Active Directory

Powershell AD module for Windows 7

Install msi

https://www.microsoft.com/en-us/download/details.aspx?id=7887

Activate Windows Feature

  • Remote Server Administration Tools
    • Role Administration Tools
      • AD DS and AD LDS Tools
        • Active Directory Module for Windows Powershell

Activate module

With administrator powershell

Import-Module ActiveDirectory

Another option

Get-Module -ListAvailable | Import-Module

Running homemade script

If you to develop in a .ps1 file with PowerShell ISE & don't want to sign stuff yet, allow script execution policy

Set-ExecutionPolicy Unrestricted

And agree to the prompt

Powershell basic stuff

Loop

ForEach ($user in $users) {
    ...
}

Output

Console output

Write-Host --NoNewLine
Write-Ouput

Specific level output (Debug, Information, Warning, ...)

    Write-Information ($user.GivenName + " " + $user.Surname + " = " + $user.UserPrincipalName + " = " + $DC2eMail)

For those levels to be printed, each one need an environment variable to be set. And set as silently not to be printed. And there are other options, -Stop, -Suspend

$DebugPreference = "Continue"
$DebugPreference = "SilentlyContinue"

More about an object

Getting all user field

Get-ADUser -Filter *| Get-Member

Get Users

All users in a variable for the local domain

$users = Get-ADUser -Filter *

A specific user on a remote domain through one of its DC server

Get-ADUser -Server pirlific01.arsoe-bretagne.com -Filter {GivenName -eq "Rémy" -and Surname -eq "Garrigue"}

Getting email list. -Properties mail add mail to the output, otherwise UserPrincipalName is the email but that's not given for all AD.

Get-ADUser -Filter * -Properties mail | Select-Object mail

Alternative syntax with ()

(Get-ADUser -Filter * -Properties mail).mail

Formatted as a table (there's also Format-Custom for ~json, Format-List, ...). Relevant options : -AutoSize -Wrap, -GroupBy

Get-ADUser -Filter * -Properties mail | Format-Table SAMAccountName,mail

CSV Output

New-Object -TypeName PSCustomObject -Property @{
       Email1 = $user.UserPrincipalName
       Email2 = $DC2eMail 
   } | Export-Csv -Append -NoTypeInformation -Path $OutputFilePath -Delimiter ';'

Example script

# Matching emails between two AD

# Enable/Disable Output as environment variable
$DebugPreference = "Continue"
# $DebugPreference = "SilentlyContinue"
# $InformationPreference = "Continue"
$InformationPreference = "SilentlyContinue"

# Variables
$OutputFilePath = [Environment]::GetFolderPath("Desktop")+"/Emails.csv"
$NotFoundOutputFilePath = [Environment]::GetFolderPath("Desktop")+"/Emails-NotFound.csv"
$DC1 = "NEWDC.company.com"
$DC2 = "OLDDC01.company.com"
$DC3 = "OLDDC02.company.com"

Remove-Item -Path $OutputFilePath -ErrorAction SilentlyContinue
Remove-Item -Path $NotFoundOutputFilePath -ErrorAction SilentlyContinue

$users = Get-ADUser -Server $DC1 -Filter *
ForEach ($user in $users) {

    # If there's a GivenName and Surname set for this user in local domain 
    if ($user.GivenName -and $user.Surname) {
        
        # Find the email in 2nd domain defined by one of it's AD's DC server
        $DC2eMail = (Get-ADUser -Server $DC2 -Filter {(GivenName -eq $user.GivenName) -and (Surname -eq $user.Surname)}).UserPrincipalName                

        # If there's an email defined for this user in 2nd domain
        if ($DC2eMail) {

            # This is ugly : we might have two emails for some user. We pick the shortest one...
            if ($DC2eMail.GetType().FullName -eq "System.Object[]") {                
                if ($DC2eMail[0].length -gt $DC2eMail[1].length) {
                    $DC2eMail = $DC2eMail[1]
                } else {
                    $DC2eMail = $DC2eMail[0]
                }
                Write-Debug ("DC2eMail is an array, picked shortest value which is " + $DC2eMail)
            }
            Write-Information ($user.GivenName + " " + $user.Surname + " = " + $user.UserPrincipalName + " = " + $DC2eMail)

            # Output to CSV
            New-Object -TypeName PSCustomObject -Property @{
                Email1 = $user.UserPrincipalName
                Email2 = $DC2eMail 
            } | Export-Csv -Append -NoTypeInformation -Path $OutputFilePath -Delimiter ';'

        } else {
            $DC3eMail = (Get-ADUser -Server $DC3 -Filter {(GivenName -eq $user.GivenName) -and (Surname -eq $user.Surname)}).UserPrincipalName                

            if ($DC3eMail) {

            # This is ugly : we might have two emails for some user. We pick the shortest one...
            if ($DC3eMail.GetType().FullName -eq "System.Object[]") {                
                if ($DC3eMail[0].length -gt $DC3eMail[1].length) {
                    $DC3eMail = $DC3eMail[1]
                } else {
                    $DC3eMail = $DC3eMail[0]
                }
                Write-Debug ("DC3eMail is an array, picked shortest value which is " + $DC3eMail)
            }
            Write-Information ($user.GivenName + " " + $user.Surname + " = " + $user.UserPrincipalName + " = " + $DC3eMail)

            # Output to CSV
            New-Object -TypeName PSCustomObject -Property @{
                Email1 = $user.UserPrincipalName
                Email2 = $DC3eMail 
            } | Export-Csv -Append -NoTypeInformation -Path $OutputFilePath -Delimiter ';'

            } else {
                # Output 'Not Found' to another CSV
                New-Object -TypeName PSCustomObject -Property @{
                    Email1 = $user.UserPrincipalName            
                } | Export-Csv -Append -NoTypeInformation -Path $NotFoundOutputFilePath -Delimiter ';'

                Write-Information ("No or bad email in " + $DC2 + " for " + $user.GivenName + " " + $user.Surname)
            }
        }
    }  
}
Active Directory
Share this