Performing bulk Active Directory operations
The definition of a bulk operation is a single action that changes multiple objects. Performing a bulk operation is much faster than changing many objects individually. With any type of bulk operation, you need to be more accurate, because any typographic mistake will affect more than one object. The most common bulk operations are as follows:
- Creating new users from a CSV file
- Managing user attributes based on where they belong (OU, Department, Company, and so on)
- Disabling user accounts based on their activity
Although some bulk operations can be done using MMC Snap-ins, PowerShell is the most suitable tool to use. If you want to use PowerShell, you must understand the queries that will be used to list AD DS objects and how to work with .csv files. Then, you can create scripts that perform the bulk operations you need.
Using the Get-ADUser PowerShell cmdlet (for example), you can make a query to AD DS and list all user accounts. However, if you don't add a specific filter to your query, the result is likely to be useless. For this task, you need to understand the filtering parameters:
- SearchBase: Defines the AD DS path to begin searching.
- SearchScope: Defines at what level below the SearchBase the search should be performed.
- ResultSetSize: Defines how many objects to return in response to a query.
- Properties: Defines which object properties to return and display. To return all properties, type *.
All filtering of parameters, especially properties, can be made more precise using the following operators:
- -eq: Equal to
- -ne: Not equal to
- -lt: Less than
- -le: Less than or equal to
- -gt: Greater than
- -ge: Greater than or equal to
- -like: Uses wildcards for pattern matching
Once you make a correct query, you can use pipe ( | ) to perform another command to selected objects. For example, the following PowerShell command will configure the City attribute on all accounts that have the configured Department attribute with a value of IT:
Get-ADUser -Filter {Department -eq "IT"} | Set-ADUser -City London
Another suitable task for performing bulk operations is importing data from a CSV file. CSV files can contain more information than just lists and are often formatted as a spreadsheet. This approach is ideal if you need to create more than one user account at a time and the information populated in the file can be configured as an attribute in the user account. For example, the following is an example of a CSV file and the PowerShell script that will use the attribute from the CSV file:
Name,FirstName,LastName,UPN,SAM,Company
Vladimir Stefanovic,Vladimir, Stefanovic,vladimir.stefanovic@mcsacertguide.local,vladimir.stefanovic,Packt
Sasha Kranjac,Sasha,Kranjac,sasha.kranjac@mcsacertguide.local,sasha.kranjac,Packt
Import-Csv C:\Users.txt | foreach {New-ADUser -Name $_.Name -GivenName $_.FirstName -Surname $_.LastName -UserPrincipalName $_.UPN -SamAccountName $_.SAM –AccountPassword (Read-Host –AsSecureString Enter password) -Enabled $true }