Last active
October 18, 2017 14:19
-
-
Save kevinblumenfeld/f846bb9b5d4b3e9f205b746c26b886ed to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param ( | |
| [Parameter(Mandatory = $True)] | |
| $givenname, | |
| [Parameter(Mandatory = $True)] | |
| $surname, | |
| [Parameter(Mandatory = $True)] | |
| $template, | |
| [Parameter(Mandatory = $False)] | |
| $password = "contoso2830!!", | |
| [Parameter(Mandatory = $False)] | |
| $changepw = $true, | |
| [Parameter(Mandatory = $False)] | |
| $ou | |
| ) | |
| <# | |
| .SYNOPSIS | |
| 1. Copies the properties of an existing AD User to a new AD User | |
| 2. Enables the ADUser as a Remote Mailbox in Office 365 | |
| 3. Replicates the changes throughout Active Directory (AD) | |
| 4. Syncs changes to Office 365 with Azure AD Connect (AADC) | |
| Must be run (run as administrator) from Exchange Management Shell (EMS) on Exchange 2016 or later ... | |
| ########## | |
| # ...OR a jump box configured like so: | |
| # RSAT and Exchange Management Tools and PowerShell 5.1 or higher | |
| # Must be run from Exchange Management Shell (EMS) where PowerShell 5.1 is installed | |
| # Change EMS shortcut to -version 5.0 like so: | |
| # C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 5.0 -noexit -command ". 'D:\ex2010\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto" | |
| ########## | |
| .EXAMPLE | |
| .\Create-RemoteMailboxFromADTemplate.ps1 -givenname Kevin -surname White -template SmithJ | |
| #> | |
| ####################################### | |
| # Copy ADUser (Template) & Create New # | |
| ####################################### | |
| Import-Module ActiveDirectory | |
| $domainController = "SV001-DC03.contoso.local" | |
| $name = $surname + ", " + $givenname | |
| $samaccountname = $surname + $($givenname[0]) | |
| $userprincipalname = $surname + "-" + $givenname + "@contoso.com" | |
| $password_ss = ConvertTo-SecureString -String $password -AsPlainText -Force | |
| $template_obj = Get-ADUser -Identity $template -Server $domainController | |
| $groupMembership = Get-ADUser -Identity $template -Server $domainController -Properties memberof | select -ExpandProperty memberof | |
| $ou = (Get-ADOrganizationalUnit -Server $domainController -filter * -SearchBase (Get-ADDomain).distinguishedname -Properties canonicalname | | |
| where {$_.canonicalname -notmatch "do not migrate" -and $_.canonicalname -match "Users" | |
| } | Select canonicalname, distinguishedname| sort canonicalname | | |
| Out-GridView -PassThru -Title "Choose OU where to create the new user and click OK").distinguishedname | |
| $params = @{ | |
| "Instance" = $template_obj | |
| "Name" = $name | |
| "DisplayName" = $name | |
| "GivenName" = $givenname | |
| "SurName" = $surname | |
| "SamAccountName" = $samaccountname | |
| "UserPrincipalName" = $userprincipalname | |
| "AccountPassword" = $password_ss | |
| "ChangePasswordAtLogon" = $changepw | |
| "Path" = $ou | |
| } | |
| New-ADUser @params -enabled:$true -Server $domainController | |
| $groupMembership | % {Add-ADGroupMember -Server $domainController -Identity $_ -Members $samaccountname} | |
| # Purge old jobs | |
| Get-Job | where {$_.State -ne 'Running'}| Remove-Job | |
| Start-Job -ScriptBlock { | |
| # Force Replication on each Domain Controller in the Forest | |
| $domainController = "SV001-DC03.contoso.local" | |
| $session = New-PSSession -ComputerName $domainController | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ActiveDirectory'} | |
| Invoke-Command -Session $session -ScriptBlock {((Get-ADForest).Domains | % { Get-ADdomainController -Filter * -Server $_ }).hostname | % {repadmin /syncall /APeqd $_}} | |
| Remove-PSSession $session | |
| # Force Sync from AD to Office 365 with Azure AD Connect | |
| $aadComputer = "SV001-ADCON01.contoso.local" | |
| $session = New-PSSession -ComputerName $aadComputer | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ADSync'} | |
| Invoke-Command -Session $session -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} | |
| Remove-PSSession $session | |
| } | |
| ####################################### | |
| # Enable Remote Mailbox in Office 365 # | |
| ####################################### | |
| $tenant = "@contosollc.mail.onmicrosoft.com" | |
| Enable-RemoteMailbox -DomainController $domainController -Identity $samaccountname -RemoteRoutingAddress ($samaccountname + $tenant) -Alias $samaccountname | |
| ####################################### | |
| # Replicate AD & Sync with Office365 # | |
| ####################################### | |
| Start-Job -ScriptBlock { | |
| ### Post creation of Remote Mailbox - Force Replication on each Domain Controller in the Forest ### | |
| $domainController = "SV001-DC03.contoso.local" | |
| $session = New-PSSession -ComputerName $domainController | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ActiveDirectory'} | |
| Invoke-Command -Session $session -ScriptBlock {((Get-ADForest).Domains | % { Get-ADdomainController -Filter * -Server $_ }).hostname | % {repadmin /syncall /APeqd $_}} | |
| Remove-PSSession $session | |
| ### Post creation of Remote Mailbox - Force Sync from AD to Office 365 with Azure AD Connect ### | |
| $aadComputer = "SV001-ADCON01.contoso.local" | |
| $session = New-PSSession -ComputerName $aadComputer | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ADSync'} | |
| Invoke-Command -Session $session -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} | |
| Remove-PSSession $session | |
| } | |
| ####################################### | |
| # Wait 30 Seconds, Rep/Sync again # | |
| ####################################### | |
| Start-Job -ScriptBlock { | |
| Start-Sleep -Seconds 30 | |
| ### Post creation of Remote Mailbox - Force Replication on each Domain Controller in the Forest ### | |
| $domainController = "SV001-DC03.contoso.local" | |
| $session = New-PSSession -ComputerName $domainController | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ActiveDirectory'} | |
| Invoke-Command -Session $session -ScriptBlock {((Get-ADForest).Domains | % { Get-ADdomainController -Filter * -Server $_ }).hostname | % {repadmin /syncall /APeqd $_}} | |
| Remove-PSSession $session | |
| ### Post creation of Remote Mailbox - Force Sync from AD to Office 365 with Azure AD Connect ### | |
| $aadComputer = "SV001-ADCON01.contoso.local" | |
| $session = New-PSSession -ComputerName $aadComputer | |
| Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ADSync'} | |
| Invoke-Command -Session $session -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} | |
| Remove-PSSession $session | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment