Powershell for Google Apps Migration, good scripts to use

Ok it’s been a long time since i posted something, recently i have been working with migrating from Windows to Google Apps, but that dosen’t mean you won’t be able to use your MS skills 😉

Here is a couple of good powershell script’s i have been forced to use:

Create mailadresses on AD users,

To be able to sync and migrate users to Google Apps you need to provide them with a emailaddress, since that will be their uniqe user ID in GA:

Get-ADUser -LdapFilter '(!mail=*)' -Properties givenName,sn | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") }

Create mailadresses on AD users (but on a certain group):

This is usefull if you are going to migrae a few users to GA and not the whole AD… This script takes the FIrstname and Secondame and fixes if it’s a dobulename, and also if their are more than one user called the same name, it adds 001,002,003 🙂

Get-ADGroupMember -Identity "grupp" | get-aduser -Properties givenname,sn,mail | ?{$_.mail -match '^$'} | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") } }

Create Mailadresses by the Samaccountname

Some users, you migt wan’t to use theier samaccountname and not their firstname,SN so here is what you type then, and remember this applys to a group aswell:

Get-ADGroupMember -Identity "grupp" | Get-ADUser -Properties samaccountname | Foreach { Set-ADUser -Identity $_ -EmailAddress ("{0}@Acme.com" -f $_.samaccountname}

Find users that do not have a mailadress

This could be good to use, it tells you if any user in your AD does not have anything in the Mail attribute:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -eq  $null }  | sort  | Select Name,EmailAddress

Find users that DO have mailadress attribute

And here is one that tells you the users that do have something in the mail attribute, could be good to use, so you see that no users have a bad mailadress:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -ne  $null }  | sort  | Select Name,EmailAddress

Set random password on AD user 

In many cases when migrating to GA, you will bump in to organisations that have more than 1 AD/domain. If so you should use LDFIDE to export and import users to 1 AD since GADS (google apps directory sync) do only sync from 1 AD. And when you use LDFIDE it does not migrate the users password so here is a good PS script to generate a random password and print it to a CSV file:

Import-Module ActiveDirectory

# Set vars
$WorkingOU = "OU=USERS,OU=MyLAB4,DC=demo,DC=local"
$WorkingFile = "C:\Temp\UserPasswords.txt"
$PassordLength = "12"

# Cleaning up
Clear-Content $WorkingFile -ErrorAction SilentlyContinue

$Users = (Get-ADUser -SearchBase $WorkingOU -Filter *).SamAccountName
ForEach ($User in $Users){
function RandomPassword
param (
         [string]$pattern # optional
$pattern_class = @("T", "O", "F", "S")
$charpool = @{
         "T" = "abcdefghjkmnopqrstuvwxyz";
         "F" = "123456789";
         "S" = "!@#%&"
$rnd = New-Object System.Random
Start-Sleep -milliseconds $rnd.Next(500)
if (!$pattern -or $pattern.length -lt $length) {

         if (!$pattern)
                 $pattern = ""
                 $start = 0
         } else {
                 $start = $pattern.length - 1
         for ($i=$start; $i -lt $length; $i++)
                 $pattern += $pattern_class[$rnd.Next($pattern_class.length)]
         $password = ""
         for ($i=0; $i -lt $length; $i++)
         $wpool = $charpool[[string]$pattern[$i]]       
         $password += $wpool[$rnd.Next($wpool.length)]
         return $password
do {
$UserPasswordPlainText = RandomPassword -length $PassordLength
} until ( $UserPasswordPlainText -match '\d' -and
                         $UserPasswordPlainText -match '[a-z]' -and
                         $UserPasswordPlainText -match '[A-Z]' -and
                         $UserPasswordPlainText -match '\W' )

$NewUserPassword = ConvertTo-SecureString $UserPasswordPlainText -AsPlainText –Force
Set-ADAccountPassword -Identity $User -NewPassword $NewUserPassword -Reset
Add-Content -Path $WorkingFile -Value "$User;$UserPasswordPlainText" -Force
# Debug
#Write-Host "User $User password was set to $UserPasswordPlainText"