New Active Directory User and Office365 New User Powershell Procedure

As a systems administrator, quite often you’ll need to create new user accounts in Active Directory and MSOnline Office 365. It’s good to streamline your new user creation procedure as much as possible to make the process faster and more accurate. Thanks to PowerShell, we can turn a whole bunch of point and clicks into just a few PowerShell commands. In this example procedure we will first create an Active Directory AD user account with powershell and a .csv file and then add that user into multiple groups with a different powershell script and a .txt file that has a list of the groups. We will also use another powershell script to get the canonical name of the groups so that our script can find the LDAP location of the group in Active Directory. Secondly, because we do not run our own exchange server we will use powershell to connect to Office365, and create a new user there, license the user, and then add the user to some distribution groups. Prerequisites are powershell, and import AD components and MSOnline components.

 

  1. Go to https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Create-Active-7e6a3978 and download the create_ad_users.zip and extract to c:\newusers\
  2. Edit create_ad_users.ps1 lines 92 and 98 to accommodate longer last names. In the original script it only allows for first initial and then a truncated last name of 4 characters. In my case, we have some users with long last names, so I set those values to 20:
  3. If($replace.length -lt 20)
    {
      $lastname = $replace
    }
    Else
    {
      $lastname = $replace.substring(0,20)
    }
    

     

  4. Copy info from your HR department about the new user into the .csv file c:\newusers\import_create_ad_users.csv
  5. Run PS C:\newusers> .\create_ad_users.ps1
  6. Next check the new username in ADUC for such things as account name, address, phone number etc. to ensure the entries are accurate.
  7. With our new user account created, most likely we will want to make that user a member of several security groups. To do that with PowerShell, we need to make sure that we have the correct LDAP names for our groups and place them into a file named groups.txt. In order to do so, we need to run another powershell script named find-dn.ps1 . The code is as follows:
    # Function Find Distinguished Name
    function find-dn { param([string]$adfindtype, [string]$cName)
        # Create A New ADSI Call
        $root = [ADSI]''
        # Create a New DirectorySearcher Object
        $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
        # Set the filter to search for a specific CNAME
        $searcher.filter = "(&(objectClass=$adfindtype) (CN=$cName))"
        # Set results in $adfind variable
        $adfind = $searcher.findall()
        
        # If Search has Multiple Answers 
        if ($adfind.count -gt 1) {
            $count = 0 
            foreach($i in $adfind)
            {
                # Write Answers On Screen
                write-host $count ": " $i.path
                $count += 1
            }
            # Prompt User For Selection
            $selection = Read-Host "Please select item: "
            # Return the Selection
            return $adfind[$selection].path
        }
        # Return The Answer
        return $adfind[0].path
    }

    This code should be inserted into a new PowerShell ISE tab and then saved as find-dn.ps1 . Running the code will produce a new PowerShell function (but will not write any output to the screen.) Find the group names in ADUC that you want the CN name for, and then use the following command(s) to return the CN name:

    find-dn "group" "FinanceGroup"

    The script will return something similar to the following:

    LDAP://CN=FinanceGroup,CN=Users,DC=intranet,DC=contoso,DC=com

    Remove the part “LDAP://” and copy the remaining string into the c:\newusers\groups.txt file, which after finding the rest of your group CN names, should look something similar to the following:

    CN=FinanceGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=HRGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=OperationsGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=ITGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=AccountingGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=ComplianceGroup,CN=Users,DC=intranet,DC=contoso,DC=com
    CN=MarketingGroup,CN=Users,DC=intranet,DC=contoso,DC=com

     

  8. Now that we have our CN security group names, we can add the user(s) into the groups with the following script. For this step we can utilize the script found here: https://community.spiceworks.com/topic/459481-adding-users-to-multiple-security-groups-in-ad – which was contributed by Martin9700 . Copy the following script into a new PowerShell ISE tab and name the file Add-MultipleGroups.ps1 :
    #requires -Version 3.0
    Param (
        [Parameter(Mandatory,ValueFromPipeline)]
        [String[]]$Groups,
        [Parameter(Mandatory)]
        [String[]]$Users,
        [switch]$Passthru
    )
    
    Begin {
        Try { Import-Module ActiveDirectory -ErrorAction Stop }
        Catch { Write-Error "Unable to load Active Directory module, is RSAT installed?"; Exit }
        $Result = @()
    }
    
    Process {
        ForEach ($Group in $Groups)
        {   Try {
                Add-ADGroupMember $Group -Members $Users -ErrorAction Stop
                $Result += [PSCustomObject]@{
                    Group = $Group
                    AddMembers = $Users -join ", "
                }
            }
            Catch {
                Write-Error "Error adding members to $Group because $($Error[0])"
                $Result += [PSCustomObject]@{
                    Group = $Group
                    AddMembers = $Error[0]
                }
            }
        }
    }
    
    End {
        If ($Passthru)
        {   $Result
        }
    }

     

  9. Run the following command to add user to the appropriate security groups:
PS C:\newusers> .\Add-MultipleGroups.ps1 -Groups (Get-content c:\newusers\groups.txt) -users user1, user2

With the above script you can use the file to run a number of different options as well such as:

You can just put the group names in -Groups:

.\Add-MultipleGroups.ps1 -Groups "testgroup1","testgroup2" -users user1,user2,user3,user4

You can use a text file (either in Groups or via pipeline):

.\Add-MultipleGroups.ps1 -Groups (Get-content c:\groups.txt) -users user1,user2,user3,user4

Get-content c:\groups.txt | .\Add-MultipleGroups.ps1 -Groups -users user1,user2,user3,user4

You can also use Get-Content for users, but you can pipe it:

Get-content c:\groups.txt | .\Add-MultipleGroups.ps1 -Groups -users (Get-content c:\users.txt)

 

You can confirm in ADUC that the users are now members of the security groups in our groups.txt file.

Add users to Office 365 and Distribution Groups with PowerShell

Great! Now that we have our user accounts created on the AD side of things, we will move on to adding our user(s) into Office365:

With PowerShell up and running will will issue the following commands:

From https://www.petri.com/use-powershell-create-assign-licenses-office-365-users

 

Import-Module MSOnline

Connect-MsolService

Now we will create the user with the following command:

New-MsolUser -UserPrincipalName user1@contoso.com -DisplayName ‘User 1’ -FirstName User -LastName 1

This command will return something like the following (sorry about the formatting:)

 

PS C:\Users\jcoltrin> New-MsolUser -UserPrincipalName user1@planmember.com -DisplayName ‘User 1’ -FirstName User -LastName 1



Password                                   UserPrincipalName                          DisplayName                                isLicensed

--------                                   -----------------                          -----------                                ----------

Suso4007                                   user1@contoso.com                       User 1                                False

 

Now we need to add a license to the user account. We need to do two things before we can assign the licenses. First is we need to to determine the different sku’s we have available to license, and second, we need to set the usage location. To accomplish the first part, we can issue the command:

Get-MsolAccountSku

Second, by using the instructions here: https://social.technet.microsoft.com/Forums/ie/en-US/bfde2a73-579c-409b-a7cd-77110048c7b7/license-enabling-script?forum=onlineservicesadministrationcenter

We can set the MS Online user’s principal location:

Set-MsolUser -UserPrincipalName user1@contoso.com -UsageLocation US


Set-MsolUserLicense -UserPrincipalName user1@contoso.com -AddLicenses Contoso:STANDARDPACK

Now that the user is licensed, we will add the account to a few Exchange Distribution Groups. We will need to import a new PSSession from outlook.com before we can run the Exchange commands. Import the session with the following commands:

 

$creds = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Creds -Authentication Basic -AllowRedirection

Now we can add the distribution group members with the group identity and member name in quotes:

 

Add-DistributionGroupMember -Identity "Finance" -Member "user1@contoso.com"

Add-DistributionGroupMember -Identity "AllEmployees" -Member "user1@contoso.com"

A number of these scripts and commands can be combined into .ps1 files to optimize the workflow even further. With the information here you should have a good place to start. Let me know in the comments how you added your own features to the procedure.

 

Get a list of computers, 32/64 bit architecture, Service Pack level, and IP address in active directory with PowerShell

To get an inventory .csv file list of all computers in AD, run the following command in powershell:

Make sure you import Active Directory modules into PowerShell prior to running the command.

Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion,ipv4* | Export-Csv -Path "c:\admin\ComputersList.csv"

If you first receive the following error:

“The term ‘Get-ADComputer’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.”

This error indicates that the Active Directory module has not been imported into PowerShell. First do this by running the command:

import-module activedirectory

This script should produce and export a .csv file list that looks like the following:

Name OperatingSystem OperatingSystemServicePack OperatingSystemVersion IPv4Address
DC01 Windows Server 2008 R2 Standard Service Pack 1 6.1 (7601) 10.1.3.4
JasonCWKS Windows 7 Professional Service Pack 1 6.1 (7601) 10.1.2.129
JColtrinWin7 Windows 7 Professional Service Pack 1 6.1 (7601) 10.1.2.85

If you want to take this further, and get the csname (computer name), caption (Operating system title), OS Architecture (32/64 bit), and ServicePackMajorVersion (service pack level) from a list of IP’s that the previous command produced you can do the following:

  1. Copy the IP addresses of all the machines to a new file called win7pcs.txt and place it in C:\admin\
  2. Open Powershell ISE  and enter the following script:
$a = Get-Content "C:\admin\win7pcs.txt" 
foreach ($i in $a) 
{Get-WmiObject Win32_OperatingSystem -ComputerName $i | Format-Table csname,caption,OSArchitecture,ServicePackMajorVersion -AutoSize
}

This should produce the following output for each IP address:

csname caption OSArchitecture ServicePackMajorVersion
—— ——- ————– ———————–
JasonCWKS Microsoft Windows 7 Professional 64-bit 1

csname caption OSArchitecture ServicePackMajorVersion
—— ——- ————– ———————–
JcoltrinWin7 Microsoft Windows 7 Professional 32-bit 1

 

powershell – Find all computers in a domain or OU running a service

Sometimes you need to find all the computers on a domain that are running a certain particular service. By using Active Directory, supplying your canonical domain name, and define an output file, you can easily create a list of computers running a service.

First, start PowerShell as administrator, and import active-directory powershell components with the following command:

Import-Module ActiveDirectory

Then, open PowerShell ISE and copy in the following into a new .ps1 script:

$ou = "OU=Computers,OU=finance,DC=east,DC=contoso,DC=com"

$servers = Get-ADComputer -Filter * -SearchBase $ou | select-object 
-expandproperty name

Foreach ($server in $servers){
$Data = Get-Service -ServiceName *SAVService* -ComputerName $server | 
select machinename,name | sort machinename | format-table -AutoSize 

Write($Data) | Out-File .\machinesrunningSAVService.txt -Append
}

Run the script, and your output file will look similar to the following:

MachineName Name      
----------- ----      
hostname1   SAVService



MachineName Name      
----------- ----      
hostname2   SAVService



MachineName Name      
----------- ----      
hostname3   SAVService

 

 

Powershell – remotely copy multiple files to a list of computers

How to copy multiple files to a list of computers

PowerShell – copy a list of files to a list of multiple computers

Here is a simple PowerShell script I found (linked below) that can easily copy a list of files to a list of computers. If you want to copy more than one file to a lot of computers on your network, this simple script should work ok. It’s better to use a network share and use a UNC path to denote where the file source and destinations.

$a = Get-Content "C:\computerlist.txt" 

foreach ($i in $a) 

{$files= get-content "C:\fileslist.txt"
foreach ($file in $files)
{Copy-Item $file -Destination \\$i\C$\admin\ -force}
}

Here is a sample of what the computerlist.txt will look like:

hostname1.contoso.com
hostname2.contoso.com
hostname3.contoso.com

And here is a sample of what the fileslist.txt will look like:

\\fileserver\share\IT\myscript.ps1
\\fileserver\share\IT\Readme.txt
\\fileserver\share\IT\uninstall.bat

 

https://social.technet.microsoft.com/Forums/office/en-US/09575f93-7b17-4621-804d-4b018df34771/powershell-copy-a-list-of-files-to-multiple-servers-and-backup-exisiting-files?forum=winserverpowershell

 

 

Powershell – remotely copy multiple files to a list of computers

How to copy multiple files to a list of computers

PowerShell – copy a list of files to a list of multiple computers

Here is a simple PowerShell script I found (linked below) that can easily copy a list of files to a list of computers. If you want to copy more than one file to a lot of computers on your network, this simple script should work ok. It’s better to use a network share and use a UNC path to denote where the file source and destinations.

$a = Get-Content "C:\computerlist.txt" 

foreach ($i in $a) 

{$files= get-content "C:\fileslist.txt"
foreach ($file in $files)
{Copy-Item $file -Destination \\$i\C$\admin\ -force}
}

Here is a sample of what the computerlist.txt will look like:

hostname1.contoso.com
hostname2.contoso.com
hostname3.contoso.com

And here is a sample of what the fileslist.txt will look like:

\\fileserver\share\IT\myscript.ps1
\\fileserver\share\IT\Readme.txt
\\fileserver\share\IT\uninstall.bat

 

https://social.technet.microsoft.com/Forums/office/en-US/09575f93-7b17-4621-804d-4b018df34771/powershell-copy-a-list-of-files-to-multiple-servers-and-backup-exisiting-files?forum=winserverpowershell