Active Directory clean up using PowerShell script e.g Name, UPN, SAM, Email

/ Cameron Yates

In this post we are going to look at a simple script to change AD attributes on a large scale with minimal effort.

Although bare in mind every Active Directory structure has it’s differences, parts of the script or the majority of it’s contents may not be applicable to your current situation. This post is more so documentation for myself at this point.

However, personally I’ve created little scripts similar to the one highlighted in this post for clients and they have proved beneficial in saving time and keeping their AD uniform and presentable.

Most important is knowing that it’s almost a given that the script below will need to be changed by yourself to suit your needs.

What this script does –

It retrieves all the AD user accounts in a specific OU and puts them in a list. To which the script goes through each object in the list making sure the Username (SamAccountName), email, AD display name and UPN are as follows –

UPN – BobSmith@contoso.com
SAM – Smithb
Email – BobSmith@contoso.com
AD Object Name – JSY.BobSmith (How it appears in Active Directory – name attribute)

Script –

$Lists = Get-ADUser -SearchBase 'OU=Staff,OU=Users,OU=Finance,DC=contoso,DC=com' -filter * -Properties * #Searches for all Users in specified OU

#$Lists = Get-ADUser -SearchBase 'OU=Staff,OU=Users,OU=Finance,DC=contoso,DC=com' -filter 'Name -eq "Test User"' -Properties * #Use to test script on one User

ForEach ($list in $lists){
    $FirstName = $list.GivenName #Retrieves User's Firstname
    $LastName = $list.Surname #Retrieves User's Lastname
    $FullName = "$firstname $lastname" #Puts both Firstname and Surname together with a space
    $NoSpace = "$firstname$lastname" #Brings both Firstname and Surname together no space
    $CustomName = "JSY.$FullName" #Puts JSY. infront of full name - for AD displayName
    $FirstNLength = $FirstName.Length-1 #Gets the Length of characters in their Firstname and then takes one away from that number
    $SammAccountFC = $FirstName.Substring(0,$FirstName.Length-$FirstNLength) #Takes away all characters in a user's firstname aside from the first
    $SAM = "$lastname$SammAccountFC" #Combines the Lastname and first character of user's firstname

    Set-AdUser -identity $List.ObjectGUID -Replace @{UserPrincipalName="$FirstName$LastName@contoso.com";SamAccountName="$SAM"} #Sets UPN and SAM
    Set-AdUser -identity $List -Email "$NoSpace@contoso.com" #Sets Email
    Rename-ADObject -Identity $list.ObjectGUID -newName $CustomName #Renames ADobject

  }

 

Test it on one user –

To test it on one AD Object you can change the first command to filter by a specified name rather than the wildcard (*) which retrieves everything in the OU.

You may have noticed it’s already in the script just as a comment –

Get-ADUser -SearchBase ‘OU=Staff,OU=Users,OU=Finance,DC=contoso,DC=com’ -filter ‘Name -eq “Test User“‘ -Properties *

Add more to the script or change it up completely –

Using the Set-ADuser technet page you have all the different parameters listed at your disposal to tailor the script to your AD environment or create your own from scratch.

Hope this was helpful!

 

Thanks for reading – feel free to follow and stay updated 🙂  View sysadminguides’s profile on Facebook View GuidesSysadmin’s profile on Twitter View 115372466162675927272’s profile on Google+

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s