Tweaks to Create-LabUsers
I mentioned in a previous blog post (setting up the homelab) that I used an excellent script from Aaron Guilmette to populate active directory (https://blogs.technet.microsoft.com/undocumentedfeatures/tag/create-labusers/)
There were a few tweaks that I made along the way, based on previous bulk user management trials and tribulations!
A further update can be found here: https://jc-nts.blogspot.com/2018/06/updating-create-labusers-take-two.html
Skype for Business updates can be found here: http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html
Always connect to the same domain controller
Creating a small number of accounts (with associated mailboxes, enabling for Lync/Skype for Business) in a large environment can produce unexpected problems, like not finding the account you have just created! In my experience, it turns out this was down to replication in AD. Two possible solutions are to build in delays to the script (not practical) or make sure the objects in AD can be found. Fortunately most commands allow you to specify the DC to connect to.
I've updated the script to autodetect the PDC and connect to it.
Replace
and add the -DomainController and -Server parameters to the following (remembering to add the backtick character ` on the preceding line as required):
Emailing
One of the great features of the script is that it populates the mailboxes with data. Using the Send-MailMessage can be slow, so this was replaced by net.mail.smtp client object Replace (comment out) the Send-MailMessage command (around line 853) in the InflateMailbox function with
I also run Skype for Business in my test lab, so I have added this functionality in too
(See the blog post http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html)
Other tweaks
There were a couple of tweaks made, using less than or equal (-le) rather than less than (-lt) which meant accounts were being created, 1 short (ie 9 instead of 10).
(search for -lt and replace with -le)
I also run in a sub domain, but the script doesn't handle this well (searches only 2 'DC=' deep while looking for OU - ie 'dc=domain,dc=com' works fine but 'dc=homelab,dc=domain,dc=com' fails to create the OUs, so this was tweaked.
There were a few tweaks that I made along the way, based on previous bulk user management trials and tribulations!
A further update can be found here: https://jc-nts.blogspot.com/2018/06/updating-create-labusers-take-two.html
Skype for Business updates can be found here: http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html
Always connect to the same domain controller
Creating a small number of accounts (with associated mailboxes, enabling for Lync/Skype for Business) in a large environment can produce unexpected problems, like not finding the account you have just created! In my experience, it turns out this was down to replication in AD. Two possible solutions are to build in delays to the script (not practical) or make sure the objects in AD can be found. Fortunately most commands allow you to specify the DC to connect to.
I've updated the script to autodetect the PDC and connect to it.
Replace
# Groups parameters [switch]$CreateGroupswith
# Groups parameters [switch]$CreateGroups, #Domain controller for consistency [string]$DomainController=(Get=ADDomainController -Discover -Service PrimaryDC).hostname
and add the -DomainController and -Server parameters to the following (remembering to add the backtick character ` on the preceding line as required):
-DomainController $DomainControllerto the following commands
New-Mailbox Set-Mailbox Get-Mailbox Add-MailboxFolderPermission Add-MailboxPermission Get-MailboxDatabase Enable-DistributionGroup Add-MailboxPermission
-Server $DomainControllerto the following commands
New-ADUser Get-ADUser Set-ADUser New-ADGroup Get-ADGroup Set-ADGroup Get-ADOrganizationalUnit Set-ADOrganizationalUnit Add-ADGroupMember Get-ADGroupMember
Emailing
One of the great features of the script is that it populates the mailboxes with data. Using the Send-MailMessage can be slow, so this was replaced by net.mail.smtp client object Replace (comment out) the Send-MailMessage command (around line 853) in the InflateMailbox function with
#Send-MailMessage -To $Recipients -From $($User.PrimarySmtpAddress) -Body $Body -SmtpServer $SmtpServer -Subject $Subject -ea silentlycontinue -wa silentlycontinue Write-Log -LogFile $Logfile -LogLevel INFO -ConsoleOutput -Message "Sending message [$($UserCounter) / $($TotalMessagesToSend)] with subject $($Subject) to $($Recipients.Count) recipients" $smtp=New-Object Net.Mail.SmtpClient($SmtpServer) $smtp.Send($($user.PrimarySmtpAddress),$Recipients,$Subject,$Body)Enable account for Skype for Business
I also run Skype for Business in my test lab, so I have added this functionality in too
(See the blog post http://jc-nts.blogspot.com/2018/06/update-to-create-labusers-enable-for-sfb.html)
Other tweaks
There were a couple of tweaks made, using less than or equal (-le) rather than less than (-lt) which meant accounts were being created, 1 short (ie 9 instead of 10).
(search for -lt and replace with -le)
I also run in a sub domain, but the script doesn't handle this well (searches only 2 'DC=' deep while looking for OU - ie 'dc=domain,dc=com' works fine but 'dc=homelab,dc=domain,dc=com' fails to create the OUs, so this was tweaked.
$OuDepthCount = 0 foreach ($obj in $OuFullPath) { If ($OuFullPath[$OuDepthCount] -like 'DC=*') { $Ou = $obj + "," + $Ou # Do nothing else, since Test-Path will return a referral error when querying the very top levels } Else { #Write-Host Current item is $obj $Ou = $obj + "," + $Ou $Ou=$Ou.TrimEnd(",").ToString() $OrgUnitName=$ou.substring(3,$ou.indexof(',')-3) $OrgUnitPath=$ou -replace $('ou='+$OrgUnitName+','), '' try { Get-ADOrganizationalUnit -Identity $ou -Server $DomainController | out-null } catch { Write-Host -ForegroundColor Green " Creating OU ($($Ou)) in path." #Use -PassThru to have results returned $Result=New-ADOrganizationalUnit -Name $OrgUnitName -Path $OrgUnitPath -Server $DomainController -ProtectedFromAccidentalDeletion:$False -passthru If ($Result.ObjectGuid) { Write-Log -LogFile $Logfile -LogLevel SUCCESS -Message "Created $($OU) with Guid of $($Result.objectGUID.Guid.ToString())" Set-ADOrganizationalUnit $Result.objectGUID -State $State -Server $DomainController } Else { Write-Log -LogFile $Logfile -LogLevel ERROR -Message "Failed creating $($Ou). Exiting." -ConsoleOutput; Break} } } $OuDepthCount++ }As I mentioned, this script is brilliant for populating the test lab. Aaron updates it regularly, so keep an eye out for new functionality.
Comments
Post a Comment