Created
October 18, 2017 18:31
-
-
Save kevinblumenfeld/8d2810583fa9cf154853c70ed0edde64 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param ( | |
| [Parameter(Mandatory = $True)] | |
| $givenname, | |
| [Parameter(Mandatory = $True)] | |
| $surname, | |
| [Parameter(Mandatory = $False)] | |
| $storeNum, | |
| [Parameter(Mandatory = $False)] | |
| $mobile, | |
| [Parameter(Mandatory = $False)] | |
| $description, | |
| [Parameter(Mandatory = $True)] | |
| $template, | |
| [Parameter(Mandatory = $False)] | |
| $password = "Contoso2830!!", | |
| [Parameter(Mandatory = $False)] | |
| $changepw = $true, | |
| [Parameter(Mandatory = $False)] | |
| $ou | |
| ) | |
| <# | |
| .SYNOPSIS | |
| 1. Copies the properties of an existing AD User to a new AD User | |
| 2. Enables the ADUser as a Remote Mailbox in Office 365 | |
| 3. Replicates the changes throughout Active Directory (AD) | |
| 4. Syncs changes to Office 365 with Azure AD Connect (AADC) | |
| Must be run (run as administrator) from Exchange Management Shell (EMS) on Exchange 2016 or later ... | |
| ########## | |
| # ...OR a jump box configured like so: | |
| # RSAT and Exchange Management Tools and PowerShell 5.1 or higher | |
| # Must be run from Exchange Management Shell (EMS) where PowerShell 5.1 is installed | |
| # Change EMS shortcut to -version 5.0 like so: | |
| # C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 5.0 -noexit -command ". 'D:\ex2010\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto" | |
| ########## | |
| .EXAMPLE | |
| .\Create-RemoteMailboxFromADTemplate.ps1 -givenname Kevin -surname White -template SmithJ | |
| #> | |
| ####################################### | |
| # Copy ADUser (Template) & Create New # | |
| ####################################### | |
| Import-Module ActiveDirectory | |
| $template_obj = Get-ADUser -Identity $template -Server $domainController -Properties Enabled, StreetAddress, City, State, PostalCode, MemberOf | |
| $groupMembership = Get-ADUser -Identity $template -Server $domainController -Properties memberof | select -ExpandProperty memberof | |
| ######################################### | |
| # Take user input & prep for New ADUser # | |
| ######################################### | |
| $domainController = "SV001-DC03.Contoso.local" | |
| $name = $surname + ", " + $givenname | |
| $samaccountname = ($surname).replace(" ","") + $($givenname[0]) | |
| $userprincipalname = ($surname).replace(" ","") + "-" + ($givenname).replace(" ","") + "@Contoso.com" | |
| $password_ss = ConvertTo-SecureString -String $password -AsPlainText -Force | |
| $ou = (Get-ADOrganizationalUnit -Server $domainController -filter * -SearchBase (Get-ADDomain).distinguishedname -Properties canonicalname | | |
| where {$_.canonicalname -notmatch "do not migrate" -and $_.canonicalname -match "Users" | |
| } | Select canonicalname, distinguishedname| sort canonicalname | | |
| Out-GridView -PassThru -Title "Choose OU where to create the new user and click OK").distinguishedname | |
| $params = @{ | |
| "Instance" = $template_obj | |
| "Name" = $name | |
| "DisplayName" = $name | |
| "GivenName" = $givenname | |
| "SurName" = $surname | |
| "OfficePhone" = $storeNum | |
| "mobile" = $mobile | |
| "description" = $description | |
| "SamAccountName" = $samaccountname | |
| "UserPrincipalName" = $userprincipalname | |
| "AccountPassword" = $password_ss | |
| "ChangePasswordAtLogon" = $changepw | |
| "Path" = $ou | |
| } | |
| ######################################### | |
| # Create New ADUser # | |
| ######################################### | |
| New-ADUser @params -Server $domainController | |
| $groupMembership | Add-ADGroupMember -Server $domainController -Members $samaccountname | |
| # Purge old jobs | |
| Get-Job | where {$_.State -ne 'Running'}| Remove-Job | |
| ####################################### | |
| # Enable Remote Mailbox in Office 365 # | |
| ####################################### | |
| $tenant = "@Contosollc.mail.onmicrosoft.com" | |
| Enable-RemoteMailbox -DomainController $domainController -Identity $samaccountname -RemoteRoutingAddress ($samaccountname + $tenant) -Alias $samaccountname | |
| ######################################## | |
| # Job to Sleep 60 Sec & Sync with O365 # | |
| ######################################## | |
| Start-Job -ScriptBlock { | |
| Start-Sleep -Seconds 60 | |
| $aadComputer = "SV001-ADCON01.Contoso.local" | |
| $session = New-PSSession -ComputerName $aadComputer | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ADSync'} | |
| Invoke-Command -Session $session -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} | |
| Remove-PSSession $session | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment