Tweaks to Create-LabUsers

-
I mentioned in a previous blog post (setting up the homelab) that I used an excellent script from Aaron Guilmette to populate active directory (https://blogs.technet.microsoft.com/undocumentedfeatures/tag/create-labusers/)
There were a few tweaks that I made along the way, based on previous bulk user management trials and tribulations!

A further update can be found here: https://jc-nts.blogspot.com/2018/06/updating-create-labusers-take-two.html
Skype for Business updates can be found here: http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html


 Always connect to the same domain controller
Creating a small number of accounts (with associated mailboxes, enabling for Lync/Skype for Business) in a large environment can produce unexpected problems, like not finding the account you have just created! In my experience, it turns out this was down to replication in AD. Two possible solutions are to build in delays to the script (not practical) or make sure the objects in AD can be found. Fortunately most commands allow you to specify the DC to connect to.
I've updated the script to autodetect the PDC and connect to it.

Replace 
# Groups parameters
[switch]$CreateGroups
with 
# Groups parameters
[switch]$CreateGroups,

#Domain controller for consistency
[string]$DomainController=(Get=ADDomainController -Discover -Service PrimaryDC).hostname

and add the -DomainController and -Server parameters to the following (remembering to add the backtick character ` on the preceding line as required):
-DomainController $DomainController
to the following commands 
New-Mailbox
Set-Mailbox
Get-Mailbox
Add-MailboxFolderPermission
Add-MailboxPermission
Get-MailboxDatabase
Enable-DistributionGroup
Add-MailboxPermission

-Server $DomainController
to the following commands 
New-ADUser
Get-ADUser
Set-ADUser
New-ADGroup
Get-ADGroup
Set-ADGroup
Get-ADOrganizationalUnit
Set-ADOrganizationalUnit
Add-ADGroupMember
Get-ADGroupMember

Emailing
One of the great features of the script is that it populates the mailboxes with data. Using the Send-MailMessage can be slow, so this was replaced by net.mail.smtp client object Replace (comment out) the Send-MailMessage command (around line 853) in the InflateMailbox function with 
   #Send-MailMessage -To $Recipients -From $($User.PrimarySmtpAddress) -Body $Body -SmtpServer $SmtpServer -Subject $Subject -ea silentlycontinue -wa silentlycontinue

   Write-Log -LogFile $Logfile -LogLevel INFO -ConsoleOutput -Message "Sending message [$($UserCounter) / $($TotalMessagesToSend)] with subject $($Subject) to $($Recipients.Count) recipients"
   $smtp=New-Object Net.Mail.SmtpClient($SmtpServer)
   $smtp.Send($($user.PrimarySmtpAddress),$Recipients,$Subject,$Body)
Enable account for Skype for Business
I also run Skype for Business in my test lab, so I have added this functionality in too
(See the blog post http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html)

Other tweaks
There were a couple of tweaks made, using less than or equal (-le) rather than less than (-lt) which meant accounts were being created, 1 short (ie 9 instead of 10).
(search for -lt and replace with -le)
I also run in a sub domain, but the script doesn't handle this well (searches only 2 'DC=' deep while looking for OU - ie 'dc=domain,dc=com' works fine but 'dc=homelab,dc=domain,dc=com' fails to create the OUs, so this was tweaked. 
   $OuDepthCount = 0
   foreach ($obj in $OuFullPath)
   {
      If ($OuFullPath[$OuDepthCount] -like 'DC=*')
      {
         $Ou = $obj + "," + $Ou
         # Do nothing else, since Test-Path will return a referral error when querying the very top levels
      }
      Else
      {
         #Write-Host Current item is $obj
         $Ou = $obj + "," + $Ou
         $Ou=$Ou.TrimEnd(",").ToString()
         $OrgUnitName=$ou.substring(3,$ou.indexof(',')-3)
         $OrgUnitPath=$ou -replace $('ou='+$OrgUnitName+','), ''
         try {
            Get-ADOrganizationalUnit -Identity $ou -Server $DomainController | out-null
         }
         catch
         {
            Write-Host -ForegroundColor Green "     Creating OU ($($Ou)) in path."
            #Use -PassThru to have results returned
            $Result=New-ADOrganizationalUnit -Name $OrgUnitName -Path $OrgUnitPath -Server $DomainController -ProtectedFromAccidentalDeletion:$False -passthru
            If ($Result.ObjectGuid)
            {
               Write-Log -LogFile $Logfile -LogLevel SUCCESS -Message "Created $($OU) with Guid of $($Result.objectGUID.Guid.ToString())"
               Set-ADOrganizationalUnit $Result.objectGUID -State $State -Server $DomainController
            }
            Else
            {
               Write-Log -LogFile $Logfile -LogLevel ERROR -Message "Failed creating $($Ou). Exiting." -ConsoleOutput; Break}
            }
         }
         $OuDepthCount++
      }
As I mentioned, this script is brilliant for populating the test lab. Aaron updates it regularly, so keep an eye out for new functionality.

Comments

Post a Comment

Popular posts from this blog

Skype Online and MCOValidationError

-
These user counts are incorporated into the Lync ReportHTML  from the previous post: https://jc-nts.blogspot.com/2019/05/powershell-module-reporthtml.html While doing some housekeeping for a client, I noticed that the Interpreted User Type attribute in SfBO threw up some HybridOnpremSfBUserWithMCOValidationError accounts. The full list included: DirSyncSfBUser: On-premises users which have been assigned a SfB online licence DirSyncTeamsUser: On-premises users which have been assigned a Teams licence HybridOnlineSfBUser: A user created on-premises and migrated to SfBO HybridOnpremSfBUser: A user created on-premises and enabled on-premises for Lync/Skype HybridOnpremSfBUserWithDeletedLicenses: An on-premises user has a deleted office 365 SfB licence HybridOnpremSfBUserWithMCOValidationError: An on-premises user with a domain that is not valid in your synchronised tenant PureOnlineSfBUser: Online users which have been assigned a SfB licence PureOnlineTeamsUser: Online users
Read more

SCCM 2012 R2 - Offline servicing error

-
While updating images in SCCM 2012R2 to apply recent updates to a windows 8 image, I hit the following errors: Failed to install update with error code -2146498513 InstallUpdate returned code 0x800f082f Failed to install update with ID 17242935 on the image. ErrorCode = 2095 To fix: Mount the image (.wim) file using dism: dism /mount-wim /wimfile:d:\sources\os\captures\w8x86.wim /index:2 /mountdir:c:\mount Load the registry SOFTWARE key reg load HKLM\MyKey c:\mount\windows\system32\config\software Find the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Compnent Based Servicing\SessionsPending Edit the DWORD Exclusives to value 0 (in my case it was 3) unload the registry reg unload HKLM\MyKey commit the changes to the wim dism /unmount-wim /mountdir:c:\mount /commit In SCCM, schedule the updates. Key an eye on the OfflineServicingMgr log file - you might need to do the same again. Links DISM mounting http://msdn.microsoft.com/en-us/library/ff79481
Read more

Polycom provisioning - and Zoom!

-
Updated June 2019 So I have a little downtime which means I need a little project. On my 'havent setup in the test lab yet' is a polycom provisioning service. So, off to eBay i head for some devices (naturaly) and i'm pleasantly surprised to find some VVX handsets at a very reasonable £30. On a roll, i head off to find some Trio conference devices. A step up from the CX3000 they replaced, these are nice pieces of kit. I just missed out on a trio 8800 and visual+ bundle, so with VVX501 in hand i setup a provisioning service. FTP server - filezilla - check exceptions in the firewall - allow the filezilla app through - check DHCP options (160 AND 161 for newer firmware) - check Create a config file for the MAC address (i only have a single device, after all) Remembering to disable updates from the Lync/Skype/Office365 service - I dont want a reboot loop as it updated and downgrades repeatedly. <?xml version="1.0" standalone="yes"?> <
Read more