这段时间需要大量地修改AD用户的一些属性,例如邮件,UPN,登录名等等,以便和Office365的登录账号保持一致。写了个简单脚本进行批量修改。
脚本执行的前提是在本地安装了AD和Office365必要的PS模块。AD是可以远程间接调用DC的PS模块,不过实际操作发现有些小bug,所以还是直接安装在本地比较省事,速度也快。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
#Import AD Module
Import-Module
activedirectory
#Import Office 365 Module
$Sessions
=
Get-PSSession
if
(
$Sessions
.ComputerName
-like
"outlook.office365.com"
){
write-host
"Detecting current Office365 session, skip.."
-ForegroundColor Cyan
}
else
{
write-host
"Starting new Office365 session"
-ForegroundColor Cyan
$UserCredential
=
Get-Credential
Connect-MsolService
-Credential
$UserCredential
$Session
=
New-PSSession
-ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential
$UserCredential
-Authentication Basic -AllowRedirection
Import-PSSession
$Session
}
#Get Primary SMTP Address
function
Get-PrimarySMTP
(){
[
CmdletBinding
()]
Param
(
# Param1 help description
[
Parameter
(
Mandatory
=
$true
,
ValueFromPipelineByPropertyName
=
$true
,
Position
=0)]
[string[]]
$users
)
$pp
=
$null
$pp
=@{
'name'
=
$null
;
'primarysmtp'
=
$null
}
$obj
=
New-Object
-TypeName psobject -Property
$pp
$result
=@()
foreach
(
$user
in
$users
){
$info
=
get-aduser
-
Filter
{name
-eq
$user
} -Properties proxyaddresses
$primarySMTPAddress
= "
"
foreach ($address in $info.proxyAddresses)
{
if (($address.Length -gt 5) -and ($address.SubString(0,5) -ceq 'SMTP:') )
{
$primarySMTPAddress = $address.SubString(5)
break
}
}
$objtemp=$obj | select *
$objtemp.name=$info.Name
$objtemp.primarysmtp=$primarySMTPAddress
$result+=$objtemp
}
return $result
}
#Get AD User Informtion
#$ADUsers = Get-ADUser -SearchBase "
ou=mango,ou=ddb_group,ou=melbourne,dc=omnicom,dc=com,dc=au
" -Properties proxyaddresses, emailaddress, displayname -Filter *
Write-Host "
"
$uUser=Read-Host "
Please input the domain name
"
try{
$ADUsers=get-aduser $uUser -Properties proxyaddresses, emailaddress, displayname
#Change SamAccountName and UPN
foreach ($ADUser in $ADUsers) {
$ADUser.Name
$GivenName = $ADUser.GivenName
$SurName = $ADUser.Surname
if (($GivenName -ne $null) -or ($SurName -ne $null))
{
$newSAM = $GivenName.ToLower() + '.'+$SurName.ToLower()
$oldUPN=$ADUser.UserPrincipalName
$domainName= $oldUPN.Split('@')[1]
$newUPN = $newSAM + '@'+$domainName
write-host "
Updating ADUPN:
$oldupn
->
$newUPN
" -ForegroundColor Cyan
#Change AD UPN and SamAccount
Set-ADUser $ADUser -SamAccountName $newSAM -UserPrincipalName $newUPN
#Change AD email
$oldEmail=$ADUser.emailaddress
$newEmail=$newSAM+‘@'+$oldemail.split('@')[1]
write-host "
Updating Email:
$oldEmail
->
$newEmail
" -ForegroundColor Cyan
set-aduser $newSAM -EmailAddress $newEmail
#Change Primary SMTP
$primary=Get-PrimarySMTP -users $ADUser.name | select -ExpandProperty primarysmtp
Write-Host "
Updating ProxyAddress..
" -ForegroundColor Cyan
#Write-Host "
Current Primary address is
$primary
" -ForegroundColor Cyan
$Aduser.proxyaddresses.remove("
SMTP:
"+$primary)
$Aduser.proxyaddresses.add("
smtp:
"+$primary)
$Aduser.proxyaddresses.add("
SMTP:
"+$newEmail)
set-aduser $newSAM -replace @{proxyaddresses=[string[]]$ADUser.proxyaddresses} -ErrorAction Stop
#Change cloud UPN. If Office365 session is not connected properly, follow commands wont' work!
$oldmsolupn=Get-MsolUser -SearchString $ADUser.Name
$oldmsolupn=$oldmsolupn| select -First 1 | select -ExpandProperty UserPrincipalName
$newmsolupn=$newSAM+'@'+$oldmsolupn.split('@')[1]
write-host "
Updating MSOLUPN:
$oldmsolupn
->
$newmsolupn
" -ForegroundColor Cyan
Set-MsolUserPrincipalName -UserPrincipalName $oldmsolupn -NewUserPrincipalName $newmsolupn
Write-Host ""
}
else{
Write-Warning "
Either GivenName or Surname is Empty
"
}
}
#Confirm result
Write-Host "
Confirm AD Result
" -ForegroundColor Cyan
get-aduser $newSAM -Properties proxyaddresses,mail | select Name, SamAccountName, UserPrincipalName, proxyaddresses, mail
Write-Host "
Confirm O365 Result
" -ForegroundColor Cyan
Get-MsolUser -SearchString $ADUser.Name | select UserPrincipalName
}catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
write-host "
AD User can not found
" -ForegroundColor red
}catch [Microsoft.ActiveDirectory.Management.ADException]{
Write-Host "
User vlaue can't be updated or the specified value already exists" -ForegroundColor Red
}
|
修改其实都满简单地,我的脚本里面也没有写太多容错处理。修改完了之后,windows用户可能存在Profile和注册表对不上号的问题,因此还需要修改一些注册表,具体操作参考 http://beanxyz.blog.51cto.com/5570417/1930788
本文转自 beanxyz 51CTO博客,原文链接:http://blog.51cto.com/beanxyz/1944991,如需转载请自行联系原作者
