How many users are in my AD group?

Nice simple three liner here. I often want to check how many users are in a particular group, and find it a bit annoying that ADUC doesn’t show this in the Group Properties. So to find out, run this from a Powershell window on a DC:

Import-Module ActiveDirectory
$group = Get-ADGroupMember "group name" -recursive | Select-Object name
$group.count

The second line puts all the members into a variable called $group, and if you didn’t already know, putting .count after any variable will enumerate the objects in that variable ūüôā

Happy days!

Add X500/X400/SMTP address for a list of users

This process can be reused to add (not overwrite, just append) any type of email address to a list of users. All you need is a simple CSV file with 2 rows, SamAccountName and the new email address. The example I’ve used is an X500 address, but this could be X400: or SMTP. Remember when adding an SMTP address, case sensitivity matters!

smtp:bruce.wayne@wayneenterprises.co.uk = secondary email alias
SMTP:batman@batcave.co.uk = primary email address

SAM EMAIL
brucewa X500:/O=WAYNE ENTERPRISES/OU=First Administrative Group/cn=Recipients/cn=brucewa
harleyqu X500:/O=WAYNE ENTERPRISES/OU=First Administrative Group/cn=Recipients/cn=harleyqu
poisoniv X500:/O=WAYNE ENTERPRISES/OU=First Administrative Group/cn=Recipients/cn=poisoniv

Once you have your lovely CSV file in a location on the Exchange server, crack open the Exchange Management Shell and run this command:

Import-Csv C:\migration\x500.csv | ForEach-Object{
  $name = $_.SAM
  $proxy = $_.email
  Set-Mailbox -Identity $name -EmailAddresses @{add= $proxy}
}

Tada!

Office 365 PowerShell and Scheduled Tasks

There are many reasons why you might want to run PowerShell scripts against Office 365/Exchange Online on a schedule, so I won’t fuss with any examples. Here is how it is done.

First you must create an encoded script file which contains the password for the Exchange Online/Office 365 admin which you want to use to login. It is important that you create the .key file

a) on the computer which will be running the scheduled task
b) using the account which will run the Scheduled Task

This is because as only the creator can decrypt the .key file, and this can only be done on the computer which generated the key file. To create your encrypted password file, open Powershell and run the following command:

Read-Host "Enter Password" -AsSecureString |  ConvertFrom-SecureString | Out-File "C:\scripts\Password.txt"

This will ask you to enter the password and then¬†give you a file full of rubbish. Now let’s do something with that rubbish! Your script to connect to Exchange Online and Office 365 should look like the following:

$TenantUname = "admin@myoffice365tenant.onmicrosoft.com"
$TenantPass = cat "c:\scripts\password.key" | ConvertTo-SecureString
$TenantCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $TenantUname, $TenantPass
$msoExchangeURL = ‚Äúhttps://ps.outlook.com/powershell/‚ÄĚ
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msoExchangeURL -Credential $TenantCredentials -Authentication Basic -AllowRedirection 
Import-PSSession $session
Connect-MSOLService -Credential $TenantCredentials

After these lines, add in the Powershell commands you wish to run, or a reference to a script. Save this as a .ps1 file.

For example, Clutter can’t be disabled for the whole tenancy, so to get around this I might want to disable clutter for all my users every night by adding this line to the end of my script:

Get-Mailbox -ResultSize Unlimited | Set-Clutter -Enable $false

Once you are all done with your script, open Task Scheduler and create a new task.

On the general tab, ensure that the user account being used to run the task is the same account which created the password file, and make sure the ‘Run whether user is logged on or not’ is ticked. Add whichever time based triggers you need, and on the Actions page choose to ‘Start a Program’ with the following settings:

Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments: C:\Scripts\TestScript.ps1

Voila! You now have a script which uses an AES encrypted text file to connect to Exchange Online and Office 365 so that you can run your daily maintenance tasks from a single management server. Yay!

Append Description to a list of users

Today I needed to append, not overwrite, the description variable for a list of users. To do this, I created a simple .txt file containing the usernames I wanted to change.

lewish
nicor
maxv
sebastienv
kimir
danielr

I then ran this very simple command which takes the existing Description and adds the phrase “User Enabled 07/06/2016” to the end of the Description.

Get-Content "c:\migration\userstest.txt" | get-aduser -Properties Description | ForEach-Object { Set-ADUser $_ -Description "$($_.Description) User Enabled 07/06/2016" }

Easy peasy lemon squeezy!