Bulk mailbox creation revisited: Adding Active Directory attributes

by Bharat Suneja

The instructions in Exchange Server 2007: Bulk creation of mailboxes using Exchange Management Shell allow you to quickly create mailboxes in bulk using the New-Mailbox command.

Continuing from where we left off in that post, another scenario is being able to add Active Directory attributes to the new user object created by New-Mailbox. Note, the New-Mailbox command can populate only a limited set of AD attributes for an object – those related to Exchange. These are listed in the documentation for New-Mailbox.

To add AD attributes, the logical choice would be to use the New-User command to create the user, and mailbox-enable it by using Enable-Mailbox. This would work great, except for the fact that the New-User command doesn’t exist! The key thing to remember is – Exchange provides only the commands necessary to create Exchange recipients. So you have commands like New-Mailbox, New-MailUser, New-MailContact, New-PublicFolder/New-MailPublicFolder, and New-DistributionGroup. However, there are no AD-equivalents like New-User, New-Contact (to create a Contact that’s not mail-enabled), New-SecurityGroup or New-Group.

PowerShell and Active Directory

Active Directory isn’t really PowerShell-enabled, as other components of Windows – like the file system, registry, etc., and Exchange Server 2007 are. There are no AD-related commands (Cmdlet? Shell folks, was it really necessary to introduce another word to the jargon – one that uses the entire word “command”? Perhaps something shorter would’ve been nicer if you wanted to have a unique word… :-) You can use the Directory Services provider, but that essentially leaves you in VBScript mode, with some PowerShell goodness! A little easier, but not natively shell, as you are used to with Exchange commands.

Quest adds these much-needed commands through its free add-on Management Shell for AD. Download it here. Quest has named them so they’re differentiated from future commands that will be available natively in PowerShell. For the time being, the quirkiness of typing commands with a Q – as in New-QADUser instead of New-ADUser or New-User – is something we will have to live with, until AD is PowerShell-enabled.

Kudos to the folks at Quest for making these available for free.

Also take a look at PowerShell Community Extensions – it has an Active Directory provider that lets you navigate AD like a file system.

If you already have a user created, you can use the Set-User command to populate its AD-related attributes.

To accomplish what we want to do here (thanks to Evan Dodds for the input), we use the New-Mailbox command, and pipe the output to Set-User to populate AD attributes. In the following example, we add the Phone attribute, besides using the Alias, Name and UserPrincipalName attributes used to create the mailbox.

Add the Phone column in our CSV/spreadsheet, so it looks like the following:

Alias,Name,UPN,Phone
User_One,User One,userone@yourUPNsuffix.com,650.555.1121
User_Two,User Two,usertwo@yourUPNsuffix.com,650.656,2221
User_Three,User Three,userthree@yourUPNsuffix.com,650.797.3321

Now we modify the script/commands from the previous post:

$password=Read-Host “Enter Password” -AsSecureString

Import-CSV “c:\CreateRecipients.csv” foreach {new-mailbox -alias $_.alias -name $_.name -UserPrincipalName $_.UPN -database “Mailbox Database” -org “Users” -Password $password | set-user -phone $_.phone}

The above command(s) create the user account as part of New-Mailbox. When we pipe that to Set-User, we still have a reference to that object, and can use Set-User to populate the AD attribute Phone. (Changes made to the command from previous post highlighted.)

Related Posts:
Exchange Server 2007: Bulk creation of mailboxes using Exchange Management Shell
Exchange Server 2007: Bulk mailbox-enabling users using Exchange Shell

{ 4 comments… read them below or add one }

Techiedude January 7, 2008 at 12:39 pm

Hi Bharat,

I really enjoy your blog and your seminars at TechMentor Orlando last year were very informative! I was wondering if you might know how to use PowerShell to set the working hours attribute for room resources? I’ve tried looking at set-mailbox, set-user, set-mailboxcalendarsettings and none of them have a reference to setting the working hours (MailboxCalendarSettings only has a setting to enforce scheduling during working hours but I couldn’t find a way to specifically set the working hours). I can’t imagine MS would require an admin to login into each resource acct via OWA to set the available/working hours for room resources…Any insight/ideas?

Many thnx for your great tips-n-trix!

Reply

Bharat Suneja January 12, 2008 at 10:46 am

Techiedude,

Thanks for your feedback about Exchangepedia and the TechMentor sessions.

Setting working hours for a mailbox: The Set-MailboxCalendarSettings command has the ScheduleOnlyDuringWorkingHours parameter. However, there’s no parameter to actually specify the working hours, and no shell command to accomplish this.

Reply

Dustin June 8, 2008 at 10:44 am

It’s not as clean, but couldn’t use set the hours on a test or template user account and then copy the logonHours attribute from that account to your new one? It’s a binary attribute, but I think it can be written to like any other one.

Reply

Anonymous August 14, 2010 at 10:55 am

Bharat, Thank you for such an informative post. Incoming version of Softerra Adaxes (http://www.adaxes.com) supports PowerShell and Exchange, that are essential in the described issue. You have 30 days for the software free evaluation.

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: