the-server.ninja - Jan 11, 2018Jan 19, 2018

Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox | The-Server.Ninja

The-server.ninja Spined HTML

Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox | The-Server.Ninja The-Server.Ninja Server Admin by day… Server Ninja by night… Menu Skip to content HomeAbout Search Search for: Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox Jan 11, 2018Jan 19, 2018 / Severn Most IT admins know what a pain it is to set up Active Directory user accounts, expressly when you need to setup a respective 365 mailbox. Hopefully, this script is going to help you! I’m going to guide you though using Powershell to create an Active Directory account, with a licenced Office 365 mailbox (in a hybridMart2013 environment). I’m thesping you’re executing this script from an Admin Powershell prompt, on a Domain joined PC (It maybe useful for you to run this script in Powershell ISE). This script will: Create an Active Directory user worth + indulge you to assign a user password (securely).Well-constructedAD worth details such as telephone number and write (useful if you are using my email signature script guide). Create an Office 365 mailbox (this script assumes that you are running inMarthybrid mode (i.e. your merchantry moreover has an on PremiseMartserver). Turn on litigation hold enabled (for this to work, you will need the correct licences, ie: E3). Assign a 365 licence (I’m moreover assigning an ATP licence, Windows 10 licence and PowerBI standard licence). You’ll need to prepare your IT admin PC. Perform the pursuit steps: Enable .NET 3.5 Install: http://g.microsoftonline.com/0bd00en-us/569 Install: https://www.microsoft.com/en-us/download/confirmation.aspx?id=39267 Install: http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185 For the final part of our prep, launch an admin Powershell prompt and run the pursuit command: set-executionpolicy remotesigned Script starts here: The first part of the script brings in the Active Directory powershell modules. #Installs AD modules import-module activedirectory The next part of the script asks for the user details (I’ve yet to implement error capturing in this section; so if you don’t have the relevant info, printing space to register some input surpassing pressing enter). Make sure details are accurate, and if you are using my email signature script, it will be just as important to enter Job Title, Phone number etc.  if not; just scuttlebutt those sections out using: # I’ve moreover set the script to trammels for location.  Useful if you have multiple offices and want to pre-set variegated office addresses & security groups. Write-host "Please well-constructed the pursuit questions, Ensure spelling and specimen are accurate" $First=Read-Host 'Enter First Name' $Last=Read-Host 'Enter Last Name' $Title=Read-Host 'Enter Job Title' $EmployeeID=Read-Host 'Enter the EmployeeID.PrintingSpace then Enter if information is not available' $Mobile=Read-Host 'Enter the Mobile Phone Number.PrintingSpace then Enter if information is not available' $Department=Read-Host 'Enter the users department.PrintingSpace then Enter if information is not available' $DirectDial=Read-Host 'Enter the users uncontrived dial number.PrintingSpace then Enter if information is not available' $InternalExtension=Read-Host 'Enter the users internal extension number.PrintingSpace then Enter if information is not available' $Qualifications=Read-Host 'Enter any relevant qualifications.PrintingSpace then Enter if information is not available' $Location=Read-Host 'Enter Location: Exeter, Truro, Plymouth or Bristol'   Using the data captured above, the script builds up some variables needed to create a user account. The script is configured to convert email addresses to lowercase (for cosmetic purposes). Using host location information, the relevant write information will be populated. #Pre-set fields generic to all users regardless of location $FirstLower=$First.ToLower() $LastLower=$Last.ToLower() $SAMAccountName=$FirstLower+'.'+$LastLower $DisplayName=$First+' '+$Last $Mailnickname=$First+$Last $UserPrincipalName=$FirstLower+'.'+$LastLower+'@contoso.co.uk' $RemoteRoutingAddress=$FirstLower+'.'+$LastLower+'@contoso.onmicrosoft.com' $ProxyEmailAddress=$FirstLower+'.'+$LastLower+'@contoso.onmicrosoft.com' $EmailAddress=$FirstLower+'.'+$LastLower+'@contoso.co.uk' #This maybe of use if the visitor domain has reverted but is still used for mailflow. $oldEmailAddress=$FirstLower+'.'+$LastLower+'@tailspintoys.co.uk' $Company="Contoso Ltd" $WWWHomePage="www.contoso.co.uk" #This section prompts you to enter a password - this is the users initial password $password=Read-Host "Enter Users Password" -AsSecureString #Custom fields - dependent on office location #Make sure the $Path location unelevated is sync'd to office 365 - this is setup in the sync service manager installed on your domain controller If ($Location -eq 'Exeter') { $Path="OU=Exeter,DC=contoso,DC=local" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Exeter" $State="Devon" $PostalCode="EX Postcode" } ElseIf ($Location -eq 'Plymouth') { $Path="OU=Win10,OU=Plymouth,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Plymouth" $State="Devon" $PostalCode="PL Postcode" } ElseIf ($Location -eq 'Truro') { $Path="OU=Truro,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Truro" $State="Cornwall" $PostalCode="TR Postcode" } ElseIf ($Location -eq 'Bristol') { $Path="OU=Win10,OU=Bristol,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Bristol" $State="Bristol" $PostalCode="BS Postcode" } Else { write-host "Incorrect Location Entered; exiting script" start-sleep -milliseconds 10000 exit }   Now, the AD user worth is created. #Create user section - this builds the AD worth using the fields whilom New-ADUser -SAMAccountName $SAMAccountName -name $DisplayName -GivenName $First -Surname $Last -UserPrincipalName $UserPrincipalName -DisplayName $DisplayName -Department $Department -Path $Path -Company $Company -EmployeeID $EmployeeID -Fax $Fax -OfficePhone $OfficePhone -HomePhone $DirectDial -Mobile $Mobile -StreetAddress $StreetAddress -City $City -POBox $PObox -State $State -PostalCode $PostalCode -ChangePasswordAtLogon -OtherAttributes @{title=$title;mail=$EmailAddress;wwwHomePage=$WWWHomePage;c="GB";co="United Kingdom";ipPhone=$InternalExtension;info=$qualifications} #This section adds the users email addresses. The primary email write should be SMTP in caps, secondary addresses in lowercase. Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="SMTP:$EmailAddresses"} Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="smtp:$OldEmailAddress"} Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="smtp:$ProxyEmailAddresses"} #pauses the script to indulge AD to replicate start-sleep -milliseconds 5000   This part of the script adds the user into the company’s generic security groups. It moreover uses  the write information to add the user into any relevant group based on location. The group name cab be found under symbol editor, CN. #Adds user into standard visitor groups Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName #Adds user into location specific security groups If ($Location -eq 'Exeter') { Add-ADGroupMember -Identity "Exeter Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Plymouth') { Add-ADGroupMember -Identity "Plymouth Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Truro') { Add-ADGroupMember -Identity "Truro Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Bristol') { Add-ADGroupMember -Identity "Bristol Security Group" -Members $SAMAccountName } Start-sleep -milliseconds 5000   This part of the script uses the password you previously set; then enables the AD worth (AD worth cannot be enabled without a password). Set-ADAccountPassword -identity $SAMAccountName -NewPassword $password -Reset Start-sleep -milliseconds 5000 Enable-ADAccount -Identity $SAMAccountName   Next, we’re going to get our AD server (with Microsoft AD Connect Sync Service installed) to perform a Delta Sync from AD to Office 365. This will register the new user worth in the 365 portal. #This section forces and AD to 365 Delta sync from the domain controller, then pauses the script to make sure the sync has completed. Invoke-Command -Computer Contoso-AD1 -Scriptblock {Start-ADSyncSyncCycle -PolicyType Delta} start-sleep -milliseconds 10000   Mail routing functionality breaks if you try and create a mailbox directly in 365, rather than usingMart2013 – we will need to create a 365 mailbox thoughMartPowershell. However; we don’t want to have to run commands directly on ourMartserver, so we’re going to create anMartPowershell session from our IT admin PC and then create the 365 mailbox. #This part of the script connects to a Powershell session via the on-prem mart 2013 server (hybrid environment). $Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://contoso-mbx1/powershell -Authentication Kerberos Import-PSSession $Session -DisableNameChecking -AllowClobber #This part creates the Office365 mailbox though the on-premise mart 2013 server (hybrid mode) Enable-RemoteMailbox -identity $SAMAccountName –remoteroutingaddress $RemoteRoutingAddress #This bit turns on mailbox archiving - trammels your licencing arrangement! Enable-RemoteMailbox $SAMAccountName -Archive #Forces the script to pause whilst 365 worth is setup start-sleep -milliseconds 10000 Now, we’re connecting to our 365 portal. This is where you will be prompted to login to 365. #Connects to Office 365 portal. Will prompt for valid admin credentials. Manually running $AccountSKU Will report when number of licences used / available. import-module MsOnline Connect-MsolService $AccountSKU = Get-MsolAccountSKU $AccountSKU $UserLicence = Get-MsolUser -UserPrincipalName $UserPrincipalName Next, the script sets the users location – in this specimen GB (Great Britain). Change Contoso to your visitor name (ie the bit surpassing onmicrosoft.com) We’re moreover assigning: Office 365 E3 licence Advanced Threat Protection licence PowerBI Standard (free) licence Windows 10 Enterprise licence #This sets the users location; needed surpassing licences can be prescribed Set-MsolUser -UserPrincipalName $UserPrincipalName -UsageLocation GB Write-host "Assigning licences: Office 365 E3, MS ATP, Windows 10 and PowerBi Std" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:ENTERPRISEPACK" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:ATP_ENTERPRISE" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:POWER_BI_STANDARD" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:WIN10_PRO_ENT_SUB" start-sleep -milliseconds 5000   This part of the script closes our connection to the on-premiseMartserver. #Cleans upMarton premise script session Remove-PSSession $Session   This section turns on litigation (legal) hold. You’ll need the correct licences (ie E3) so trammels this surpassing continuing.  If you’re using incompatible licences, remove or scuttlebutt out this section. $Credential = Get-Credential $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection Import-PSSession $ExchangeSession start-sleep -milliseconds 5000 Get-Mailbox -identity $SAMAccountName | Set-Mailbox -LitigationHoldEnabled $True start-sleep -milliseconds 5000 #Cleans up connection to 365 servers Remove-PSSession $ExchangeSession   Once the script completes; you’ll be well-considered that Microsoft can take 30 minutes to prepare the mailbox. You may find that you are worldly-wise to login to portal.office.com but the webmail sawed-off will be wrenched until the mailbox setup has completed – plane if it appears misogynist in the admin portal. write-host "Allow 30 minutes for Microsoft / Office 365 to create the mailbox" start-sleep -milliseconds 10000 exit   That concludes the AD script! Hopefully you have found it of some use, and save some time in your rented IT environment. As I find improvements, I’ll update the guide. TSN. Advertisements Share this:TwitterFacebookGooglePrintLinkedInPinterestEmailLike this:Like Loading... Related Active Directory, Exchange, Programming, Server, Tools & Utilities, Uncategorized Exchange, office 365, powershell Post navigation ← GDPR – Getting Started Leave a Reply Cancel reply Enter your scuttlebutt here... Please log in using one of these methods to post your comment: Email (required) (Address never made public) Name (required) Website You are commenting using your WordPress.com account. ( Log Out /  Change ) You are commenting using your Google+ account. ( Log Out /  Change ) You are commenting using your Twitter account. ( Log Out /  Change ) You are commenting using your Facebook account. ( Log Out /  Change ) Cancel Connecting to %s Notify me of new comments via email. Notify me of new posts via email. Search for: Recent Posts Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox Jan 11, 2018 GDPR – Getting Started Dec 19, 2017 Windows 10 v1709 Deployment Nov 16, 2017 News: Windows Server 2016 RTM. Now misogynist on the MVLS portal! Oct 13, 2016 Windows Deployment: PXE booting between VLAN’s Sep 13, 2016 Recent Comments Powershell – C… on How to standardize your compan…Severn on Windows Deployment: Advanced P…Severn on Using a Raspberry Pi as a Squi…Wall on Using a Raspberry Pi as a Squi…Severn on Using a Raspberry Pi as a Squi… Archives Archives Select Month Jan 2018  (1) Dec 2017  (1) Nov 2017  (1) Oct 2016  (1) Sep 2016  (2) May 2016  (1) Mar 2016  (2) Dec 2015  (1) Oct 2015  (1) Aug 2015  (1) Jul 2015  (4) May 2015  (4) Apr 2015  (4) Feb 2015  (4) Jan 2015  (3) Apr 2014  (11) Categories Active Directory (4) Cloud (1)Mart(2) Hyper-V (2) Microsoft (10) Programming (3) Raspberry Pi (1) Security (14) Server (7) Squid (1) Tools & Utilities (7) Uncategorized (4) VPN (1) Windows 10 (2) Windows Deployment (17) Meta Register Log in Entries RSS Comments RSS WordPress.com Advertisements SocialView /pages/The-serverninja/611128422321990’s profile on FacebookView @the_serverninja’s profile on Twitter Follow The-Server.Ninja on WordPress.com Create a self-ruling website or blog at WordPress.com. Post to Cancel Send to EmailWriteYour Name Your EmailWriteCancel Post was not sent - trammels your email addresses! Email trammels failed, please try then Sorry, your blog cannot share posts by email. Privacy & Cookies: This site uses cookies. By standing to use this website, you stipulate to their use. To find out more, including how to tenancy cookies, see here: Cookie Policy %d bloggers like this: