcast on PowerShell-based mailbox provisioning.

Below is the script which PowerGUI executes when you click that Create from CSV file action.

What I am doing in the script is basically:

1. Prompt for the file name (param).

2. Read into into an array.

3. Check whether columns with mandatory parameters are in the file.

4. And then just go column by column constructing the new-mailbox command for each row.

5. If Password column is not present I use UPN instead (you can change to your own rule).

6. Finally, I just call Invoke-Expression for all these generated commands.

Of course in PowerGUI all you need to do is just click a button, but for all PowerShell geeks out there here’s the code:


[array]$csv = import-csv $file

# This script implies that columns "UserPrincipalName", "name",

# "database","OrganizationalUnit" exist in the csv file

if (($csv[0].UserPrincipalName -eq $null) -or ($csv[0].Name -eq $null) -or ($csv[0].Database -eq $null) -or ($csv[0].OrganizationalUnit -eq $null) ) {throw "Parameter missing... Make sure the CSV file has the following columns: UserPrincipalName, Name, Database, OrganizationalUnit."}

# Create collection of the commands that we will invoke in the end
[collections.arraylist]$Commands=new-object system.collections.arraylist

for($i=0; $i -lt $csv.Count; $i++)

[void]$Commands.Add("new-mailbox -UserPrincipalName `"$($csv[$i].UserPrincipalName)`" -Name `"$($csv[$i].Name)`" -Database `"$($csv[$i].Database)`" -OrganizationalUnit `"$($csv[$i].OrganizationalUnit)`"" + ' -Password $pwd ')

# Add other parameters if present in the CSV

if ($csv[0].Alias -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
  $Commands[$i] = $Commands[$i] + " -Alias `"$($csv[$i].Alias)`""

if ($csv[0].DisplayName -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
$Commands[$i] = $Commands[$i] + " -DisplayName `"$($csv[$i].DisplayName)`""

if ($csv[0].FirstName -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
$Commands[$i] = $Commands[$i] + " -FirstName `"$($csv[$i].FirstName)`""

if ($csv[0].LastName -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
$Commands[$i] = $Commands[$i] + " -LastName `"$($csv[$i].LastName)`""

if ($csv[0].Initials -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
$Commands[$i] = $Commands[$i] + " -Initials `"$($csv[$i].Initials)`""

if ($csv[0].SamAccountName -ne $null) {
for($i=0; $i -lt $csv.Count; $i++)
$Commands[$i] = $Commands[$i] + " -SamAccountName `"$($csv[$i].SamAccountName)`""

for($i=0; $i -lt $csv.Count; $i++)
$pwd = new-object Security.SecureString

if ($csv[0].Password -ne $null) {
$csv[$i].Password.ToCharArray() | foreach { $pwd.AppendChar($_) }
} else {
$csv[$i].UserPrincipalName.ToCharArray() | foreach { $pwd.AppendChar($_)


Invoke-Expression $Commands[$i]

Tags: , , , , ,

Provision Exchange Mailboxes from CSV

Wouldn’t it be great to pick a few mailboxes, export their properties to Excel, make a few changes, and use that changed file to provision a bunch of new user accounts and mailboxes? PowerGUI comes with commands to do that!

PowerGUI gives you user interface for a lot of actions which used to require scripting. While I am striving to find time at DEC to finish editing my webcast, so I thought I’ll do a few blogcasts (is there such a word already?) now instead.

Here we go:

1. Download and install PowerGUI on a computer which has either Exchange 2007 or its management tools.

2. Click Mailboxes, make sure that the following columns are displayed (right-click the header to add the columns): UserPrincipalName, Name, Database, OrganizationalUnit – these are mandatory for new Exchange mailboxes.

3. Select the mailboxes you want to export and click Report as CSV:

Select sample mailboxes for provisioning

4. Specify the filename for the output (e.g. c:\test.csv) and click OK. The file will open in whatever is your CSV edit. Normally it should be Excel- in my case the machine didn’t have Office so I had to use Notepad:

Change propeties

5. Change the properties as you wish for the new mailboxes (in my case I just did Replace All), add new rows, add a column Password and set passwords for the new accounts (otherwise we’ll just use UPN for that).

6. Save the file.

7. In PowerGUI click Create new from CSV action.

Create from CSV

8. Type in the file path and click OK.

Select CSV file

9. That’s it – the new accounts and mailboxes got provisioned!

New mailboxes are there!

If you want to schedule provisioning to happen on regular basis (e.g. nightly) just go to the PowerShell Code tab and use the code there for your script.

PowerShell and PowerGUI rock! 😉

Tags: , , , , , ,

Exchange 2007 PowerPack: UI on top of PowerShell

Exchange 2007 is one of the most PowerShell’ized Microsoft platforms. PowerGUI reuses that to provides graphical interface for bulk property changes, mailbox provisioning from csv files, public folder- and certificate management.

I’ve just uploaded to PowerGUI library a pack for Exchange 2007 that does all of the above and much more.

PowerGUI had a built-in pack for managing Exchange 2007 for a long time. However, the trick has been that the pack only showed up when PowerGUI was installed on a computer which already had either Exchange or the management tools. Install the stuff in reverse order (PowerGUI first) and you have not Exchange pack in it. Now even in that case you can download the PowerShell-based Exchange pack separately and import it into PowerGUI.

I’ve also shot a webcast about the pack and will hopefully upload it to this week and will make a few blog posts on it contents.

P.S. Historically one of the reasons why we started the PowerGUI project was due to the fact that once we started using E12 (codename for Exchange 2007) beta we found that indeеhe UI (Exchange Management Console) was just a subset of the PowerShell command-line and the latter was the only option for a lot of management operations: public folders, certificates, etc. Luckily PowerShell was indeed available for all these operations and this pack gives you UI for all these operations.

Tags: , , , , , ,

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

August 2022

%d bloggers like this: