Sunday, March 22, 2015

Exporting and Importing Active Directory Users using PowerShell

If you are performing any type of Active Directory migrations or setup, you will want to be able to easily setup and create users.

Fortunately, this is relatively easy to do using Windows PowerShell.

If you want to export existing users out of your Active Directory repository that includes most of their relevant details, the best way to do this is to export their information to a CSV file like so:

Import-Module ActiveDirectory
$SearchBase = "OU=Service Accounts,DC=mydomain,DC=COM"
$ExportFile = "C:\Exports\ServiceAccounts.csv"
 
$users = Get-ADUser -Filter * -SearchBase $SearchBase -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,GivenName,Surname,Enabled,Organization | Sort-Object -Property Name
$users | Export-Csv $ExportFile –NoTypeInformation

Subsequently, when you are ready to import your users back into Active Directory, you can use the following script:

 



$ADFilePath = "C:\Exports\ServiceAccounts.csv";
$DomainName = "@mydomain.com";
$ImportADGroup = "Service Accounts";
 
Import-Module ActiveDirectory
 
Function Add-NewADUser
{
    <#
Param([string]$ADName,
    [string]$SAMAcctName,
    [string]$ADUPN,
    [string]$ADEmail,
    [string]$ADGivenName,
    [string]$ADSurname,
    [string]$ADGroup,
    [string]$ADOUPath
    )
#>
    Param(
    [Parameter(Mandatory=$true,Position=1)]
    [string]$ADName,
    [Parameter(Mandatory=$true)]
    [string]$SAMAcctName,
    [Parameter(Mandatory=$true)]
    [string]$ADUPN,
    [Parameter(Mandatory=$true)]
    [string]$ADEmail,
    [Parameter(Mandatory=$true)]
    [string]$ADGivenName,
    [Parameter(Mandatory=$true)]
    [string]$ADSurname,
    [Parameter(Mandatory=$true)]
    [string]$ADGroup,
    [Parameter(Mandatory=$true)]
    [string]$ADOUPath
    )
 
    #Example
    #ADName John Doe
    #GivenName John
    #Surname Doe
    #SAMAccountName jdoe
    #UPN jdoe@mydomain.com
    #ADOU OU=Service Accounts,DC=mydomain,DC=com
    #ADGroup Service Accounts
 
 
    $ADDefaultPwd = "P@ssw0rd1!"
 
    New-ADUser -Name $ADName -DisplayName  $ADName -SamAccountName $SAMAcctName -UserPrincipalName $ADUPN -EmailAddress $ADEmail -GivenName $ADGivenName -Surname $ADSurname -Organization $ADGroup -AccountPassword (ConvertTo-SecureString $ADDefaultPwd -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true -Path $ADOUPath
    Add-ADGroupMember $ADGroup $SAMAcctName
}#Function Add-NewADUser
 
Clear-Host
$ADUserList = Import-Csv $ADFilePath 
ForEach ($ADUser in $ADUserList)
{    
     $userPrincipal = $ADUser.SamAccountName + $DomainName
    
    Add-NewADUser -ADName $ADUser.Name -SAMAcctName $ADUser.SamAccountName -ADUPN $userPrincipal -ADGroup $ImportADGroup -ADEmail $ADUser.EmailAddress -ADGivenName $ADUser.GivenName -ADSurname $ADUser.Surname
}#ForEach

 

In regards to importing Active Directory Users, there are a wide variety of ways that are shown on the Internet for importing from a CSV file such as using the $_."samAccountName" notation, but the problem about this, is that the PowerShell ISE offers no Intellisense for any of these properties.

 

Therefore, my favorite part of using the script above is that I actually get Intellisense/Autocompletion for the Property Names in the CSV file by using the following line in the script:

 


$ADUserList = Import-Csv $ADFilePath 

Therefore, when I am typing my values in my ForEach loop, I can automatically select the correct property names!


How cool is that??



No comments:

Post a Comment