Monthly Archives: January 2018

Exchange – PowerShell AD User Properties Script

If you would like to read the other parts in this blog series please go to:

  1. Logon Script and PowerShell ADAssist Tool (Part 1)
  2. PowerShell ADAssist Tool and List-ADUsers Script (Part 2)
  3. PowerShell AD User Properties Script (Part 3)
  4. Exchange – PowerShell AD User Properties Script (Part 4)

This is the final blog in this series about the user accounts’ administration, and here I will present this Windows Form with two additional tabs: Exchange General and Mailbox Settings. This is the updated Display-ADUserProperties.ps1 script.

From the previous blog (part 3) in this series, you’ve learned that this script gives you the ability to:

  • Display and edit a user’s attributes in AD
  • Change a user’s password settings
  • Unlock / disable / enable a user’s account and manage account’s expiration
  • Delete / move an account and clear the selected user’s account attributes
  • View / export / import a user’s settings from an XML file
  • Manage a user’s groups’ membership in AD
  • Apply template settings
  • Copy and create a new user account in AD

In addition to the above list, this script being updated with the Exchange cmdlets enables you to do the following:

  • Create a new user and its mailbox or create a mailbox for the existing user
  • Hide, disable and remove a mailbox
  • Clear, add/edit, remove the custom attributes
  • Manage the mailbox storage limits and item retention settings
  • View / change the delivery options and delivery restrictions

Please note that Display-ADUserProperties.ps1 script is launched by both the AD-Assist.ps1 or List-ADuser.ps1 script, and it is placed in the same folder – ADAssist Application (in my example it is extracted inside C:\PSScript\AD-Assist folder).

If an account you want to administer is not mailbox enabled, you will see the ‘Enable User Mailbox’ button. To enable this account, click the ‘Enable User Mailbox’ button and in the form that pops up, select the checkbox to make the form’s controls enabled. From the drop down list, select the Exchange database and click the ‘Create New User Mailbox’ button as shown in the picture 1.

Picture 1: Enable mailbox for a user account

Note: you will see this button for every user that is mailbox enabled, but hasn’t logged on to mailbox yet, so there is no data to return. After the user logs on, this button will no longer appear.

The Exchange General tab, displays info about the user’s mailbox, such as the number of total items, its size, the database name, and the dates it is being created/modified. All mailbox’s custom attributes presented in the textboxes are editable and to commit their change (clear, add/edit, remove attributes in their corresponding textboxes) click the ‘Update Exchange Info’ button. To hide/unhide the mailbox or to disable/remove it, use the buttons provided on the form.

Picture 2: Exchange General tab shows info about the mailbox’s properties and custom attributes.

The Mailbox Settings tab, displays different settings, like the mailbox storage limits, its items’ retention settings, delivery options and delivery restrictions. All these settings could be changed (clear, add/edit, remove) by the controls and buttons provided on the form.

Picture 3: Mailbox Settings tab

Important: I’ve updated the Display-ADUserProperties.ps1 script and the download file (ADAssist Tool) just before publishing this post and you can download this compressed file from the download/application section of this site.


 

PowerShell AD User Properties Script

If you would like to read the other parts in this blog series please go to:

  1. Logon Script and PowerShell ADAssist Tool (Part 1)
  2. PowerShell ADAssist Tool and List-ADUsers Script (Part 2)
  3. PowerShell AD User Properties Script (Part 3)
  4. Exchange – PowerShell AD User Properties Script (Part 4)

My objective in this post is to present the Display-ADUserProperties.ps1 script that generates Windows Forms (WinForms) and gives you the ability to:

  • Display and edit user’s attributes in AD
  • Change a user’s password setting
  • Unlock / disable / enable a user’s account and manage account’s expiration
  • Delete / move an account and clear selected user’s account attributes
  • View / export / import user’s settings from an XML file
  • Manage a user’s groups’ membership in AD
  • Apply template settings
  • Copy and create new user account in AD

As you know from previously posted blogs (part one or part two in this series), this script is launched by either the AD-Assist.ps1 or List-ADuser.ps1 script. It is placed in the same folder – ADAssist Application (in my example it is extracted inside C:\PSScript\AD-Assist folder), and as the other scripts in this location, it needs the presence of the XML file named “ADassistConfigFile.xml” which is an integral part of this application. See the picture below.

Picture 1: ADassistConfigFile.xml

Let me show you the five tabs of this script: Account, Organization, Membership, Groups and Template. The two remaining tabs: Exchange General and Mailbox Settings will be presented in the next post.

The first tab, ACCOUNT, displays info about the user’s name, profile, password and account expiry settings. All user’s attributes presented in the textboxes are editable and to commit their change (clear, add/edit, remove attributes in their corresponding textboxes) click the ‘Update Account’ button. To change the account expiry and password settings, use the buttons provided on the form.

Picture 1: Account tab shows info about user’s name, profile, password and account expires settings.

The second tab, ORGANIZATION, displays info about the user’s organization, department and account manager. All these attributes presented in the textboxes are editable, and just like on the first tab, to commit their change (clear, add/edit, remove) click the ‘Update Account’ button. To change the account manager settings use the buttons provided on the form.

Picture 2: Organization tab displays info about user’s organization, department and account manager

The third tab, MEMBERSHIP, lists all the (security/distribution) groups the selected user’s account is a member of. To change the account’s membership settings use the buttons provided on the form.

Picture 3: Membership tab lists all the groups the selected user’s account is a member of

The fourth tab, ADD GROUPS, contains controls you can use to select either security or distribution groups in Active Directory and assign membership to the selected user account. The ‘Select Group OU’ button lets you select the OU container that contains the groups to which you want to add a member.

Picture 4: use Add Groups tab to assign membership to the selected user account

The fifth tab, TEMPLATE, enables you to select a user account from a drop-down list and compare its properties with the displayed user’s attributes. In a displayed DataGridView, you can check one; a few or all the template’s attributes and apply it to the selected user’s account. In addition, you can edit the content of the current template’s attribute in a DataGridView text box cell by typing in it and apply its content to the displayed user.

If you exported a user’s attributes to an XML file, or you have created a user’s snapshot file; these files could be imported as a Template and its content compared with the displayed user’s attributes as well. Just click the ‘Copy Properties’ button to apply the template’s properties and commit changes to the selected user account.

Picture 5: use Template tab to select a user account from a drop-down list and compare its properties with the displayed user’s attributes.

The main form contains quite a few buttons, some of them do not need additional explanation (like Enable, Unlock, Move, and Delete button); but some of them, like the ‘Create User Snapshot’ and ‘Copy / Create New User’ buttons, open up the forms enabling you to perform functions such as exporting users’ attributes from the selected OUs or to create a new user account and its mailbox.

For example, to create a user snapshot, click the ‘Browse’ button to select an OU container which contains users’ accounts you want to capture in an XML file. Click the ‘Save As’ button to specify the path for an XML file and lastly click the ‘Export To XML’ button to finalize this process.

Picture 6: Create a user snapshot file

To Copy / Create a new user account, click on the ‘Copy/Create New User’ button; it opens a form that allows you to specify a few essential properties of a new user account, see picture 7.

Picture 7: Copy and create new user account

These following attributes are copied to the newly created account:

Title,ScriptPath,HomeDrive,ProfilePath,HomeDirectory,wWWHomePage,manager,physicalDeliveryOfficeName,telephoneNumber,l,st,postalCode,c,StreetAddress,postOfficeBox,Company,Department,Description,homePhone,pager,facsimileTelephoneNumber,mobile,ipPhone,extensionAttribute1,extensionAttribute2,extensionAttribute3,extensionAttribute4,extensionAttribute5,extensionAttribute6,extensionAttribute7,extensionAttribute8,extensionAttribute9,extensionAttribute10,extensionAttribute11,extensionAttribute12,extensionAttribute13,extensionAttribute14,extensionAttribute15, and memberOf

The function contained in this form will create a mailbox for a new user if you select the specified checkbox and select the mailbox database from the drop-down list.

NOTE: if you do not check the ‘Create new mailbox for this user’ checkbox on the form, only the attributes displayed in the blue font color will be copied to a new user account.

As always, the download file is in the download/application section of this site under name AD Assist Tool.