PowerShell AD User Properties Script

If you would like to read the other parts in this blog series please go to:

  1. Logon Script and PowerShell ADAssist Tool (Part 1)
  2. PowerShell ADAssist Tool and List-ADUsers Script (Part 2)
  3. PowerShell AD User Properties Script (Part 3)
  4. Exchange – PowerShell AD User Properties Script (Part 4)

My objective in this post is to present the Display-ADUserProperties.ps1 script that generates Windows Forms (WinForms) and gives you the ability to:

  • Display and edit user’s attributes in AD
  • Change a user’s password setting
  • Unlock / disable / enable a user’s account and manage account’s expiration
  • Delete / move an account and clear selected user’s account attributes
  • View / export / import user’s settings from an XML file
  • Manage a user’s groups’ membership in AD
  • Apply template settings
  • Copy and create new user account in AD

As you know from previously posted blogs (part one or part two in this series), this script is launched by either the AD-Assist.ps1 or List-ADuser.ps1 script. It is placed in the same folder – ADAssist Application (in my example it is extracted inside C:\PSScript\AD-Assist folder), and as the other scripts in this location, it needs the presence of the XML file named “ADassistConfigFile.xml” which is an integral part of this application. See the picture below.

Picture 1: ADassistConfigFile.xml

Let me show you the five tabs of this script: Account, Organization, Membership, Groups and Template. The two remaining tabs: Exchange General and Mailbox Settings will be presented in the next post.

The first tab, ACCOUNT, displays info about the user’s name, profile, password and account expiry settings. All user’s attributes presented in the textboxes are editable and to commit their change (clear, add/edit, remove attributes in their corresponding textboxes) click the ‘Update Account’ button. To change the account expiry and password settings, use the buttons provided on the form.

Picture 1: Account tab shows info about user’s name, profile, password and account expires settings.

The second tab, ORGANIZATION, displays info about the user’s organization, department and account manager. All these attributes presented in the textboxes are editable, and just like on the first tab, to commit their change (clear, add/edit, remove) click the ‘Update Account’ button. To change the account manager settings use the buttons provided on the form.

Picture 2: Organization tab displays info about user’s organization, department and account manager

The third tab, MEMBERSHIP, lists all the (security/distribution) groups the selected user’s account is a member of. To change the account’s membership settings use the buttons provided on the form.

Picture 3: Membership tab lists all the groups the selected user’s account is a member of

The fourth tab, ADD GROUPS, contains controls you can use to select either security or distribution groups in Active Directory and assign membership to the selected user account. The ‘Select Group OU’ button lets you select the OU container that contains the groups to which you want to add a member.

Picture 4: use Add Groups tab to assign membership to the selected user account

The fifth tab, TEMPLATE, enables you to select a user account from a drop-down list and compare its properties with the displayed user’s attributes. In a displayed DataGridView, you can check one; a few or all the template’s attributes and apply it to the selected user’s account. In addition, you can edit the content of the current template’s attribute in a DataGridView text box cell by typing in it and apply its content to the displayed user.

If you exported a user’s attributes to an XML file, or you have created a user’s snapshot file; these files could be imported as a Template and its content compared with the displayed user’s attributes as well. Just click the ‘Copy Properties’ button to apply the template’s properties and commit changes to the selected user account.

Picture 5: use Template tab to select a user account from a drop-down list and compare its properties with the displayed user’s attributes.

The main form contains quite a few buttons, some of them do not need additional explanation (like Enable, Unlock, Move, and Delete button); but some of them, like the ‘Create User Snapshot’ and ‘Copy / Create New User’ buttons, open up the forms enabling you to perform functions such as exporting users’ attributes from the selected OUs or to create a new user account and its mailbox.

For example, to create a user snapshot, click the ‘Browse’ button to select an OU container which contains users’ accounts you want to capture in an XML file. Click the ‘Save As’ button to specify the path for an XML file and lastly click the ‘Export To XML’ button to finalize this process.

Picture 6: Create a user snapshot file

To Copy / Create a new user account, click on the ‘Copy/Create New User’ button; it opens a form that allows you to specify a few essential properties of a new user account, see picture 7.

Picture 7: Copy and create new user account

These following attributes are copied to the newly created account:

Title,ScriptPath,HomeDrive,ProfilePath,HomeDirectory,wWWHomePage,manager,physicalDeliveryOfficeName,telephoneNumber,l,st,postalCode,c,StreetAddress,postOfficeBox,Company,Department,Description,homePhone,pager,facsimileTelephoneNumber,mobile,ipPhone,extensionAttribute1,extensionAttribute2,extensionAttribute3,extensionAttribute4,extensionAttribute5,extensionAttribute6,extensionAttribute7,extensionAttribute8,extensionAttribute9,extensionAttribute10,extensionAttribute11,extensionAttribute12,extensionAttribute13,extensionAttribute14,extensionAttribute15, and memberOf

The function contained in this form will create a mailbox for a new user if you select the specified checkbox and select the mailbox database from the drop-down list.

NOTE: if you do not check the ‘Create new mailbox for this user’ checkbox on the form, only the attributes displayed in the blue font color will be copied to a new user account.

As always, the download file is in the download/application section of this site under name AD Assist Tool.


 

Leave a Reply

Your email address will not be published. Required fields are marked *