- 目前在 windows small business server,用 GUI 建帳號要幾個步驟我忘了(10~30個吧),流程如下
- 建立帳號
- 設定密碼
- 開 AD user & group
- 將帳號搬到指定的資料匣
- 指定帳號的所屬群組
- 設定帳號的組織資料 (部門/群組/主管)
- 啟動 exchange management console
- 設定帳號的別名 (email 上的顯示名稱)
每一個帳號都要這樣做!! (翻白眼)
身為系統管理人員,我的基因寫著能
為止我寫了兩個 script
- 依部門列出所有使用者
- 輸入舊的使用者帳號作為模版,複製模板的所有資料
- 輸入新的使用者帳號及姓名,作為新帳號及email 建立的參考
Import-Module ActiveDirectory
"列出所有部門"
Get-ADOrganizationalUnit -Filter * -SearchBase "OU=SBSUsers,OU=Users,OU=MyBusiness,dc=domian,dc=local" | Sort {-join ($_.distinguishedname[($_.distinguishedname.length-1)..0])} | Select name | ft -auto
"列出部門內所有帳號"
$deptName = Read-Host "輸入部門名稱"
Get-ADUser -filter * -SearchBase "OU=$deptName,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local" |select SamAccountName,Name
以下是第二個 script
# 本程式必須在 DC 執行
# 啟用 AD 模組
Import-Module ActiveDirectory
# 啟用 Exchange Snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Clear-host
do {
"檢查作為範本的舊帳號:存在?"
$nameds = Read-Host "輸入舊帳號"
if (dsquery user -samid $nameds){"OK,舊帳號存在"}
elseif ($nameds = "null") {
"NG,舊帳號不存在"
read-host "請檢查輸入的帳號是否正確,按 enter 離開程式"
exit
}
}
while ($nameds -eq "null")
do {
"檢查要建的新帳號:不存在?"
$NewUserds = Read-Host "輸入新帳號"
While ( $NewUserds -eq "" )
{ $NewUserds = Read-Host "新帳號"}
$NewUser = $Newuserds
if (dsquery user -samid $NewUserds){
"NG,新帳號已存在"
read-host "請檢查輸入的帳號是否正確,按 enter 離開程式"
exit
}
elseif ($NewUserds = "no") {"OK,可建立此帳號"}
}
while ($Newuserds -ne "no")
# 取得舊帳號的所有屬性
$name = Get-AdUser -Identity $nameds -Properties *
$passwd = "123456" #設定預設密碼
$DN = $name.distinguishedName
$OldUser = [ADSI]"LDAP://$DN"
$Parent = $OldUser.Parent
$OU = [ADSI]$Parent
$OUDN = $OU.distinguishedName
$Lastname = Read-Host "姓氏"
$firstname = Read-Host "名字"
$NewName = "$lastname$firstname"
"若要設定業務人員的英文姓名,格式如下"
"例: John Lin"
$DisplayName = Read-Host "顯示名稱 [enter]略過"
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
# 下次登入時變更密碼:不啟用;因現在都要預先設定電腦
New-ADUser -SamAccountName $NewUser -Name $NewName -DisplayName $DisplayName -GivenName $firstname -Surname $lastname -Instance $DN -Path "$OUDN" -AccountPassword (ConvertTo-SecureString $passwd -AsPlainText -force) -userPrincipalName $NewUser@$domain -Company $name.Company -Department $name.Department -Manager $name.Manager -title $name.Title -Office $name.Office -City $name.city -PostalCode $name.postalcode -Country $name.country -OfficePhone $name.OfficePhone -Fax $name.fax -State $name.State -StreetAddress $name.StreetAddress -Enabled $true -changepasswordatlogon $false
write-host "複制舊帳號資料,及其所屬群組..."
$groups = (GET-ADUSER -Identity $name -properties MemberOf).MemberOf
foreach ($group in $groups) {
Add-ADGroupMember -Identity $group -Members $NewUser
}
$count = $groups.count
clear-host
# 建立信箱
"選擇資料庫"
"1HIGH_USAGE"
"2MEDIUM_USAGE"
"3LOW_USAGE [預設]"
""
"可輸入: 1|2|3"
$mbxDBSelect = read-host "選擇 MailboxDB"
switch ($mbxDBSelect)
{
1 { $mbxDB = "1HIGH_USAGE"}
2 { $mbxDB = "2MEDIUM_USAGE"}
3 { $mbxDB = "3LOW_USAGE"}
default { $mbxDB = "3LOW_USAGE"}
}
if (! $DisplayName) {
Enable-Mailbox -Identity:$NewUser -Database:$mbxDB
} else {
#顯示名稱若有輸入,在這邊依照 exchange 格式調整字串
#將 $DisplayName 字串拆解重組成 "John.Lin"
$DisplayFirstName,$DisplayLastName = $DisplayName.Split(" ",2)
$aliasName = "$DisplayFirstName.$DisplayLastName"
Enable-Mailbox -Identity:$NewUser -Alias:$aliasName -Database:$mbxDB
}
write -host "帳號及信箱都已建立完成"
https://technet.microsoft.com/en-us/library/ff730937.aspx
https://community.spiceworks.com/topic/442889-copy-ad-user-with-powershell
沒有留言:
張貼留言