Powershell 修改Office365和AD账户

丈夫欲遂平生志，一载寒窗一举汤。这篇文章主要讲述Powershell 修改Office365和AD账户相关的知识，希望能为你提供帮助。
这段时间需要大量地修改AD用户的一些属性，例如邮件，UPN，登录名等等，以便和Office365的登录账号保持一致。写了个简单脚本进行批量修改。

脚本执行的前提是在本地安装了AD和Office365必要的PS模块。AD是可以远程间接调用DC的PS模块，不过实际操作发现有些小bug，所以还是直接安装在本地比较省事，速度也快。

#Import AD Module Import-Module activedirectory#Import Office 365 Module$Sessions=Get-PSSessionif ($Sessions.ComputerName -like "outlook.office365.com"){ write-host "Detecting current Office365 session, skip.." -ForegroundColor Cyan} else{ write-host "Starting new Office365 session" -ForegroundColor Cyan $UserCredential = Get-Credential Connect-MsolService -Credential $UserCredential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session }#Get Primary SMTP Address function Get-PrimarySMTP(){ [CmdletBinding()] Param ( # Param1 help description [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] [string[]] $users ) $pp=$null $pp=@{\'name\'=$null; \'primarysmtp\'=$null} $obj=New-Object -TypeName psobject -Property $pp $result=@() foreach($user in $users){ $info=get-aduser -Filter {name -eq $user} -Properties proxyaddresses $primarySMTPAddress = "" foreach ($address in $info.proxyAddresses) { if (($address.Length -gt 5) -and ($address.SubString(0,5) -ceq \'SMTP:\') ) { $primarySMTPAddress = $address.SubString(5) break } } $objtemp=$obj | select * $objtemp.name=$info.Name $objtemp.primarysmtp=$primarySMTPAddress $result+=$objtemp } return $result }#Get AD User Informtion#$ADUsers = Get-ADUser -SearchBase "ou=mango,ou=ddb_group,ou=melbourne,dc=omnicom,dc=com,dc=au" -Properties proxyaddresses, emailaddress, displayname -Filter * Write-Host " "$uUser=Read-Host "Please input the domain name "try{ $ADUsers=get-aduser $uUser -Properties proxyaddresses, emailaddress, displayname #Change SamAccountName and UPN foreach ($ADUser in $ADUsers) { $ADUser.Name $GivenName = $ADUser.GivenName $SurName = $ADUser.Surname if (($GivenName -ne $null) -or ($SurName -ne $null)) { $newSAM = $GivenName.ToLower() + \'.\'+$SurName.ToLower() $oldUPN=$ADUser.UserPrincipalName $domainName= $oldUPN.Split(\'@\')[1] $newUPN = $newSAM + \'@\'+$domainName write-host "Updating ADUPN: $oldupn -> $newUPN" -ForegroundColor Cyan #Change AD UPN and SamAccount Set-ADUser $ADUser -SamAccountName $newSAM -UserPrincipalName $newUPN #Change AD email $oldEmail=$ADUser.emailaddress $newEmail=$newSAM+‘@\'+$oldemail.split(\'@\')[1] write-host "Updating Email:$oldEmail -> $newEmail" -ForegroundColor Cyan set-aduser $newSAM -EmailAddress $newEmail #Change Primary SMTP $primary=Get-PrimarySMTP -users $ADUser.name | select -ExpandProperty primarysmtp Write-Host "Updating ProxyAddress.." -ForegroundColor Cyan #Write-Host "Current Primary address is $primary" -ForegroundColor Cyan $Aduser.proxyaddresses.remove("SMTP:"+$primary) $Aduser.proxyaddresses.add("smtp:"+$primary) $Aduser.proxyaddresses.add("SMTP:"+$newEmail) set-aduser $newSAM -replace @{proxyaddresses=[string[]]$ADUser.proxyaddresses} -ErrorAction Stop #Change cloud UPN. If Office365 session is not connected properly, follow commands wont\' work! $oldmsolupn=Get-MsolUser -SearchString $ADUser.Name $oldmsolupn=$oldmsolupn| select -First 1 | select -ExpandProperty UserPrincipalName $newmsolupn=$newSAM+\'@\'+$oldmsolupn.split(\'@\')[1] write-host "Updating MSOLUPN: $oldmsolupn -> $newmsolupn" -ForegroundColor Cyan Set-MsolUserPrincipalName -UserPrincipalName $oldmsolupn -NewUserPrincipalName $newmsolupn Write-Host "" } else{ Write-Warning "Either GivenName or Surname is Empty" } } #Confirm result Write-Host "Confirm AD Result " -ForegroundColor Cyan get-aduser $newSAM -Properties proxyaddresses,mail | select Name, SamAccountName, UserPrincipalName, proxyaddresses, mail Write-Host "Confirm O365 Result" -ForegroundColor Cyan Get-MsolUser -SearchString $ADUser.Name | select UserPrincipalName}catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{ write-host "AD User can not found" -ForegroundColor red }catch [Microsoft.ActiveDirectory.Management.ADException]{ Write-Host "User vlaue can\'t be updated or the specified value already exists" -ForegroundColor Red }

修改其实都满简单地，我的脚本里面也没有写太多容错处理。修改完了之后，windows用户可能存在Profile和注册表对不上号的问题，因此还需要修改一些注册表，具体操作参考 http://beanxyz.blog.51cto.com/5570417/1930788

【Powershell 修改Office365和AD账户】