AD Migration with powershell and fun for all.

AD migration and Powershell more fun than…

In the Beginning

We did not decide to change our Active Directory (AD) structure,  as much as we were placed in a position where we would be stupid not to change the structure. Our HR/Payroll system wanted to go paperless and to do so each employee would have to have an AD logon. Our logons were based on first initial + lastname + number 1-10. There was no way we could map from the HR/payroll system to our AD and back. So we opted to change everyone to use their employee number, a number that our HR system creates.

Since HR needed the new logons to be done and everyone converted in about 30 days. We opted to create a new logon based on employee number for everyone. Then we could move OU by OU deleting the new employee number logon and changing the users old logon to match. We found this kept us from having to create new profiles. We used a third party webpage software to allow the end user to reset thier own password, since the HR software would not work if we set the account to change password on first login. (note accounts which went unchanged were disabled, we really had to push to get that one)

The following is the powershell script we used to create all the HR accounts needed.


$userimport = Import-Csv h:\csv.csv
$OUroot = 'xxxx.com/OU/'

foreach ( $i in $userimport)
{
$testuserexist = (get-qaduser -samaccountname $i.samaccountname)
if ($testuserexist)
{ "Found " + $i.samaccountname

Add-Content h:\exist.txt ("The Account Already exists : " + $i.samaccountname + "," + $i.lastname)
}
Else
{"Not Found"

$testouexist = (get-qadobject -Name $i.department -type organizationalUnit)
if ($testouexist)
{
}
ELSE
{
Try {
"No OU"
New-QADObject -ParentContainer xxxx.com/OU' -Type 'organizationalUnit' -name $i.department
"The directory does not exist"
}

Catch {
[system.exception]
#Add-Content h:\error.log ("The OU is wrong : " + $i.department)
$fullerror = ( $displayname + "," + $i.title + "," + $i.phonenumber + "," + $i.samaccountname)
add-content h:\error.log $error
add-content h:\error.log $fullerror
$error.clear()
}
Finally {

}
}

$OUlocation = ($OUroot + $i.department)
$password = ($i.samaccountname + $i.password)
$displayname = ("ESS-" + (Get-Culture).TextInfo.ToTitleCase($i.lastname) + ", " + (Get-Culture).TextInfo.ToTitleCase($i.firstname))
Try {
0 + $i.samaccountname | Out-Null
New-qaduser -name $displayname -SamAccountName $i.samaccountname -ParentContainer $OUlocation -userpass $password
get-qaduser -SamAccountName $i.samaccountname | set-qaduser -company $i.Company `
-department $i.department -displayname $displayname `
-lastname $i.lastname -samaccountname $i.samaccountname `
-UserPrincipalName ($i.samaccountname + "@Selfregional.org")
}
Catch {
[system.exception]
#Add-Content h:\error.log ("The user is wrong : " + $i.samaccountname + "," + $i.department + $displayname)
$fullerror = ( $displayname + "," + $i.title + "," + $i.phonenumber + "," + $i.samaccountname)
add-content h:\error.log $error
add-content h:\error.log $fullerror
}
Finally {

$error.clear()

}

Try {
enable-qaduser -identity $i.samaccountname
"User Name : " + $i.samaccountname
Add-Content h:\notexist.txt ("The Account has been Created : " + $i.samaccountname + "," + $i.lastname + "," + $password)
}
Catch {
[system.exception]
#Add-Content h:\error.log ("The user is wrong : " + $i.samaccountname + "," + $i.department + $displayname)
$fullerror = ( $displayname + "," + $i.title + "," + $i.phonenumber + "," + $i.samaccountname)
add-content h:\error.log $error
add-content h:\error.log $fullerror
}
Finally {

$error.clear()

}

}
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: