Jude's Blog

3 Step Guide – Add and Enable Bulk Users for Active Directory and Exchange

leave a comment »

So we have implemented our Active Directory and Exchange Servers. May be created some test users and mail flow is working perfectly and everything’s good to go! Is it? Not really.The next painstaking task is about to hit you!

It’s time to create users, modify properties from AD perspective and enable all the former users and bind them with the proper Databases etc.

Unfortunately, Microsoft has not been the nice to us admins when it comes to getting all the company users on board. Why I’m telling this is you is, if we have 10-20 users, creating them one by one wouldn’t be a huge problem. But what if you have to add 500, 1000 or may be 5000+ users for the environment? Well, Microsoft’s way is to use powershell scripts. Where as you may find couple of 3rd party tools that will give you some level of Graphical User Interface (GUI) to ease up the task.

Let’s see how we can go ‘The Microsoft Way’

There are many ways to play with powershell. Importing the all the information of users in form of a CSV file is the easiest way here. By just using Excel, we create a small database of users and related attributes. Once we have completed it. It’s all the matter of running a single line of a PowerShell command. Let’s go through an example to see things step by step!

Let’s take Contoso Corp! I have implemented a fully functioning Microsoft environment with an Active Directory and Exchange Server 2013. Assuming that the environment is ready for production and only requires users to be enabled.

Step 1 – Add Users in Bulk

Here, we will be adding X-Number of users to our environment. For this example I’ll be adding 5 users with following information:

  • First Name (Given Name)
  • Surname
  • Name (Full Name)
  • SamAccountName
  • Description
  • Department
  • EmployeeID
  • Path (Organizational Unit (OU))
  • Enabled (whether the users is enabled/disabled)
  • Password (temporary password for user)
  • PasswordNeverExpires (given password will not expire)
  • Email (Email Address of the User)
  • UserPrincipalName (UPN of the users)

The below table with the sample data will be used in the execution,

GivenName Surname Name SamAccountName Description Department EmployeeID Path UPN Enabled Password PasswordNeverExpires Email
N-Test Zero n-test Zero n-test TOPLMTest TOPLMTest 777001 OU=TOPLMTest,DC=contoso,DC=com n-test@contoso.com $True abc@1234 $True n-test@contoso.com
N-Test One n-test1 One n-test1 TOPLMTest TOPLMTest 777002 OU=TOPLMTest,DC=contoso,DC=com n-test1@contoso.com $True abc@1234 $True n-test1@contoso.com
N-Test Two n-test2 Two n-test2 TOPLMTest TOPLMTest 777003 OU=TOPLMTest,DC=contoso,DC=com n-test2@contoso.com $True abc@1234 $True n-test2@contoso.com
Jude Perera Jude Perera jude TOPLMTest TOPLMTest 777004 OU=TOPLMTest,DC=contoso,DC=com jude@contoso.com $True abc@1234 $True jude@contoso.com
Chris Perera Chris Perera chris TOPLMTest TOPLMTest 777005 OU=TOPLMTest,DC=contoso,DC=com chris@contoso.com $True abc@1234 $True chris@contoso.com

Guide:

  1. Open Microsoft Excel
  2. Create the above table with your specific user information and save it as CSV type.
  3. Open your CSV using notepad to verify.

1

  1. Go to the Domain Controller, open Windows Powershell module
  2. Run the following command.

Import-csv .\BulkAddADUsers.csv | foreach { New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path –userPrincipalName $_.UPN -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True -Email $_.Email}

2

Let’s breakdown the above command for better understanding:

  • Import-csv .\BulkAddADUsers.csv = This command will import our CSV file from a given location
  • | foreach = Once the file is open, it will get the content and ‘for each’ line in that file, the next command will be executed.
  • New-ADUser -GivenName $_.GivenName = Create a new AD user, for the GivenName (First Name) attribute on the Active Directory, use the data that’s from the CSV file under the $_.GivenName column.

Note: You can add or remove the properties/attributes accordingly as you wish. However, it’s always a good idea to provide the following GivenName, Surname, UserPrincipalName, SamAccountName, Path etc. by-default.

  1. Go to the Active Directory Users and Computers and you can view that the users have been created with the given information.


3

4

Step 2 : Bulk Mail Enable

Now we have all users created in our Active Directory. But still that doesn’t mean it’s the same for Exchange. Unfortunately, you cannot use the ECP admin panel to bulk enable users for email. That’s a bummer indeed! Let’s see how we can do this easily using a script.

  1. Open Excel
  2. Create the following table with your own user information
Name Alias SamAccountName Email Database
n-test Zero n-test n-test n-test@contoso.com MDB02
n-test1 One n-test1 n-test1 n-test1@contoso.com MDB02
n-test2 Two n-test2 n-test2 n-test2@contoso.com MDB02
Jude Perera jude jude jude@contoso.com MDB01
Chris Perera chris chris chris@contoso.com MDB03
  •  SamAccountName – Unique Identifier for user data mapping
  •  Alias – Alias used for Exchange
  •  Database – The Exchange Server Database that the user mailbox will be created at
  1. Save the excel datasheet in CSV format.

5

  1. Go to the Exchange Server
  2. Open up the Exchange Powershell Module
  3. Execute the Following command.

Import-CSV “C:\MailUSers.CSV” | ForEach-Object {Enable-Mailbox -Identity $_.samaccountname –Alias $_.Alias –database $_.Database }

6 7

Note: The above command will input the CSV file that we created and enable the users for Exchange and map the given Database with the user mailbox.

  1. Go to the Active Directory Users and Computers window
  2. Select a user that you used in the above table to enable mail.
  3. Right Click on the user, go to Properties > Attribute Editor and under proxyAddresses attribute, look for the “SMTP:” value that we just created.
    8
  4. Go to the Exchange Admin Console, in the user properties you should be able to check the Database that we enabled.
  5. Once verified all information that we wanted to enter is assigned, the user will be able to login to the Outlook Web App.

9

Step 3: Add/Enable Secondary Proxy Addresses to Users

Imagine a situation of a Migration or a Transition from an old Messaging Solution to Exchange 2013 and your users are undergoing a change of email addresses as well.

Ex: Old Email ID – judeperera@contoso.com >>>> New Exchange Email ID – jude@contoso.com

Now, even when an email address was changed, we don’t want the user Jude Perera to lose any email that was sent to the Old ID. This may happen because not everyone will know that the email ID has been changed and still be sending to the Old ID. Therefore, in the next step we will add the users Old ID as a secondary SMTP address to the users email address list. Once done, any email sent to both judeperera@contoso.com and jude@contoso.com . However note that the replying mail for the user Jude would be jude@contoso.com

  1. Open Excel
  2. Create the following table
Name Alias SamAccountName ProxyAddresses
n-test Zero n-test n-test smtp:test@contoso.com
n-test1 One n-test1 n-test1 smtp:test1@contoso.com
n-test2 One n-test2 n-test2 smtp:test2@contoso.com
Jude Perera jude jude smtp:judeperera@contoso.com
Chris Perera chris chris smtp:chrisperera@contoso.com

*ProxyAddresses – This will be the secondary SMTP address that will be added to the users

  1. Save the excel datasheet as CSV in CSV format.
  2. Open your CSV using notepad to verify.

10

  1. Go to the Exchange Server, open Exchange Powershell
  2. Run the following command

Import-Csv proxyset.csv | Foreach { Get-ADUser -Identity $_.SamAccountName | Set-ADUser -Add @{proxyAddresses = ($_.proxyAddresses)}}

11

  1. Once the command has been run, go to the Domain Controller.
  2. Select a user that was added in the above list, right click and select Properties.
  3. On the properties window, select Attribute Editor.
  4. On the attribute list look for the “proxyAddresses” attribute and double click.
  5. On the window, verify that the user has the new ‘smtp:’ value.

12

  1. Now to verify let’s send an email using the OLD email ID.

13_1

  1. Go to the user’s inbox and you can see that the mail is received on the NEW email ID.

13_2

That’s it. Now you are good to open up the curtains of the new environment for all your users. Happy Deploying!

As a best practice, always use sample set of users with the above execution. Once verified with everything go ahead with the rest of the users!

Creative Commons Licence
3 Step Guide – Add and Enable Bulk Users for Active Directory and Exchange by Jude Perera is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. © Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to the original content.

Advertisements

Written by judeperera

August 8, 2014 at 6:40 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: