ad_exchange

40 Common Actions For Active Directory and Exchange User Accounts

[INSTALL]

In a Powershell 5, or 7 Terminal Session (PowerShell 7 is a lot better choice)

Install the Cimitra's Active Directory and Exchange Script with the command below. Copy and paste command below in your PowerShell terminal on a Windows Server that has the Cimitra Agent for Windows installed. This same Windows Server should also be an Active Directory Domain Controller.

iwr https://git.io/Jc5YN | iex

Go to the directory c:\cimitra\scripts\ad

cd c:\cimitra\scripts\ad

Run: ./cimitra_active_directory_and_exchange.ps1

Edit the settings.cfg file to specify the Exclude Group. See more about the Exclude Group below.

[SCRIPT PURPOSE]

This script allows for dozens of modifications you can make to Active Directory and Exchange User accounts. For example, you can create a user in Active Directory or Exchange, and set several of their attributes at the time of the user creation event.

Or you can modify only one or some attributes of an existing Active Directory or Exchange User account.

Here is how you could create a user in Active Directory, and add several attributes to that user.

.\cimitra_active_directory_and_exchange.ps1 -AddToActiveDirectory -FirstName "Bob" -LastName "Jones" -ContextIn "OU=ADMINISTRATION,OU=DEMOUSERS,DC=cimitrademo,DC=com" -SamAccountName "bjones" -Title "Controller" -DefaultPassword "abc_4242" -ManagerFirstName "Steve" -ManagerLastName "McQueen" -ManagerContext "OU=ADMINISTRATION,OU=DEMOUSERS,DC=cimitrademo,DC=com" -Description "Accounting Department Employee" -OfficePhone "801-111-2222" -MobilePhone "801-333-3333" -ExpirationDate "02/20/2035"

Tested and developed on a Windows 2016 and Windows 2019 Server Initially released on April 28th, 2021

Here are the actions you can take with this script.

Add User to Active Directory
Add User to Exchange
Rename Active Directory User's SamAccountName
Change Exchange User's First Name
Change Exchange User's Last Name
Change Active Directory User's First Name
Change Active Directory User's Last Name
Modify Active Directory User's Mobile Phone Number
Modify Active Directory User's Office Phone Number
Modify Active Directory User's Title
Modify Active Directory User's Description
Modify Active Directory User's Manager
Modify Active Directory User's Department
Add an Active Directory User to an Active Directory Group by the Group GUID
Add an expiration date to an Active Directory User account
Remove the expiration date from an Active Directory User account
Enable an Active Directory User account
Disable an Active Directory User account
Unlock an Active Directory User account
Determine which Active Directory User accounts are in a locked state
Change the Password on an Active Directory User account
Check the Password change date on an Active Directory User account
Get account access info on an Active Directory User account
Get a report of several attributes on an Active Directory User account
Find all information about an Active Directory Group
List all users in an Active Directory tree
List all Users in a certain context in an Active Directory tree
List all Disabled Users in an Active Directory tree
List all Disabled Users in an Active Directory tree context
List all Expired Users in an Active Directory tree
List all Expired Users in an Active Directory tree context
List all Users in an Active Directory tree who have not logged in
List all Users in an Active Directory tree context who have not logged in
List all Users in an Active Directory tree who are locked out
Remove an Active Directory User from an Active Directory Group by Group GUID
Remove an Active Directory User from a comma-separted list of Active Directory Groups by Group GUID
Add an Active Directory User to a comma-separated list of Active Directory Groups by Group GUID
Remove an Active Directory user
Search for a user object, choosing attributes of the user, for example, their phone number with the full phone number specified: 801-555-1212
Wildcard Search for a user object, choosing partial attributes of the user, for example, search for their their phone number with: 801-555

ADDITIONAL FUNCTIONALITY

[USER SEARCH]

When you specify a user by their First and Last name, but don't specify the user's context, this script will search for users with the First and Last names specified. If only one user is found with that First and Last name, then that user is modified.

If there are two users with the same First and Last name, then the script will list both users and will not proceed.

[DEFAULT CONTEXT]

The "Default Context" can be specified in a configuration file called "settings.cfg". The Default Context setting in the settings.cfg file looks like this:

AD_USER_CONTEXT=OU=DEMOUSERS,OU=DEMO,DC=cimitrademo,DC=com

[EXCLUDE GROUP]

Users defined in a group designated as the "Exclude Group" cannot be modified by this script. The "Exclude Group" can be specified in a configuration file called "settings.cfg". The Exclude Group setting in the settings.cfg file looks like this:

AD_EXCLUDE_GROUP=35eddbe6-234f-4f94-af4c-efb0198e4247

DEPENDENCIES

The cimitra_active_directory_and_exchange.ps1 script has a dependency upon two other scripts:

config_reader.ps1 SearchForUser.ps1

These scripts should be located in the same directory as the cimitra_ad_exchange.ps1 script.

EXCHANGE ACCOUNT CREATION AND CHANGES

In order to create an Exchange Session this script requires several different inputs. For example, an encrypted password file is required. Or the Exchange domain URI. Here are examples for the required switches in order to create a user in Exchange:

.\cimitra_active_directory_and_exchange.ps1 -AddToExchange -ExchangeSecurePasswordFileIn "C:\Cimitra\Scripts\CimAgentPwd.txt" -ExchangeConnectionURIIn "http://ACME-EXCH16.acme.internal/PowerShell/" -ExchangeDomainNameIn "acme.biz" -CimitraAgentLogonAccountIn "CimitraAgent@acme.biz" -FirstName "John" -LastName "Doe" -ContextIn "OU=ADMINISTRATION,OU=DEMOUSERS,DC=cimitrademo,DC=com"

In order to encrypt the password file needed for the -ExchangeSecurePasswordFileIn switch, see this article by Adam Bertram: https://4sysops.com/archives/encrypt-a-password-with-powershell/

The ExchangePowerShell module from Microsoft must be installed in order to add and change Exchange User accounts.

Name		Name	Last commit message	Last commit date
Latest commit History 99 Commits
README.md		README.md
SearchForUser.ps1		SearchForUser.ps1
add_user_to_groups5.json		add_user_to_groups5.json
add_user_to_groups7.json		add_user_to_groups7.json
admin_modify_user5.json		admin_modify_user5.json
admin_modify_user7.json		admin_modify_user7.json
change_user_phones7.json		change_user_phones7.json
cimitra_active_directory_and_exchange.ps1		cimitra_active_directory_and_exchange.ps1
cimitra_active_directory_and_exchange.ps1_archive_6_21		cimitra_active_directory_and_exchange.ps1_archive_6_21
config_reader.ps1		config_reader.ps1
create_user5.json		create_user5.json
create_user7.json		create_user7.json
exclude_group5.json		exclude_group5.json
exclude_group7.json		exclude_group7.json
install.ps1		install.ps1
list_users5.json		list_users5.json
list_users7.json		list_users7.json
modify_user5.json		modify_user5.json
modify_user7.json		modify_user7.json
remove_user5.json		remove_user5.json
remove_user7.json		remove_user7.json
test1.json		test1.json
user_name_change5.json		user_name_change5.json
user_name_change7.json		user_name_change7.json

cimitrasoftware/ad_exchange

Folders and files

Latest commit

History

Repository files navigation

ad_exchange

About

Resources

Stars

Watchers

Forks

Languages