Get-UserList

By Ace Fekay
Published 2/21/2018

Intro

Ace here again. I’ve been playing more and more with scripting and well, I’m far from being an expert, but I continue to read up on it, research, and ask lots of questions.

I thought to share this cool function to enumerate a list of sAMAccountNames and email addresses and validate if the account exists. There isn’t anything out there like this at the moment, at least that I could find, which prompted its creation.

Kudos to my colleague Gamal. that helped me with this script.

Scope

Ever had a list of user accounts that you want to run the Exchange PowerShell cmdlet Get-Recipient to list their email addresses and displayNames, etc?

And the list is mixed with sAMAccountNames, email addresses, and displayNames, and worse, there are spaces and empty lines in the list, and further, they include bunch of accounts that don’t exist that give you that awesome (yea right) RED errors on your screen?

And you have to clean up the list first. Isn’t that a pain to clean it up before you run it?

Here’s a quick function to clean up the list, then enumerate and validate the list, reporting in almost any way you like that also tells you which accounts are invalid, without all those errors.

Get-Recipient

I decided to use Get-Recipient because the Get-Mailbox cmdlet won’t work if the account is a MailUser, Contact, or DL.

Quick script to enumerate and count, but without account validation

(Get-content “c:\temp\email-addresses.txt”) | ? {$_.trim() -ne “” } | set-content “c:\temp\user-list.txt”
$File = ((Get-content “c:\temp\user-list.txt”)).Trim()
$File | get-recipient  -Properties PrimarySmtpAddress ,displayName,name  | ft  Name,DisplayName, prim* -A
Write-Host “Total count:” ($file).Count

Script to enumerate and count, with account validation

Copy and paste the following into notepad, and save it as Get-UserList.ps1, and run it to load the function.

#################\\\\\\\\\\\\\\\\////////////////#################
# This Function (or script without the Function tag) will:
# 1. Reads a text file with mixed sAMAccountName, DisplayNames,
#     or primary email alias (recommended to not use displayNames)
# 2. Clean up white spaces and empty lines in the list
# 3. Searches and performs a validity check creating a report that
#      indicates active and inactive accounts
#
# Usage: Create a file of sAMAccountNames and email addresses,
# save it as a text file, then run Get-UserList
#
# Credit to my colleague Gamal for helping to create this cool script
#################\\\\\\\\\\\\\\\\////////////////#################
Function Get-UserList {

function change-color-red
{
process {Write-Host $_ -ForegroundColor DarkRed}
}
############
$EmailAddressList = “C:\temp\user-list.txt”
$File = ((Get-content $EmailAddressList) | Where-Object {$_.trim() -ne “” }).Trim()

$output = $File | ForEach-Object {

    $exists = if((Get-recipient $_ -erroraction SilentlyContinue)) {
                   Write-Output “Yes”
               }
             else {
                 Write-Output “Does not exist”
             }
     $recipient = Get-Recipient $_ -ErrorAction SilentlyContinue            

    $hash = @{‘Name’ = $_;
               ‘Does-Account-Exist?’ = $exists;
               ‘userID’ = $recipient.SamAccountName
               ‘DisplayName’ = $recipient.DisplayName
               ‘Email’ = $recipient.PrimarySMTPAddress
       }
      
     New-Object psobject -Property $hash
}
Write-Host “******************************************************************************”
$output | ft name,UserId, DisplayName, Email, Does-Account-Exist? -AutoSize | Out-Host
Write-Host “******************************************************************************”
Write-Host “There is/are $(($output).Count) account(s) in the queried user access list.” -ForegroundColor Magenta
Write-Host “Out of the list of users, there is/are $(($output | Where-Object Does-Account-Exist? -EQ ‘Yes’).count) Active account(s).” -ForegroundColor Cyan
Write-Host “Out of the list of users, there is/are $((($output | Where-Object Does-Account-Exist? -EQ ‘Does not exist’) | Measure-Object).count) Inactive account(s).” -ForegroundColor Red
Write-Host “******************************************************************************”
Write-Host “Ref: Part of a Cool Scripts and Functions List! – Ace Fekay”
}
#################////////////////\\\\\\\\\\\\\\\\#################

User list file example

As you can see I’ve mixed up the input type. The first.last represents a saMAccountName,”Ace Fekay” represents a displayname, and of course, email addresses.

============================
Smith, John

Ace Fekay
tom.thumb@contoso.com

j.doe
m.smith
============================

If you have displayNames mixed in the file

Keep in mind, if the displayName is not an exact match, it will result in a “Does Not Exist.” In such cases if you need to look them up, add the –anr (for ambiguous name lookup) to the Get-Recipient cmdlet – there are two lines in the script wtih the Get-Recipient. Add –anr to both, as shown below:

$recipient = Get-Recipient -anr $_ -ErrorAction SilentlyContinue

However, if there are multiple similar names, then you won’t get an accurate report. I’d rather just not use it and just create a user list based on either email addresses or sAMAccount names.           

How to run it

Create a list in notepad, save it as a txt file in c:\temp, or anywhere else and reference that in the script, then run:

get-Userlist

=====================

Summary

I hope this helps!

Published 2/21/2018

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2012|R2, 2008|R2, Exchange 2013|2010EA|2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

As many know, I work with Active Directory, Exchange server, and Office 365 engineer/architect, and an MVP in Active Directory and Identity Management, and I’m an MCT as well. I try to strive to perform my job with the best of my ability and efficiency, even when presented with a challenge, and then help others with my findings in case a similar issue arises to help ease their jobs. Share the knowledge, is what I’ve always learned.

I’ve found there are many qualified and very informative websites that provide how-to blogs, and I’m glad they exists and give due credit to the pros that put them together. In some cases when I must research an issue, I just needed something or specific that I couldn’t find or had to piece together from more than one site, such as a simple one-liner or a simple multiline script to perform day to day stuff.

I hope you’ve found this blog post helpful, along with my future scripts blog posts, especially with AD, Exchange, and Office 365.

clip_image0023 clip_image0043 clip_image0063 clip_image0083 clip_image0103 clip_image0123 clip_image0143 clip_image0163

Complete List of Technical Blogs (I may be moving the following site): http://www.delawarecountycomputerconsulting.com/technicalblogs.php

Or just search within my blogs:
https://blogs.msmvps.com/acefekay/

This posting is provided AS-IS with no warranties or guarantees and confers no rights.


 

Establishing a PowerShell Session to Your Office 365 Tenant or OnPrem Exchange

By Ace Fekay
Published 5/11/2017

Prelude

I’m working on posting more scripting blogs managing Active Directory, Office 365, and Exchange OnPrem, or On Premises.

And I stress the phrase, “On Premises,” and NOT “On Premise!”

Scope

Instead of repeating this procedure in each blog I write that has something to do about scripting where you must connect a PowerShell or an ISE session (I’d rather use ISE) to the tenant or OnPrem box, I thought to just put this together and reference the URL to connect. It’s easier and takes up less space on the blog with the actuals PS commands and scripts.

Office 365 tenant without ADFS

If you are not using multifactor auth or ADFS, open a PowerShell window and the run the following:

$MySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $YourCred -Authentication Basic –AllowRedirection

This will prompt you for your credentials. Then import the session you just created:
import-pssession $MySession

If using a Proxy:

$MySession = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $YourCred -Authentication Basic –AllowRedirection (New-PSSessionOption -ProxyAccessType IE)

This will prompt you for your credentials. Then import the session you just created:
import-pssession $MySession

Import AD Module:

I always import the Active Directory module so I can run AD tools. Of course, you will need AD permissions to modify, but anyone can read properties:

Import-module ActiveDirectory

.

Office 365 ADFS and/or Multifactor Auth

Go to http://aka.ms/exopspreview. It will open and create a PowerShell session specifically to assist with establishing a session with Office 365. Then run the following:

Connect-EXOPSSession -UserPrincipalName YourEmail@contoso.com -PSSessionOption

If using a Proxy:

Connect-EXOPSSession -UserPrincipalName YourUserNamea@contoso.com -PSSessionOption (New-PSSessionOption -ProxyAccessType IE)

Import the AD Module:

I always import the Active Directory module so I can run AD tools. Of course, you will need AD permissions to modify, but anyone can read properties:

Import-module ActiveDirectory

.

Exchange OnPrem

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchange02.contoso.local/PowerShell/ -Authentication Kerberos
Import-PSSession $Session
Add-PSSnapin Microsoft.Exchange.Management.Powershell.Support

Import the AD Module:

I always import the Active Directory module so I can run AD tools. Of course, you will need AD permissions to modify, but anyone can read properties:

Import-module ActiveDirectory

.

============================================================

Summary

I hope this helps!

Published 5/11/2017

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image0023 clip_image0043 clip_image0063 clip_image0083 clip_image0103 clip_image0123 clip_image0143 clip_image0163

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

Or just search within my blogs:
https://blogs.msmvps.com/acefekay/

This posting is provided AS-IS with no warranties or guarantees and confers no rights.