Need scripting help to populate attributes for AD users

I am working on a project requiring some scripting to add attributes for AD users.


Environment:

I am helping a school district migrate to Office 365 for all students. Originally, their admin set up a bunch of Cloud users with email addresses. We need to integrate them with the local domain, so they can work with local resources, etc..

I have set up the upn suffix of their Cloud domain on their local servers and federated it. That part works fine.

When we attempted to synchronize the accounts, the process created a 2nd account, rather than merging the two, as intended. I discovered the reason this occurred is there are missing attributes in the user accounts that need to be there, or the merge will not work.

The three attributes are:

MailNickName = user@domain.com
proxyAddresses = user@domain.com
UserPrincipalName= user@domain.com

It turns out when the users were created originally on the local server that hardly any attributed where configured, which is making it difficult to query, so I can populate the necessary fields.

I have attached a couple screen shots of two accounts for examples to go by. (notice the missing logon name, which I need populated too) I need to change or update 1500+ users where all three attributes equal username@nlswildcats.com

I have been working with an individual who knows much more about scripting than I. We have used the Powershell for everything done thus far, but could not get past the continued errors.You can reference the original question here: bit.ly/H1jAqV
SS1.png
SS2.png
tamray_techAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

YZlatCommented:
So you want a script that fill in those 3 attributes based on existing e-mail address?

MailNickName = user@domain.com
proxyAddresses = user@domain.comUserPrincipalName= user@domain.com
0
tamray_techAuthor Commented:
Actually, that is the problem; there is no current email address, and as you can see from the screen shot, the logon name is missing.
0
footechCommented:
Pretty certain it's the Mail attribute that needs to be populated and not MailNickName.  I don't think proxyAddresses needs to be populated unless you have more than one email address.  The below only works on users that don't have a userprincipalname set.
Get-ADUser -filter * | Where { !($_.userprincipalname) } | ForEach `
{
    $upn = "$($_.samaccountname)@somedomain.com"
    Set-ADUser -Identity $_.samaccountname -UserPrincipalName $upn -Add @{ Mail = $upn }
}

Open in new window

If you find you really do need to set proxyaddresses try the below.
Get-ADUser -filter * | Where { !($_.userprincipalname) } | ForEach `
{
    $upn = "$($_.samaccountname)@somedomain.com"
    Set-ADUser -Identity $_.samaccountname -UserPrincipalName $upn -Add @{ Mail = $upn; proxyAddresses = "SMTP:$upn" }
}

Open in new window

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

tamray_techAuthor Commented:
Microsoft is telling me I need the proxyaddress info.

These are ps1 scripts, correct?
0
tamray_techAuthor Commented:
I missed providing some information. I need to run this script either against the "Students" group or users in specific OUs.
0
footechCommented:
Yes, they are PowerShell scripts.
You can change which accounts are modified by changing the parameters of Get-ADUser (you can change the filter, searchbase, and/or searchscope), or add a condition to check with Where-Object.  An example -
Get-ADUser -filter * -searchbase "OU=Students,DC=domain,DC=com" | Where { !($_.userprincipalname) } | ForEach `
{
    $upn = "$($_.samaccountname)@somedomain.com"
    Set-ADUser -Identity $_.samaccountname -UserPrincipalName $upn -Add @{ Mail = $upn; proxyAddresses = "SMTP:$upn" }
}

Open in new window

0
tamray_techAuthor Commented:
The script runs, but attributes are not updated. here is what the script contains:

Get-ADUser -filter * -searchbase "OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us" | Where { !($_.userprincipalname) } | ForEach `
{
    $upn = "$($_.samaccountname)@domain.com"
    Set-ADUser -Identity $_.samaccountname -UserPrincipalName $upn -Add @{ Mail = $upn; proxyAddresses = "SMTP:$upn" }
}
0
footechCommented:
Are you sure?  If you're checking with ADUC, make sure that you've refreshed the objects (or just close ADUC and reopen).
I did this with a test domain and it worked.
After checking the above, run the following and let me know if it outputs the users you expect.
Get-ADUser -filter * -searchbase "OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us" | Where { !($_.userprincipalname) }

Open in new window

0
tamray_techAuthor Commented:
Victim of copy/paste. The last "S" in Students had a weired character. Running right now
0
tamray_techAuthor Commented:
This much works:

Get-ADuser -filter * -searchbase "OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us"

However the output is a problem and cause the rest of the line not to produce output:


DistinguishedName : CN=Brittany Hanson,OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us
Enabled           : True
GivenName         :
Name              : Brittany Hanson
ObjectClass       : user
ObjectGUID        : 0c6ba170-e655-4499-8a21-f164da80964c
SamAccountName    : BHanson94
SID               : S-1-5-21-3819302238-1543560111-2116097986-3389
Surname           :
UserPrincipalName : @domain.com

DistinguishedName : CN=Dylan Hanson,OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us
Enabled           : True
GivenName         :
Name              : Dylan Hanson
ObjectClass       : user
ObjectGUID        : 5214de95-f4d2-4c54-9ee2-f4820a855c14
SamAccountName    : DHanson94
SID               : S-1-5-21-3819302238-1543560111-2116097986-3390
Surname           :
UserPrincipalName : @domain.com
0
footechCommented:
Remember, I mentioned that the script only works on accounts that don't have the UserPrincipalName set (I had added this initially to avoid modifying any accounts where this is already set).  However, with your targeting of a specific OU or by other criteria, this may not be a concern for you.  If you want it work on all accounts you can remove the Where-Object filter.  So you would have
Get-ADUser -filter * -searchbase "OU=2012,OU=Students,DC=domain,DC=k12,DC=mn,DC=us" | ForEach `
{
    $upn = "$($_.samaccountname)@domain.com"
    Set-ADUser -Identity $_.samaccountname -UserPrincipalName $upn -Add @{ Mail = $upn; proxyAddresses = "SMTP:$upn" }
} 

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tamray_techAuthor Commented:
This worked. Thank You!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.