Bulk Creating Users For Your Test Network

KB ID 0000784 

Problem

Update Jan 2023: Feel free to use this Bulk-Create-AD-Users-Script (Just remeber to change the domain details in the “Global Variables’ Sections to give you 10o0 users, with sensible names addreeses etc.

Having a test network, is great for both learning, and testing. I’ve got some major migrations coming up in the next few months, so I’m in the process of running up some new test servers. I usually run a quick .vbs file like this;

[box]

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))

For i = 1 To 1000
Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
objLeaf.Put "sAMAccountName", "UserNo" & i
objLeaf.SetInfo
Next
WScript.Echo "1000 Users created."

[/box]

Save that as createusers.vbs and run it on your domain controller and it will churn out 1000 users (named UserNo1 – UserNo1000). They will be disabled, with no passwords, but that can be rectified with a few mouse clicks.

But I want something a little more realistic, so I found a random name generator, and decided to have a script to create 1000 users that were a little more ‘lifelike’.

Solution

1. Download this zip file, and extract it to your desktop. To run the script you will need to set your Execution Policy with the following command;

[box]
Set-ExecutionPolicy Unrestricted[/box]

2. You will need to change a couple of lines in the newusers.ps1 file open it with notepad and change the domain details to match yours;

[box]

$TargetOU = [ADSI]“LDAP://CN=Users,DC=pnl,DC=com”
foreach ($user in import-csv usernames.csv)
{
$newUser = $TargetOU.Create(“user”,“cn=” +$user.login)
$newUser.put(“sn”, $user.Last)
$newUser.put(“DisplayName”, $user.First + ” “ +$user.Last)
$newUser.put(“givenName”, $user.First)
$newUser.put(“sAMAccountName”,$user.login)
$newUser.put(“userPrincipalName”,$user.login + “@pnl.com”)
$newUser.SetInfo()
$newUser.SetPassword($user.password)
$newUser.put(“userAccountControl”, 512)
$newUser.SetInfo()
}

[/box]

3. Change directory to the folder with your script in, and run it, it will put the details from the usernames spreadsheet;

[box]

cd Desktop/New_Users
./Newusers.ps1

[/box]

3. Look in Active Directory and there are your new users.

Bulk Creating Mailbox’s for your Users

Now I’ve got my users in AD, I want them all to have a mailbox, so a quick PowerShell command;

[box]
Get-User -OrganizationalUnit “pnl.com/users/” -ResultSize Unlimited | Enable-Mailbox -Database “Mailbox-Database” [/box]

It will throw out the odd error (e.g. if it finds users that are already mail enabled), that’s OK.

Related Articles, References, Credits, or External Links

NA

PowerShell: Cannot Be Loaded Because Running Scripts is Disabled

KB ID 0001417

Problem

If you’ve arrived here, you are trying to run a script, and you cant;

[box]PS C:\Users\{User-name}> .\{script-name}.ps1
.\{script-name} : File C:\Users\{User-name}\{script-name} cannot be loaded because running scripts is
disabled on this system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\{script-name}
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS C:\Users\\{User-name}>[/box]

 

Solution

 Execute the following command;

[box]Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass[/box]

Then run your script.

THIS WILL ONLY WORK: While that PowerShell window is open, so don’t close it if you are running a lot of scripts.

I Want to Always be Able to Run Scripts?

OK you can either change the ‘Scope’ of that last command, from ‘Process’ to to ‘CurrentUser’, or ‘CurrentMachine’.

  • Process: The execution policy affects only the current Windows PowerShell process.
  • CurrentUser: The execution policy affects only the current user.
  • LocalMachine: The execution policy affects all users of the computer.

Or you can simply change the policy ‘Globally’;

[box]Set-ExecutionPolicy {Value}[/box]

Possible values are;

  • Restricted: Does not load configuration files or run scripts. Restricted is the default execution policy.
  • AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
  • RemoteSigned: Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.
  • Unrestricted: Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
  • Bypass: Nothing is blocked and there are no warnings or prompts.
  • Undefined: Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.

Related Articles, References, Credits, or External Links

NA

Exchange – Export Distribution Groups AND Members to a file

KB ID 0000209 

Problem

Yes you can use the Powershell commands,

Get-DistributionGroupMember –identity “group name” | ft name, primarysmtpaddress

But you have to do that for every group and I’ve tried Piping the Get-DistributionGroup in there but it does not seem to want to work 🙁

Solution

1. Download this script and extract it to the root of the Exchange servers C: drive.

2. On the Exchange server > Click > Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.

3. Issue the following command cd “c:” {enter}

4. Issue the following command ./all_members.ps1 {enter}

5. On the Exchange Server navigate to C:Exchange_Groups.csv (open with Microsoft Excel).

Possible problem;

Powershell Scrpt signing Policy

Change scipt execution policy with a set execution command.

Depending on your script signing policy, you might see.

File {path} cannot be loaded the file {path} is not digitally signed. The script will not execute on the system. Please see “get-help about_signing” for more details..

If you see this enter the following,

Get-ExecutionPolicy {enter}

It will say Restricted, Remote Signed or All Signed “Take Note”

Issue the following command

Set-ExecutionPolicy Unrestricted {enter}

Then run the all_member script, when finished change it back with

Set-ExecutionPolicy {what it was earlier}{enter}

 

Related Articles, References, Credits, or External Links

All Credit to Jon-Alfred Smith – Who put the script here