Bulk AD Changes

Owned by Former user (Deleted)
Last updated: Jan 27, 2015 by Dan Franko (Unlicensed)
2 min read

[Paul Thorn has] created a PowerShell script to create the AD ServiceNow groups and populate their memberships.

The routine is out on \\utility1\c$\scripts\ServiceNow-ADGroup_and_Membership.ps1

It uses the Quest PowerShell snapins.

You will need to supply one parameter to it and that is the CSV filename (no filetype extension) which also becomes the AD group name.

Send a request to Windows Systems with the CSV files attached in the format “ServiceNow_xxxx”.

The CSV files first record needs to contain “netid” as this becomes a PowerShell variable to the “import-csv” call.

It will create the AD groups under this LDAP OU location:

'ou=ServiceNow,ou=Applications,ou=Enterprise Systems,ou=Information Technology Services,dc=yu,dc=yale,dc=edu'

Here is the original source code for reference:

# ServiceNow-ADGroup_and_Membership.ps1
#
# Paul B. Thorn - paul.thorn@yale.edu January 31, 2012
 
# First, make sure the user specified a valid CSV filename on the command line
#
param( [Parameter(Mandatory=$true)] $CSV_FileName)  # will prompt if FileName is not specified on command line.
 
Write-Host "`nLoading Quest PowerShell Snapin..."  -fore green
add-PSSnapin  quest.activeroles.admanagement
 
Write-Host "Creating AD Group $CSV_FileName..."  -fore green
$x = new-qadGroup  -ParentContainer 'ou=ServiceNow,ou=Applications,ou=Enterprise Systems,ou=Information Technology Services,dc=yu,dc=yale,dc=edu' -name $CSV_FileName -samAccountName $CSV_FileName -grouptype 'Security' -groupscope 'Global'
 
sleep 10
 
Write-Host "Adding Group memberships to $CSV_FileName...`n"  -fore green
$x = Import-Csv ./$CSV_FileName.csv | foreach {add-qadgroupmember -identity "yale\$CSV_FileName" -member $_.netid}

Paul B. Thorn
Senior Systems Specialist
Senior Active Directory Administrator / Exchange Administrator (Backup)
Information Technology Services, Yale University
25 Science Park (419JJ), Box 208207
150 Munson Street
New Haven, Connecticut 06520-8207
Phone: 203.432.7241
paul.thorn@yale.edu

 

Creating changes to AD manually

also known as commafication or comma-ify or commafy. (actually, semicolon is the separator, because Microsoft likes to do things different.) semicolonify

Sometimes we will get a long list of users, and we want to add these to AD. The way to do this is to first convert them into a semi-colon delimited list, and then the list can be pasted in one step to the manual AD console.

zuse:~ db692$ cat asdf7 | tr '\n' ';'
aa683;bcm44;cac258;ccc77;cgg25;chs52;daa43;daf62;ds882;ebb37;ewr22;fz67;hc438;hx63;itn2;jvh23;jy356;jz399;kl466;km696;lag48;lmf42;mbq3;mgw36;mlt37;ncx2;nd282;nsh24;ntd3;pdb5;pmk33;rdc49;reb69;rsl42;saz8;sgm8;sin3;sjr55;sp572;sx45;uke2;vc227;wwc22;xc75;yl636;yw393;ztb3;
 
and then that list can be pasted, minus the final semicolon.

Set the default group for multiple people

 

var netids = ["netid"];
for(index = 0; index < netids.length; index++) {
	var g = new GlideRecord('sys_user');
	g.addQuery('user_name',netids[index]);
	g.query();
	g.next();
	//Put the sys_id of the group here
    g.u_default_group = 'd32a8558d81de8407ac0638b5167dc58'
	g.update();
	gs.print('Name: ' + g.user_name);
	gs.print('Default Group: ' + g.u_default_group);
};

 

Get the netids from a list

 

echo -n "var netids = ["; cat test | awk -v nlines=$(wc -l test | awk {'print $1'}) '{printf "\042"$1"\042"} NR != nlines { printf "," }'; echo '];'