Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Powershell commands for export Azure AD and import into local AD
#import office 365 session
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
#connect Azure AD
Connect-MsolService -Credential $UserCredential
#Random password generator
Function random-password ($length = 8)
{
$punc = 46..46
$digits = 48..57
$letters = 65..90 + 97..122
# Thanks to
# https://blogs.technet.com/b/heyscriptingguy/archive/2012/01/07/use-pow
$password = get-random -count $length `
-input ($punc + $digits + $letters) |
% -begin { $aa = $null } `
-process {$aa += [char]$_} `
-end {$aa}
return $password
}
#Export User data from o365
$DataPath = "C:\temp\o365UserData.csv"
$GroupDataPath = "C:\temp\o365GroupData.csv"
$Results = @()
$MailboxUsers = get-mailbox -resultsize unlimited
# Get all users
foreach($user in $mailboxusers)
{
try
{
$UPN = $user.userprincipalname
$username = $user.name
$MOL = Get-MsolUser -userprincipalname $UPN | Select-Object Department, DisplayName, FirstName, LastName, Office, PasswordNeverExpires, SignInName, Title
$EmailAddress = Get-Mailbox -ResultSize Unlimited -identity $UserName |Select-Object DisplayName,PrimarySmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq "smtp"} | ForEach-Object {$_.SmtpAddress}}}
$Properties = @{
Name = $user.name
Department = $MOL.Department
Displayname = $MOL.DisplayName
EmailAddress = $Emailaddress.PrimarySmtpAddress
FirstName = $MOL.FirstNsame
LastName = $MOL.LastName
Office = $MOL.Office
PasswordNeverExpires = $MOL.Passwordneverexpires
SignInName = $MOL.SignInName
Title = $MOL.Title
UserPrincipalName = $UPN.ToLower()
SAMAccountName = ($UPN.Replace("@kingsteel.com","")).ToLower()
#Password = random-password
Password = "000000"
}
$Results += New-Object psobject -Property $properties
}
catch
{
Write-Host "Exception!" + $user.userprincipalname
}
}
# Get all groups from Azure AD
$GroupResults = Get-MsolGroup -All
# Export users to csv
$Results | Select-Object Name, SAMAccountName, DisplayName, Emailaddress, UserPrincipalName, SignInName, Password, PasswordNeverExpires, FirstName, LastName, Department, Office, Title | Sort Department,SignInName | Export-Csv -Path $DataPath -Encoding UTF8
# Export groups to csv
$GroupResults | Select-Object ObjectId, DisplayName, EmailAddress, GroupType, IsSystem | sort DisplayName, GroupType | Export-Csv -Path $GroupDataPath -Encoding UTF8
# import csv
$csv = Import-csv C:\Temp\o365GroupData.csv -Encoding UTF8
#connect Azure AD
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Connect-MsolService -Credential $UserCredential
foreach ($item in $csv)
{
try
{
# Check if group exists
$exists = Get-ADGroup $item.DisplayName
Write-Host "Group $($item.DisplayName) already exists. Skipped!"
}
catch
{
# Create AD Groups
$create = New-ADGroup -Name $item.DisplayName -GroupScope "Global" -DisplayName $item.DisplayName -Path "OU=Groups,DC=kingsteel,DC=com" -PassThru
Write-Host "Group $($item.DisplayName) created."
# Get group members from Azure Ad
$members = Get-MsolGroupMember -GroupObjectId $item.ObjectId | Where {$_.GroupMemberType -eq "User"}
# Add member to group
foreach($member in $members)
{
# get user from Azure AD
$u = Get-MsolUser -userprincipalname $member.EmailAddress
# get user SAMAccount property
$sam = $u.userprincipalname.Replace("@kingsteel.com","").ToLower()
# Add to group
Add-ADGroupMember $item.DisplayName $sam
Write-Host "User "+ $sam + "add to group " + $item.DisplayName
}
}
}
# import Users
import-csv C:\Temp\o365userdata.csv -Encoding UTF8 | foreach-object {New-ADUser -Path ("OU="+$_.Department+",OU=Head Office,DC=kingsteel,DC=com") -Name $_.Name -SamAccountName $_.SAMAccountName -GivenName $_.FirstName -Surname $_.LastName -Department $_.Department -DisplayName $_.DisplayName -EmailAddress $_.EmailAddress -Office $_.Office -ChangePasswordAtLogon $True -Title $_.Title -UserPrincipalName $_.UserPrincipalName -Enable $True -AccountPassword (ConvertTo-SecureString -string $_.Password -AsPlainText -force) }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment