本文共 4939 字,大约阅读时间需要 16 分钟。
这段时间需要大量地修改AD用户的一些属性,例如邮件,UPN,登录名等等,以便和Office365的登录账号保持一致。写了个简单脚本进行批量修改。
脚本执行的前提是在本地安装了AD和Office365必要的PS模块。AD是可以远程间接调用DC的PS模块,不过实际操作发现有些小bug,所以还是直接安装在本地比较省事,速度也快。
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 | #Import AD Module Import-Module activedirectory #Import Office 365 Module $Sessions = Get-PSSession if ( $Sessions .ComputerName -like "outlook.office365.com" ){ write-host "Detecting current Office365 session, skip.." -ForegroundColor Cyan } else { write-host "Starting new Office365 session" -ForegroundColor Cyan $UserCredential = Get-Credential Connect-MsolService -Credential $UserCredential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session } #Get Primary SMTP Address function Get-PrimarySMTP (){ [ CmdletBinding ()] Param ( # Param1 help description [ Parameter ( Mandatory = $true , ValueFromPipelineByPropertyName = $true , Position =0)] [string[]] $users ) $pp = $null $pp =@{ 'name' = $null ; 'primarysmtp' = $null } $obj = New-Object -TypeName psobject -Property $pp $result =@() foreach ( $user in $users ){ $info = get-aduser - Filter {name -eq $user } -Properties proxyaddresses $primarySMTPAddress = " " foreach ($address in $info.proxyAddresses) { if (($address.Length -gt 5) -and ($address.SubString(0,5) -ceq 'SMTP:') ) { $primarySMTPAddress = $address.SubString(5) break } } $objtemp=$obj | select * $objtemp.name=$info.Name $objtemp.primarysmtp=$primarySMTPAddress $result+=$objtemp } return $result } #Get AD User Informtion #$ADUsers = Get-ADUser -SearchBase " ou=mango,ou=ddb_group,ou=melbourne,dc=omnicom,dc=com,dc=au " -Properties proxyaddresses, emailaddress, displayname -Filter * Write-Host " " $uUser=Read-Host " Please input the domain name " try{ $ADUsers=get-aduser $uUser -Properties proxyaddresses, emailaddress, displayname #Change SamAccountName and UPN foreach ($ADUser in $ADUsers) { $ADUser.Name $GivenName = $ADUser.GivenName $SurName = $ADUser.Surname if (($GivenName -ne $null) -or ($SurName -ne $null)) { $newSAM = $GivenName.ToLower() + '.'+$SurName.ToLower() $oldUPN=$ADUser.UserPrincipalName $domainName= $oldUPN.Split('@')[1] $newUPN = $newSAM + '@'+$domainName write-host " Updating ADUPN: $oldupn -> $newUPN " -ForegroundColor Cyan #Change AD UPN and SamAccount Set-ADUser $ADUser -SamAccountName $newSAM -UserPrincipalName $newUPN #Change AD email $oldEmail=$ADUser.emailaddress $newEmail=$newSAM+‘@'+$oldemail.split('@')[1] write-host " Updating Email: $oldEmail -> $newEmail " -ForegroundColor Cyan set-aduser $newSAM -EmailAddress $newEmail #Change Primary SMTP $primary=Get-PrimarySMTP -users $ADUser.name | select -ExpandProperty primarysmtp Write-Host " Updating ProxyAddress.. " -ForegroundColor Cyan #Write-Host " Current Primary address is $primary " -ForegroundColor Cyan $Aduser.proxyaddresses.remove(" SMTP: "+$primary) $Aduser.proxyaddresses.add(" smtp: "+$primary) $Aduser.proxyaddresses.add(" SMTP: "+$newEmail) set-aduser $newSAM -replace @{proxyaddresses=[string[]]$ADUser.proxyaddresses} -ErrorAction Stop #Change cloud UPN. If Office365 session is not connected properly, follow commands wont' work! $oldmsolupn=Get-MsolUser -SearchString $ADUser.Name $oldmsolupn=$oldmsolupn| select -First 1 | select -ExpandProperty UserPrincipalName $newmsolupn=$newSAM+'@'+$oldmsolupn.split('@')[1] write-host " Updating MSOLUPN: $oldmsolupn -> $newmsolupn " -ForegroundColor Cyan Set-MsolUserPrincipalName -UserPrincipalName $oldmsolupn -NewUserPrincipalName $newmsolupn Write-Host "" } else{ Write-Warning " Either GivenName or Surname is Empty " } } #Confirm result Write-Host " Confirm AD Result " -ForegroundColor Cyan get-aduser $newSAM -Properties proxyaddresses,mail | select Name, SamAccountName, UserPrincipalName, proxyaddresses, mail Write-Host " Confirm O365 Result " -ForegroundColor Cyan Get-MsolUser -SearchString $ADUser.Name | select UserPrincipalName }catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{ write-host " AD User can not found " -ForegroundColor red }catch [Microsoft.ActiveDirectory.Management.ADException]{ Write-Host " User vlaue can't be updated or the specified value already exists" -ForegroundColor Red } |
修改其实都满简单地,我的脚本里面也没有写太多容错处理。修改完了之后,windows用户可能存在Profile和注册表对不上号的问题,因此还需要修改一些注册表,具体操作参考