Adding users to Active Directory with a bulk import

 

One of the tasks a system administrator will probably have to tackle at one point in their careers, is to quickly add a large amount of users to Active Directory. Without too much difficulty or money, one can accomplish the feat using the following  powershell script: Active Directory User Creation Tool: http://community.spiceworks.com/scripts/show/1917-active-directory-user-creation-tool 

So a quick kudos to [email protected] and Jim Smith for making this tool available for free online.

By following the instructions on the download page, it’s a few hours work to get the xml file and the csv template to work together to bulk import the users into AD.

Download the script, change then name to a .ps1 file and then execute the script with powershell (right-click on the powershell icon and choose “Run as Administrator”.) Because this is an unsigned script, and in case you can’t recall, the command to run first is:

Set-ExecutionPolicy RemoteSigned

One thing to note is when building your csv file, all cells must be quoted.  An easier way to do this, rather than struggling with Excel functions, is to use Libre Office.

Open your csv file with Libre Office, do a Save As -> csv -> check ‘use filter’ -> check ‘Quote all text cells’ -> finish save to a new location with a new filename. Then open the file in a text editor to make sure all cells are quoted.

In the XML file, the most difficult part to configure is the canonical name used to populate the OU you want with the users. In our case we used:

Domain=
subdomain.domain.domain.com
Path=
OU=ImportedUsers,DC=subdomain,DC=domain,DC=domain,DC=com

This will make more sense once you are configuring your XML file. Before you do a big bulk import, generate a template with the script/tool, fill out the essential fields with test accounts (first, last, username, password, etc.), then re-import the template, configure your XML file, and then submit the import. Then test your imports with just a few users at a time.

If you can’t find your test user accounts  that you imported in Active Directory, you might need to right-click on the root in Active Directory Users and Computers (ADUC) and do a “Find…” then search for the test user accounts. They may have been added to the wrong OU. Again, this will take some tweaking, but at least if you can get the users into an OU, later you can select the users, right-click and choose Move… to put them in the correct OU container.

Once your test accounts are being imported correctly, go back, edit your bulk user lists according to the template specifications, and have at it.

Another issue that came up is that in our source file for our users, we only had the First Name, Last Name in the same cell. In order to split the names into two separte columns, we used the following tips:

Split full name to first and last name with Text to Column command – http://www.extendoffice.com/documents/excel/829-excel-split-first-last-name.html
For the First Name/Last name split, create a temporary column named General to the right of the Last name column

This project on spiceworks looks like it’s actively developed so it might be worth while to contact the developer if you run into any trouble or have a feature request.

 

Exchange 2010 Installation Part 5

Absolute Necessities for Exchange 2010

  • You need an Active Directory Domain in place
  • You need a solid DNS infrastructure
  • You can technically install Exchange 2010 on a server that is your Active Directory Server and your DNS server (case in point, Small Business Server)

Typical or Custom Installations:

Exchange 2010 can be deployed through either a Typical or a Custom Installation

1. Typical: will install the Hub Transport, Client Access and Mailbox Server roles

2. Custom: You can install one server type, or some, or all of the roles

  • If you install the Edge Transport (greys out other roles), you cannot install other roles. Can only exist on a DMZ
  • If you are installing one of the other roles, you can combine them together (you may install them on separate servers all together.)
  • You don’t need the Unified Messaging Server role in order for your organization to function. The same with the Edge Transport server, not required but is recommended by Microsoft to provide better protection for Exchange.

The installation itself is fairly typical, and if your prerequisites have been installed you should not encounter any errors.

After installation, if your Exchange server is not licensed, you will have approximately 120 days to activate or license the server.

Be sure to check for critical updates for your exchange server after installation. If you don’t see any updates for exchange in Windows Update, even after a reboot, you may need to start the Exchange Setup.exe Installer again, and click on “Step 5: Get critical updates for Microsoft Exchange”. This is the only way I could force Windows/Exchange to find new updates, for example Exchange Update Rollup 5 for Exchange Server 2010 KB2407113.

 

Exchange Updates
Click Image to Enlarge

 

 

 

 

 

 

 

 

 

Everything we need installed for a working Exchange environment has been accomplished.

When starting the Exchange 2010 Management Console, we are not simply opening it for this server, but for our Exchange Organziation. Whether on a single server, or a multitude of servers, the console will manage the entire Exchange Organization system.

For the Edge Transport Server

We will install Active Directory Lightweight Directory Services. Even though the Edge Transport Server is not a part of the AD (for our own safety) it still requires a directory to work with. We can install it via the GUI, or through the PowerShell.

For the Edge Transport server, we will use the code:

> import-module servermanager

> Add-WindowsFeature NET-Framework, RSAT-ADDS, ADLDS -Restart

When running the command you may receive the following result error:

PS C:UsersAdministrator> Add-WindowsFeature NET-Framwork,RSAT-ADDS,ADLDS -Restart
Add-WindowsFeature : ArgumentNotValid: Invalid role, role service, or feature: 'NET-Framwork'. The name was not found.
At line:1 char:19
+ Add-WindowsFeature <<<<  NET-Framwork,RSAT-ADDS,ADLDS -Restart
    + CategoryInfo          : InvalidData: (:) [Add-WindowsFeature], Exception
    + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False   No             Invali... {}

If you receive this error, it means that the prerequisite, .NET Framework 3.5.1 is required. See screenshot below. An easy way to install the prerequisite is to use the GUI role installation feature, which will prompt you to install the framework. Be sure to apply all critical updates and service packs to .NET prior completing the installation of Lightweight Directory Services; remember, this is your public-facing computer.

Click image to enlarge

 

 

 

 

 

 

Once .NET and the rest of the Edge Transport role is installed, you’ve rebooted, updated and have rebooted again, now would be a good time to backup the Edge Transport server with either a bare metal/VM system snapshot. Although snapshots are beneficial, an Edge Transport XML export/backup should be performed as well on a regular basis. I exported my first as Edge_BaselineXML.

A very useful article on backing up and restoring the Edge Transport Server can be found here: http://exchangeserverpro.com/exchange-2010-edge-transport-server-backup-and-recovery

Note: The Windows Backup feature is not installed by default on a newly installed Server2008 R2 installation. You can quickly install the backup feature at the powershell using the following two commands:

> import-module servermanager

> add-WindowsFeature backup

When logging into the Edge Server, and launching the Management Console, I encountered the following error:

[ERROR] Provisioning layer initialization failed: ‘Active Directory error 0x8007052E occurred while searching for domain controllers in domain

The problem was that I had logged into the local machine only and not the domain, and when trying to run the console, it was not logged in as a domain user. I logged off, logged back in as DOMAINAdministrator, and then found the Management Console to work correctly and identify my machine as an Edge Transport Server.

Another error I hit was the following:

The following error occurred when searching for On-Premises Exchange Server:

The term ‘C:Program FilesMicrosoftExchange Server V14BinConnectFunctions.ps1′ is not recongnized as the name of a cmdlet, function, script files, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. It was running the command’. ‘C:Program FilesMicrosoftExchange ServerV14BinConnectFunctions.ps1’

(Click here to retry)

By following the workaround here: http://blogs.technet.com/b/nawar/archive/2010/09/03/exchange-management-shell-ems-missing-after-applying-exchange-2010-sp1.aspx I was able to continue with the configuration and open up the Exchange Console. However, all roles were available, which is incorrect. We should only see the Edge Transport role. After re-installing only the Edge Transport Role through the Exchange Setup, I now have the Edge Transport Role up and running. The Exchange Management Console should show only the Edge Transport Role on the Edge Transport server itself.

Click Image to Enlarge

 

 

 

 

 

This makes it clear what we’re working on. We’re on an Edge Transport server and that is all we can work on.

At this point we now have the ability to send mail internally from one mailbox to another. We do not have the ability to send email to the internet or from the internet because we have not configured DNS, or our Send/Receive connectors. We will save these tasks for a different post.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Exchange 2010 Installation Part 5

Absolute Necessities for Exchange 2010

  • You need an Active Directory Domain in place
  • You need a solid DNS infrastructure
  • You can technically install Exchange 2010 on a server that is your Active Directory Server and your DNS server (case in point, Small Business Server)

Typical or Custom Installations:

Exchange 2010 can be deployed through either a Typical or a Custom Installation

1. Typical: will install the Hub Transport, Client Access and Mailbox Server roles

2. Custom: You can install one server type, or some, or all of the roles

  • If you install the Edge Transport (greys out other roles), you cannot install other roles. Can only exist on a DMZ
  • If you are installing one of the other roles, you can combine them together (you may install them on separate servers all together.)
  • You don’t need the Unified Messaging Server role in order for your organization to function. The same with the Edge Transport server, not required but is recommended by Microsoft to provide better protection for Exchange.

The installation itself is fairly typical, and if your prerequisites have been installed you should not encounter any errors.

After installation, if your Exchange server is not licensed, you will have approximately 120 days to activate or license the server.

Be sure to check for critical updates for your exchange server after installation. If you don’t see any updates for exchange in Windows Update, even after a reboot, you may need to start the Exchange Setup.exe Installer again, and click on “Step 5: Get critical updates for Microsoft Exchange”. This is the only way I could force Windows/Exchange to find new updates, for example Exchange Update Rollup 5 for Exchange Server 2010 KB2407113.

 

Exchange Updates
Click Image to Enlarge

 

 

 

 

 

 

 

 

 

Everything we need installed for a working Exchange environment has been accomplished.

When starting the Exchange 2010 Management Console, we are not simply opening it for this server, but for our Exchange Organziation. Whether on a single server, or a multitude of servers, the console will manage the entire Exchange Organization system.

For the Edge Transport Server

We will install Active Directory Lightweight Directory Services. Even though the Edge Transport Server is not a part of the AD (for our own safety) it still requires a directory to work with. We can install it via the GUI, or through the PowerShell.

For the Edge Transport server, we will use the code:

> import-module servermanager

> Add-WindowsFeature NET-Framework, RSAT-ADDS, ADLDS -Restart

When running the command you may receive the following result error:

PS C:UsersAdministrator> Add-WindowsFeature NET-Framwork,RSAT-ADDS,ADLDS -Restart
Add-WindowsFeature : ArgumentNotValid: Invalid role, role service, or feature: 'NET-Framwork'. The name was not found.
At line:1 char:19
+ Add-WindowsFeature <<<<  NET-Framwork,RSAT-ADDS,ADLDS -Restart
    + CategoryInfo          : InvalidData: (:) [Add-WindowsFeature], Exception
    + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False   No             Invali... {}

If you receive this error, it means that the prerequisite, .NET Framework 3.5.1 is required. See screenshot below. An easy way to install the prerequisite is to use the GUI role installation feature, which will prompt you to install the framework. Be sure to apply all critical updates and service packs to .NET prior completing the installation of Lightweight Directory Services; remember, this is your public-facing computer.

Click image to enlarge

 

 

 

 

 

 

Once .NET and the rest of the Edge Transport role is installed, you’ve rebooted, updated and have rebooted again, now would be a good time to backup the Edge Transport server with either a bare metal/VM system snapshot. Although snapshots are beneficial, an Edge Transport XML export/backup should be performed as well on a regular basis. I exported my first as Edge_BaselineXML.

A very useful article on backing up and restoring the Edge Transport Server can be found here: http://exchangeserverpro.com/exchange-2010-edge-transport-server-backup-and-recovery

Note: The Windows Backup feature is not installed by default on a newly installed Server2008 R2 installation. You can quickly install the backup feature at the powershell using the following two commands:

> import-module servermanager

> add-WindowsFeature backup

When logging into the Edge Server, and launching the Management Console, I encountered the following error:

[ERROR] Provisioning layer initialization failed: ‘Active Directory error 0x8007052E occurred while searching for domain controllers in domain

The problem was that I had logged into the local machine only and not the domain, and when trying to run the console, it was not logged in as a domain user. I logged off, logged back in as DOMAINAdministrator, and then found the Management Console to work correctly and identify my machine as an Edge Transport Server.

Another error I hit was the following:

The following error occurred when searching for On-Premises Exchange Server:

The term ‘C:Program FilesMicrosoftExchange Server V14BinConnectFunctions.ps1′ is not recongnized as the name of a cmdlet, function, script files, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. It was running the command’. ‘C:Program FilesMicrosoftExchange ServerV14BinConnectFunctions.ps1’

(Click here to retry)

By following the workaround here: http://blogs.technet.com/b/nawar/archive/2010/09/03/exchange-management-shell-ems-missing-after-applying-exchange-2010-sp1.aspx I was able to continue with the configuration and open up the Exchange Console. However, all roles were available, which is incorrect. We should only see the Edge Transport role. After re-installing only the Edge Transport Role through the Exchange Setup, I now have the Edge Transport Role up and running. The Exchange Management Console should show only the Edge Transport Role on the Edge Transport server itself.

Click Image to Enlarge

 

 

 

 

 

This makes it clear what we’re working on. We’re on an Edge Transport server and that is all we can work on.

At this point we now have the ability to send mail internally from one mailbox to another. We do not have the ability to send email to the internet or from the internet because we have not configured DNS, or our Send/Receive connectors. We will save these tasks for a different post.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com