Bulk User creation in Active Directory

Bulk user creation is a big task and can be difficult to update manually all the required records/attributes in active directory if it is a business requirement.
Today we will learn, how to make this work in one shot with good accuracy

Powershell:
There are many ways to make this work, but we will learn this through Powershell script and CSVDE command line.

Scenario 1:- Requirement to Create bulk users under Test OU with Description, Department, Manager, First/Last Name attributes updated and password set.
Create a Excel file with the required details as shown in the below figure and save it in CSV format.

-Copy the below commands in notepad and save it as scipt.ps1 format. Both the files should be located in C drive.

$pass = "Password123"

$password = ConvertTo-SecureString "MyPassword123" -AsPlainText -Force $pass

Import-Csv "C:\testUsers.csv" | ForEach-Object {

$userPrincinpal = $_.samAccountName + @domain.com

New-ADUser -Name $_.Name -SamAccountName $_.samAccountName

-UserPrincipalName $userPrincinpal

-Path "OU=OUTest,DC=DOmain,DV=Com"

-Description $_.Description

-Manager $_.Manager

-givenname $_.FirstN

-surname $_.LastN

-ChangePasswordAtLogon $true

-Enabled $true

Add-ADGroupMember "Domain Admins" $_.samAccountName

}

Note:Import-Module Active directory and set-execution Policy unrestricted before you run the script.

The above command will help you to update the mentioned attributes; if the requirement is different in your scenario then you can find the exact attributes with the help of below cmdlets.

"Get-help New-ADUser –examples"

This will list out the string values with Examples.

Once you run the above command it will start creating user accounts and there you finish the task through powershell .

  

CSVDE:

Scenario 2:-  We will create few users here with the help of CSVDE command.

CSVDE (Comma Separated Value Directory Exchange) is a command line utility, were we can export or import the user objects in Active directory.

Before we start with the activity, its best practice to go through with all the parameters/Syntax of CSVDE for your better understandings, when you use CSVDE –i -f sheet.csv to import the user account, ensure that LDAP fields mentioned in sheet are appropriate.

Here are the provided attributes in excel which describe as below,

• Objectclass – Defines the type of object
• GivenName – Defines First Name of user
• SN – Surname
• Description – Brief information about the object creation
• DN – Distinguished Name

-          Save the file name in CVS format and run the below command

-          Csvde –I –f c:\sheet.csv

s   

-I used to import mode. If not specified, the default is export.

-f helps to import or export file name

After you run the command, you can easily see the results in Active Directory. If the results are not populating then please refresh the container and you will find the objects created.

Hope this information is helpful, please leave your comments below if any concerns and will get back to you.

How to Create FTP User Isolation site (IIS) in windows 2008 R2

FTP user isolation is a good way to protect your data from unnecessary access and provides control over sharing and security. FTP user isolation will help security over FTP authentication and FTP authorization. We have different version of IIS running with all favors of window release and it’s all about running websites.

In windows 2008 R2 we have IIS version 7 released, even we have IIS 7.5 release in windows 7, IIS 8 release in windows 8 and IIS 8.5 release in Windows 8.1.

Through FTP share, We can isolate the access by providing access to limited user or group of users both domain users and workgroup user.

To install FTP site, we should have mandatory Web server (IIS) Roles which includes FTP server’s role also.

 Create a New Folder in desired location, where you like to keep the shared data.

Open Internet Information Services (IIS) Manager console.

Expand your domain, R.click on sites and select ADD FTP share

Name the FTP site and browse to the FTP directory which you have created early.

Next you need to configure Bindings. Bindings are basically what IP address you like to assign or FTP should communicate through website and choose No SSL unless we use certificates.

Setup for authentication and authorization, for authentication you can choose Basic or Anonymous and for authorization you can choose either All users, Anonymous users or specific users.

But this scenario we will learn to assign the FTP access to individual user.

Lastly, click on Finish.

Now, we will see if the FTP share has started working with specified user access.

You can now access the FTP site from any client machine in the domain using the user credentials,

Open computer explorer and type as below to access FTP share.

ftp://ftp-server-IP-address/ FTPshareName/

Finally you will be successfully login to FTP share and save you data over the network in FTP server environment. 

Export User list set for PasswordNever Expire

Click on the below link, one of the best books to purchase and get started with Powershell scripting

Finding users whose password is set to never expiry.

To export the user's whose attributes are set for password never expiry through powershell cmdlets.

Please use the below commands.

Get-ADUser -Filter  'PasswordNeverExpires -eq $true'  -Server "domain name" | select name > c:\users.txt

Here we have used Get-aduser cmdlets and filter to show all users whose password is 

Set to enabled.

We’re piping the output with cmdlets “select-object” and to show the output with “Name” attribute.

Note:-

o   Run powershell  as administrator

o   Import-module activedirectory

o   Set-execution policy unrestricted  

Set bulk user account to password never expiry option

Friends, couple of days ago I'd a task to set bulk user account attribute to Password never expiry option.

If the account list consist more then 50+ users records then it is pretty difficult to set the option manually.

Microsoft has provided powershell command line utility which comes into picture and makes your task very easy in no time.

Here is the command to set the attribute to Password never expiry,

Before you run the command, you need to understand it well and check the dependency things related to this commands

Get-content c:\user.txt | set-aduser -passwordneverexpiry $true

or

get-content “c:\users.txt” | Set-QADUser -ObjectAttributes @{useraccountcontrol=65536}

The above command will extract the provided logon names from the text format and command Set-QADUser command will not run unless you have Quest Powershell Management Pack installed and imported into powershell.

Here is the link to download the Quest powershell Management pack:

http://www.quest.com/activeroles-server/

Note;- Always run Powershell with Administrator Privileges.

How to stop windows from automatic shutdown

We might have come across many times while using windows evaluation OS version, so when the trail periods expiry it’s tend to reboot frequently, the automatic shutdown triggers every hour. Microsoft has made it very clear that - you should activate the product online within 10 days after installing.

-If you’re using eval period to overcome this, we need to re-install the Operating system freshly.

This is usually caused due to process/service which runs in background "Windows License Monitoring Service” it basically monitors the license state of the system and if it has expires it triggers the shutdown.

Our’ recommendation is to stop/remove the WLMS service. But this tutorial does not encourages to promote the piracy but helps people who have issue in running windows for an hour and want to copy their important data.

Download the PSTOOL from the below link:

http://download.sysinternals.com/files/PSTools.zip

Save the unzipped folder in c drive

Run the command as administrator

Navigate to the Pstool folder

   

Run the below command:

psexec -i -d -s cmd

which opens a new cmd with nt authority\system account

Now, here type: whoami

Will show nt authority\system account

Type sc delete WLMS

This will delete the services

Type regedit

Above command will open the registry editor

Navigate to: HKEY_LOCAL_MACHINE->System->CurrentControlSet->Services

Right click on: WLMS key and delete

This is how it will work and your machine will not reboot frequently.