Param(
[ValidateSet("ou","group")]
[Parameter(Mandatory=$true)]
[string]$user_container,
[Parameter(Mandatory=$true)]
[string]$user_location,
[Parameter(Mandatory=$false)]
[ValidateSet("OneLevel","Subtree")]
[string]$user_location_scope,
[Parameter(Mandatory=$true)]
[ValidateSet("onpremise","cloud","clear")]
[string]
$location
)
##### About script
# Created by: Maarten Meijer
# Copyright: SoftApp-distribution (2018)
# Version: 1.1-b04072018
# 04-07-2018: Added scoping on OU
# 04-07-2018: Added option to clear attributes and reset to defaults
# 04-07-2018: Changed searching to a Searchbase to limit the results and fix error with incorrect OU name
#
# Requirements:
# - Run on AD domain controller
#
# Usage:
# 1. Just run the script! Parameters will be asked upon running.
# Options/Parameters:
## -user_container ==> object that contains the user subset ("group" or "ou")
## -user_location ==> if a "group" is selected enter the sAMACCOUNTNAME here of the group. On selecting a OU enter the DN of the OU (use opening and closing ")
## -location ==> location of the hosted users ("onpremise" or "cloud")
## -user_location_scope ==> depth of OU searching ("OneLevel" or "Subtree")
#
# Important
# This script sets the UPN as the SIGN IN ADDRESS of the user. If those are not the same, modify the script!
#
#
# DO NOT CHANGE ANYTHING BELOW HERE
$Logfile = "C:\change_ad.log"
Function LogWrite
{
Param ([string]$logstring)
Add-content $Logfile -value $logstring
}
LogWrite("UPDATE AD: " + (Get-Date).tostring())
LogWrite("user_container: " + $user_container)
LogWrite("user_location: " + $user_location)
LogWrite("location: " + $location)
Import-Module ActiveDirectory
Write-Host "[AD UPDATE] Start" -foregroundcolor Green
#Get users from OU
switch($user_container) {
"group" {
$found_group = Get-ADGroup -Identity $user_location
if ($found_group -ne $null) {
$users = Get-ADGroupMember -Identity $user_location | Get-ADuser
} else {
LogWrite("Unable to find group")
Write-Host "Unable to find group" -foregroundcolor red
break
}
}
"ou" {
#use searchbase instead of pipeline filter, otherwise can catch too many users if string is not correctly formatted.
$users = Get-ADUser -Filter {Enabled -eq $true} -SearchBase $user_location -SearchScope $user_location_scope
}
}
foreach ($user in $users) {
#update attributes
Write-Host "[$($user.UserPrincipalName)] Updating attributes" -foregroundcolor green
LogWrite("[$($user.UserPrincipalName)] Updating attributes")
if($location -eq "onpremise") {
LogWrite("[$($user.UserPrincipalName)] onpremise")
Set-ADUser -Identity $user.SamAccountName -replace @{'msRTCSIP-DeploymentLocator'="SRV:";'msRTCSIP-PrimaryUserAddress'="sip:$($user.UserPrincipalName)";'msRTCSIP-UserEnabled'="TRUE";}
} elseif ($location -eq "cloud") {
LogWrite("[$($user.UserPrincipalName)] cloud")
Set-ADUser -Identity $user.SamAccountName -replace @{'msRTCSIP-DeploymentLocator'="sipfed.online.lync.com";'msRTCSIP-PrimaryUserAddress'="sip:$($user.UserPrincipalName)";'msRTCSIP-UserEnabled'="TRUE";}
} elseif ($location -eq "clear") {
LogWrite("[$($user.UserPrincipalName)] clear")
Set-ADUser -Identity $user.SamAccountName -clear @('msRTCSIP-DeploymentLocator';'msRTCSIP-PrimaryUserAddress';'msRTCSIP-UserEnabled';)
}
}
LogWrite("[AD UPDATE] Done")
Write-Host "[AD UPDATE] Done" -foregroundcolor Green |