Set Active Directory user attributes automatically with PowerShell
Scenario:
Set Active Directory user attributes automatically with PowerShell.
During a check in Active Directory and on the details of the users I found out that a lot of information is wrong or missed. I was trying to perform some filtering and due to wrong information I was not able to. To solve my problem I wrote the below script that runs once per day and input the missing data or corrects the data according to what it was suppose to be, based on the Organizational Unit the the user belongs.
The script check and correct the data of the below attributes:
- Company
- Country
- CustomAttribute1
Let’s see some details of the script to understand what actually is doing.
First of all the script is connected in Exchange server and imports the module of Active Directory. The reason I am connecting to exchange server is to set the custom attribute of the user. The custom attribute is actually an exchange attribute of a user mailbox. Then we are retrieving the information of our users and keep them in a variable. After that I set the values that I want to be based on the Organizational Unit of the user. Afterwords a check is performed for each user if it meets that values that I want the users to have. If the value is empty or something is missing the script changes the value to the correct one.
As I have mentioned before, custom attribute is an exchange attribute. So before any check on the attribute I have to check if the user is mail enabled. If you will not check if the user is mail enabled then the script will try to change custom attribute for all users, if through they do not have a mailbox and you will receive errors. As you will find in the script I am using two different ways of setting the custom attribute. This needs to be done if you have a Hybrid Environment for your Exchange. The users that are under Exchange On-Premise you have to use the set-mailuser command. For the users that they belong to Exchange Online (Office365), based on the Hybrid environment you have to set the change on Exchange On-Premise and the change will be synced to Office365. As you will see the set-remotemailbox command is used on Exchange On-Premise for the change of custom attribute on those users.
After all the changes are done, if there are any, a report will be sent to me let me know the user that the change was on and provide me the values that have been set for that user. If there will be any errors while the script is running, Another email will be send providing me those errors, so I will be able to check what went wrong and manually perform some actions to correct the errors.
You can download the script here or copy it from below.
Comment below for any questions you may have or anything else that you want.
Related Links:
- Email error variable in PowerShell
- Send Email using PowerShell
- Encrypt password with key using PowerShell
- New-PSSession – Microsoft Docs
- Import-PSSession – Microsoft Docs
- Import-Module – Microsoft Docs
- Get-Content – Microsoft Docs
- ConvertTo-SecureString – Microsoft Docs
- New-Object – Microsoft Docs
- Get-ADUser – Microsoft TechNet
- Set-ADUser – Microsoft TechNet
- Get-Recipient – Microsoft TechNet
- Get-MailUser – Microsoft TechNet
- Set-MailUser – Microsoft TechNet
- Get-RemoteMailbox – TechNet – Microsoft
- Set-RemoteMailbox – Microsoft TechNet
- Send-MailMessage – Microsoft Docs
- Get-Date – Microsoft Docs
Solution / Script:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange-server.domain.com/PowerShell/ -Authentication Kerberos
Import-PSSession $Session
import-module ActiveDirectory
cd ad:
$File = "C:\Scripts\Password.txt"
$Key = (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32)
$EmailUser = "Script-User@domain.com"
$Password = Get-Content $File | ConvertTo-SecureString -Key $Key
$EmailCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $EmailUser,$Password
$To = 'User1@domain.com'
$From = 'Script-User@domain.com'
$EmailResult = ""
$Users = Get-ADUser -Filter * -SearchBase "OU=Offices,DC=domain,DC=com" -Properties *
$Company = ""
$Country = ""
$CustomAttribute1 = ""
foreach ($User in $Users) {
cd ad:
if ($User.CanonicalName -like "domain.com/Offices/Cyprus/*") {
$Company = "CY Company Name"
$Country = "CY"
$CustomAttribute1 = "Cyprus"
}
elseif ($User.CanonicalName -like "domain.com/Offices/Germany/*") {
$Company = "DE Company Name"
$Country = "DE"
$CustomAttribute1 = "Germany"
}
elseif ($User.CanonicalName -like "domain.com/Offices/India/*") {
$Company = "IN Company Name"
$Country = "IN"
$CustomAttribute1 = "India"
}
elseif ($User.CanonicalName -like "domain.com/Offices/Singapore/*") {
$Company = "SG Company Name"
$Country = "SG"
$CustomAttribute1 = "Singapore"
}
elseif ($User.CanonicalName -like "domain.com/Offices/UnitedKingdom/*") {
$Company = "UK Company Name"
$Country = "UK"
$CustomAttribute1 = "United Kingdom"
}
else {
$Company = ""
$Country = ""
$CustomAttribute1 = ""
}
$EmailCompany = ""
$EmailCountry = ""
$EmailCustomAttribute1 = ""
if ($User.Company -ne $Company) {
Set-ADUser -Identity $User -Company $Company
$EmailCompany = $Company
}
if ($User.Country -ne $Country) {
Set-ADUser -Identity $User -Country $Country
$EmailCountry = $Country
}
if ($User.mail -ne $null) {
cd c:
$UserUPN = $User.UserPrincipalName
$UserType = (Get-Recipient $UserUPN).RecipientTypeDetails
if ($UserType -eq "MailUser") {
$UserCustomAttribute1 = (Get-MailUser $UserUPN).CustomAttribute1
if ($UserCustomAttribute1 -ne $CustomAttribute1) {
Set-MailUser $UserUPN -CustomAttribute1 $CustomAttribute1
$EmailCustomAttribute1 = $CustomAttribute1
}
}
else {
$UserCustomAttribute1 = (Get-RemoteMailbox $UserUPN).CustomAttribute1
if ($UserCustomAttribute1 -ne $CustomAttribute1) {
Set-RemoteMailbox $UserUPN -CustomAttribute1 $CustomAttribute1
$EmailCustomAttribute1 = $CustomAttribute1
}
}
}
$UserSamAccountName = $User.SamAccountName
if (($EmailCompany -ne "") -or ($EmailCountry -ne "") -or ($EmailCustomAttribute1 -ne "")) {
$EmailTemp = @"
<tr>
<td class="colorm">$UserSamAccountName</td>
<td>$EmailCompany</td>
<td>$EmailCountry</td>
<td>$EmailCustomAttribute1</td>
</tr>
"@
$EmailResult = $EmailResult + "`r`n" + $EmailTemp
}
}
$EmailUp = @"
<style>
body { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; color:#434242;}
TABLE { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TR {border-width: 1px;padding: 10px;border-style: solid;border-color: white; }
TD {font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;padding: 10px;border-style: solid;border-color: white; background-color:#C3DDDB;}
.colorm {background-color:#58A09E; color:white;}
.colort{background-color:#58A09E; padding:20px; color:white; font-weight:bold;}
.colorn{background-color:transparent;}
</style>
<body>
<h3>Script has been completed successfully</h3>
<h4>Company, Country or CustomAttribute1 has been updated for the below users:</h4>
<table>
<tr>
<td class="colort">User</td>
<td class="colort">Company</td>
<td class="colort">Country</td>
<td class="colort">CustomAttribute1</td>
</tr>
"@
$EmailDown = @"
</table>
</body>
"@
$Email = $EmailUp + $EmailResult + $EmailDown
if ($EmailResult -ne "") {
send-mailmessage `
-To $To `
-Subject "Users Set Company, Country and CustomAttribute1 Report $(Get-Date -format dd/MM/yyyy)" `
-Body $Email `
-BodyAsHtml `
-Priority high `
-UseSsl `
-Port 587 `
-SmtpServer 'smtp.office365.com' `
-From $From `
-Credential $EmailCredentials
}
if ($error -ne $null) {
foreach ($value in $error) {
$ErrorEmailTemp = @"
<tr>
<td class="colorm">$value</td>
</tr>
"@
$ErrorEmailResult = $ErrorEmailResult + "`r`n" + $ErrorEmailTemp
}
$ErrorEmailUp = @"
<style>
body { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; color:#434242;}
TABLE { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TR {border-width: 1px;padding: 10px;border-style: solid;border-color: white; }
TD {font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;padding: 10px;border-style: solid;border-color: white; background-color:#C3DDDB;}
.colorm {background-color:#58A09E; color:white;}
.colort{background-color:#58A09E; padding:20px; color:white; font-weight:bold;}
.colorn{background-color:transparent;}
</style>
<body>
<h3 style="color:#BD3337 !important;"> WARNING!!!</h3>
<p>There were errors during users attributes changes check</p>
<p>Please check the errors and act accordingly</p>
<table>
"@
$ErrorEmailDown = @"
</table>
</body>
"@
$ErrorEmail = $ErrorEmailUp + $ErrorEmailResult + $ErrorEmailDown
send-mailmessage `
-To $To `
-Subject "Users Set Company, Country and CustomAttribute1 Report $(Get-Date -format dd/MM/yyyy) - WARNING" `
-Body $ErrorEmail `
-BodyAsHtml `
-Priority high `
-UseSsl `
-Port 587 `
-SmtpServer 'smtp.office365.com' `
-From $From `
-Credential $EmailCredentials
}
Leave a Reply