-
-
Save CCOSTAN/612f52bb9726e2e33dd22a500776516f to your computer and use it in GitHub Desktop.
Powershell commands for export Azure AD and import into local AD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#import office 365 session | |
$UserCredential = Get-Credential | |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection | |
Import-PSSession $Session | |
#connect Azure AD | |
Connect-MsolService -Credential $UserCredential | |
#Random password generator | |
Function random-password ($length = 8) | |
{ | |
$punc = 46..46 | |
$digits = 48..57 | |
$letters = 65..90 + 97..122 | |
# Thanks to | |
# https://blogs.technet.com/b/heyscriptingguy/archive/2012/01/07/use-pow | |
$password = get-random -count $length ` | |
-input ($punc + $digits + $letters) | | |
% -begin { $aa = $null } ` | |
-process {$aa += [char]$_} ` | |
-end {$aa} | |
return $password | |
} | |
#Export User data from o365 | |
$DataPath = "C:\temp\o365UserData.csv" | |
$GroupDataPath = "C:\temp\o365GroupData.csv" | |
$Results = @() | |
$MailboxUsers = get-mailbox -resultsize unlimited | |
# Get all users | |
foreach($user in $mailboxusers) | |
{ | |
try | |
{ | |
$UPN = $user.userprincipalname | |
$username = $user.name | |
$MOL = Get-MsolUser -userprincipalname $UPN | Select-Object Department, DisplayName, FirstName, LastName, Office, PasswordNeverExpires, SignInName, Title | |
$EmailAddress = Get-Mailbox -ResultSize Unlimited -identity $UserName |Select-Object DisplayName,PrimarySmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq "smtp"} | ForEach-Object {$_.SmtpAddress}}} | |
$Properties = @{ | |
Name = $user.name | |
Department = $MOL.Department | |
Displayname = $MOL.DisplayName | |
EmailAddress = $Emailaddress.PrimarySmtpAddress | |
FirstName = $MOL.FirstNsame | |
LastName = $MOL.LastName | |
Office = $MOL.Office | |
PasswordNeverExpires = $MOL.Passwordneverexpires | |
SignInName = $MOL.SignInName | |
Title = $MOL.Title | |
UserPrincipalName = $UPN.ToLower() | |
SAMAccountName = ($UPN.Replace("@kingsteel.com","")).ToLower() | |
#Password = random-password | |
Password = "000000" | |
} | |
$Results += New-Object psobject -Property $properties | |
} | |
catch | |
{ | |
Write-Host "Exception!" + $user.userprincipalname | |
} | |
} | |
# Get all groups from Azure AD | |
$GroupResults = Get-MsolGroup -All | |
# Export users to csv | |
$Results | Select-Object Name, SAMAccountName, DisplayName, Emailaddress, UserPrincipalName, SignInName, Password, PasswordNeverExpires, FirstName, LastName, Department, Office, Title | Sort Department,SignInName | Export-Csv -Path $DataPath -Encoding UTF8 | |
# Export groups to csv | |
$GroupResults | Select-Object ObjectId, DisplayName, EmailAddress, GroupType, IsSystem | sort DisplayName, GroupType | Export-Csv -Path $GroupDataPath -Encoding UTF8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# import csv | |
$csv = Import-csv C:\Temp\o365GroupData.csv -Encoding UTF8 | |
#connect Azure AD | |
$UserCredential = Get-Credential | |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection | |
Import-PSSession $Session | |
Connect-MsolService -Credential $UserCredential | |
foreach ($item in $csv) | |
{ | |
try | |
{ | |
# Check if group exists | |
$exists = Get-ADGroup $item.DisplayName | |
Write-Host "Group $($item.DisplayName) already exists. Skipped!" | |
} | |
catch | |
{ | |
# Create AD Groups | |
$create = New-ADGroup -Name $item.DisplayName -GroupScope "Global" -DisplayName $item.DisplayName -Path "OU=Groups,DC=kingsteel,DC=com" -PassThru | |
Write-Host "Group $($item.DisplayName) created." | |
# Get group members from Azure Ad | |
$members = Get-MsolGroupMember -GroupObjectId $item.ObjectId | Where {$_.GroupMemberType -eq "User"} | |
# Add member to group | |
foreach($member in $members) | |
{ | |
# get user from Azure AD | |
$u = Get-MsolUser -userprincipalname $member.EmailAddress | |
# get user SAMAccount property | |
$sam = $u.userprincipalname.Replace("@kingsteel.com","").ToLower() | |
# Add to group | |
Add-ADGroupMember $item.DisplayName $sam | |
Write-Host "User "+ $sam + "add to group " + $item.DisplayName | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# import Users | |
import-csv C:\Temp\o365userdata.csv -Encoding UTF8 | foreach-object {New-ADUser -Path ("OU="+$_.Department+",OU=Head Office,DC=kingsteel,DC=com") -Name $_.Name -SamAccountName $_.SAMAccountName -GivenName $_.FirstName -Surname $_.LastName -Department $_.Department -DisplayName $_.DisplayName -EmailAddress $_.EmailAddress -Office $_.Office -ChangePasswordAtLogon $True -Title $_.Title -UserPrincipalName $_.UserPrincipalName -Enable $True -AccountPassword (ConvertTo-SecureString -string $_.Password -AsPlainText -force) } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment