blog.powershell.no

On Windows PowerShell and other admin-related topics

Tips when scripting users in SBS 2008

If you`re like me you like to automate repetitive tasks. Today I was setting up a Windows Small Business Server 2008, and got an Excel spreadsheet with the users to be created.
I customized the spreadsheet and saved it as a csv-file. This is the headers I used in the csv-file:

givenname,middlename,sn,displayname,name,telephonenumber,samaccountname,userprincipalname,company,parentcontainer

I then installed Quest`s PowerShell AD Cmdlets to use when creating the user accounts. PowerShell was already installed since Exchange 2007 are installed on SBS 2008.

This the PowerShell code i used:

  1. import-csv "C:\temp\users.csv" |   
  2. foreach-object { $username = $_.samaccountname;New-QADUser -FirstName $_.givenname -LastName $_.sn -ParentContainer $_.ParentContainer -SamAccountName $_.samaccountname -Name $_.name -displayname $_.displayname -userprincipalname $_.userprincipalname -Company $_.company -Department $_.department -PhoneNumber $_.telephonenumber | Set-QADUser -UserPassword Password1 -ObjectAttributes @{homeDrive= ‘F:’ ;homeDirectory= "\\domain.local\Data\Users\$username" ;scriptPath=‘netlogon.bat’}|Enable-QADUser} 

SBS 2008 aren`t actually meant for using other tools than the SBS Console, i.e. users should not be created using “Active Directory Users and Computers”. Instead there is a wizard for creating users in the SBS Console. When using this several things happens in the background, like creating home folders, mailboxes, permissions, group membership, and so on…

Also users which are not created using the SBS Console wizard does not show up in the user list in the SBS Console. I knew there is a attribute on the AD objects which the wizard stamps so they are shown in the SBS Console, but I couldn`t remember the name of the attribute. So I asked my very good friend Mr Google, and he gave me a link to a post on the SBS Blog. There I found the name of the attribute which is “msSBSCreationState”, and was planning to script the value of this attribute to the users I`ve just scripted.
Then I read this part of the blogpost:

“If you have users that do not show in the SBS Console, you can get them to show by using the Change user role for user accounts wizard. It is important to notice that this wizard does much more than correctly “stamping” the user’s msSBSCreationState attribute. Using this wizard is only a work around to get the users to show in the SBS Console that were not created using the SBS provided tools. As shown above, the only recommended way adding new users are using the Add a new user account or Add multiple user accounts wizard.”

Then I ran the “Change user role for accounts wizard” to set the account type to “Standard user” for all the scripted user accounts, and afterwards the “magic” of permissions, group membership, mailbox creation and so on were applied. So the tips when scripting user accounts in SBS 2008 is to run this wizard afterwards.

If anyone got any reasons not to create users this way in SBS, please let me know.

You might wonder if there was so many users to be created on a SBS-server which is too much to be done manually, the number was 40 and I`m just too lazy to do that manually :)

January 7, 2009 Posted by | Active Directory management, SBS 2008, Scripting | 10 Comments

   

Follow

Get every new post delivered to your Inbox.

Join 45 other followers