Sunday, July 31, 2016

How to set up a multifunction device or application to send email using Office 365

You can use SMTP submission, direct send, or SMTP relay to allow a multifunction device, printer, or application to send email using Office 365 and Exchange Online.
This topic explains how to send email from devices and business applications when all of your mailboxes are in Office 365. For example:
  • You have a scanner, and you want to email scanned documents to yourself or someone else.
  • You have a line-of-business (LOB) application that manages appointments, and you want to email reminders to clients of their appointment time.
Use this article to choose the option that meets your requirements, then configure your device or application to send email:
NoteNote:
This document helps you set up email for multifunction printer devices and business applications only. If you want to set up a mobile device, such as a smart phone, or other email clients to send and receive from an Office 365 mailbox, see Settings for POP and IMAP access for Office 365 for business or Microsoft Exchange accounts.

Use your own email server to send email from multifunction devices and applications

If you have mailboxes in Office 365 and an email server that you manage (also called an on-premises email server), always configure your devices and applications to use your local network and route email through your own email server. For details about setting up your Exchange server to receive email from systems that are not running Exchange (such as a multifunction printer), see Create a Receive connector to receive email from a system not running Exchange.

How can devices and applications send email to recipients?

If all of your mailboxes are in Office 365, here are the options for sending email from an application or device:
NoteNote:
If you have already configured email for printers or devices and want to troubleshoot an issue, see the article Troubleshoot email sent from devices and business applications.
Descriptions of each method and configuration instructions follow.

Option 1 (recommended): Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP client submission

If your device or application can authenticate and send email using an Office 365 mailbox account, this is the recommended method. The device or application sends mail using SMTP client submission. In the following diagram, the application or device in your organization’s network uses SMTP client submission and authenticates with a mailbox in Office 365.
Shows how a multifunction printer connects to Office 365 using SMTP client submission. The connection endpoint is smtp.office365.com on port 587, and the printer uses Office 365 mailbox credentials to send email to internal and external recipients.

Using SMTP client submission

To send mail using SMTP client submission, each device or application must be able to authenticate with Office 365. Each device or application can have its own sender address, or all devices can use one address, such as printer@contoso.com. If you want to send email from a third-party hosted application or service, you must use SMTP client submission. In this scenario, the device or application connects directly to Office 365 using the SMTP client submission endpoint smtp.office365.com.

Features of SMTP client submission

  • SMTP client submission allows you to send email to people in your organization as well as outside your company.
  • This method bypasses most spam checks for email sent to people in your organization. This can help protect your company IP addresses from being blocked by a spam list.
  • With this method, you can send email from any location or IP address, including your (on-premises) organization’s network, or a third-party cloud hosting service, like Microsoft Azure.

Requirements for SMTP client submission

  • Authentication: You must be able to configure a user name and password to send email on the device.
  • Mailbox: You must have a licensed Office 365 mailbox to send email from.
  • Transport Layer Security (TLS): Your device must be able to use TLS version 1.0 and above.
  • Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports—especially port 25.
NoteNote:
For information about TLS, see How Exchange Online uses TLS to secure email connections in Office 365 and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.

Limitations of SMTP client submission

You can only send from one email address unless your device can store login credentials for multiple Office 365 mailboxes. Office 365 imposes a limit of 30 messages sent per minute, and a limit of 10,000 recipients per day.
Set up SMTP client submission by following How to configure SMTP client submission.

Option 2: Send mail directly from your printer or application to Office 365 (direct send)

If SMTP client submission is not compatible with your business needs or with your device, consider using direct send. Direct send makes it easy to send messages to recipients in your own organization with mailboxes in Office 365.
In the following diagram, the application or device in your organization’s network uses direct send and your Office 365 mail exchange (MX) endpoint to email recipients in your organization. It's easy to find your MX endpoint in Office 365 if you need to look it up.
Shows how a multifunction printer uses your Office 365 MX endpoint to send email directly to recipients in your organization only.

Using direct send

You can configure your device to send email direct to Office 365. However, in this case, Office 365 does not relay messages for external recipients and will only deliver to your hosted mailboxes. If your device sends an email to Office 365 that is for a recipient outside your organization, the email will be rejected.
NoteNote:
If your device or application has the ability to act as a mail server and deliver to Office 365 as well as other mail providers, consult your device or application instructions; there are no Office 365 settings needed for this scenario.
There are several scenarios where direct send can be the best choice:
  • If the device or application is only sending email to your own Office 365 users and SMTP client submission is not an option, this is the simplest method as there is no Office 365 configuration needed.
  • You want your device or application to send from each user’s email address and do not want each user’s mailbox credentials configured to use SMTP client submission. Direct send allows each user in your organization to send email using their own address. When you use direct send, avoid using a single mailbox with Send As permissions for all your users. This method is not supported because of complexity and potential issues.
  • Your device or application does not meet the requirements of SMTP client submission, such as TLS support.
  • Office 365 does not allow you to send bulk email or newsletters via SMTP client submission. Direct send allows you to send a higher volume of messages. However, there is a risk of your email being marked as spam by Office 365. You might want to enlist the help of a bulk email provider to assist you. There are best practices for bulk email, and bulk email providers can help ensure that your domains and IP addresses are not blocked by others on the Internet.

Features of direct send

Direct send:
  • Uses Office 365 to send emails, but does not require a dedicated Office 365 mailbox.
  • Doesn’t require your device or application to have a static IP address. However, this is recommended if possible.
  • Doesn’t work with a connector; never configure a device to use a connector with direct send, this can cause problems.
  • Doesn’t require your device to support TLS.
Direct send has higher sending limits than SMTP client submission. Senders are not bound by the 30 messages per minute or 10,000 recipients per day limit.

Requirements for direct send

  • Port: Port 25 is required and must be unblocked on your network.
  • Static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. This helps avoid your messages being flagged as spam.

Limitations of direct send

  • Direct send cannot be used to deliver email to external recipients, for example, recipients with Yahoo or Gmail addresses.
  • Your messages will be subject to antispam checks.
  • Sent mail might be disrupted if your IP addresses are blocked by a spam list.
  • Office 365 uses throttling policies to protect the performance of the service.
Set up direct send by following How to configure direct send.

Option 3: Configure a connector to send mail using Office 365 SMTP relay

Office 365 SMTP relay uses a connector to authenticate the mail sent from your device or application. This allows Office 365 to relay those messages to your own mailboxes as well as external recipients. Office 365 SMTP relay is very similar to direct send except that it can send mail to external recipients. Due to the added complexity of configuring a connector, direct send is recommended over Office 365 SMTP relay, unless you must send email to external recipients. To send email using Office 365 SMTP relay, your device or application server must have a static IP address or address range. You can't use SMTP relay to send email directly to Office 365 from a third-party hosted service, such as Microsoft Azure.
In the following diagram, the application or device in your organization’s network uses a connector for SMTP relay to email recipients in your organization.
Shows how a multifunction printer connects to Office 365 using SMTP relay. The printer uses your MX endpoint and requires a connector to authenticate using your IP address. The printer can send email to internal and external recipients.

Using Office 365 SMTP relay

The Office 365 connector that you configure authenticates your device or application with Office 365 using an IP address. Your device or application can send email using any address (including ones that can't receive mail), as long as the address uses one of your Office 365 domains. The email address doesn’t need to be associated with an actual mailbox. For example, if your domain is contoso.com, you could send from an address like do_not_reply@contoso.com.

Features of Office 365 SMTP relay

  • Office 365 SMTP relay does not require the use of a licensed Office 365 mailbox to send emails.
  • Office 365 SMTP relay has higher sending limits than SMTP client submission; senders are not bound by the 30 messages per minute or 10,000 recipients per day limits.

Requirements for Office 365 SMTP relay

  • Static IP address or address range: Most devices or applications are unable to use a certificate for authentication. To authenticate your device or application, use one or more static IP addresses that are not shared with another organization.
  • Connector: You must set up a connector in Exchange Online for email sent from your device or application.
  • Port: Port 25 is required and must not be blocked on your network or by your ISP.
  • Licensing: SMTP relay doesn’t use a specific Office 365 mailbox to send email. This is why it’s important that only licensed users send email from devices or applications configured for SMTP relay. If you have senders using devices or LOB applications who don’t have an Office 365 mailbox license, obtain and assign an Exchange Online Protection license to each unlicensed sender. This is the least expensive license that allows you to send email via Office 365.

Limitations of Office 365 SMTP relay

  • Sent mail can be disrupted if your IP addresses are blocked by a spam list.
  • Reasonable limits are imposed for sending. For more information, see Higher Risk Delivery Pool for Outbound Messages.
  • Requires static unshared IP addresses (unless a certificate is used).
Set up SMTP relay by following How to configure Office 365 SMTP relay

Summary of options for sending email from a device or application

The following table will help you decide which one of these options will meet your needs. Detailed information and setup steps follow each method.

 

SMTP client submissionDirect sendSMTP relay
Features
Send to recipients in your domain(s)YesYesYes
Relay to Internet via Office 365YesNo. Direct delivery only.Yes
Bypasses antispamYes, if the mail is destined for an Office 365 mailbox. No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record.No. Suspicious emails might be filtered. We recommend a custom SPF record.
Supports mail sent from applications hosted by a third partyYesNoNo
Requirements
Open network portPort 587 or port 25 Port 25Port 25
Device or application server must support TLSRequiredOptionalOptional
Requires authenticationOffice 365 user name and password requiredNoneOne or more static IP addresses. Your printer or the server running your LOB app must have a static IP address to use for authentication with Office 365.
Limitations
Throttling limits10,000 recipients per day. 30 messages per minute.Standard throttling is in place to protect Office 365.Reasonable limits are imposed. The service can't be used to send spam or bulk mail. For more information about reasonable limits, see Higher Risk Delivery Pool for Outbound Messages.

How to configure SMTP client submission

Devices and applications vary in functionality and terminology use. However, these configuration settings will help you set up SMTP client submission.
Enter the settings directly on the device or in the application as the device guide or manual instructs. As long as your scenario meets the requirements for SMTP client submission, these settings will enable you to send email from your device or application.

 

Device or Application settingValue
Server/smart hostsmtp.office365.com
PortPort 587 (recommended) or port 25
TLS/ StartTLSEnabled
Username/email address and password Login credentials of hosted mailbox being used

TLS and other encryption options

Determine what version of TLS your device supports by checking the device guide or with the vendor. If your device or application does not support TLS 1.0 or above:
  • Use direct send or Office 365 SMTP relay for sending mail instead (depending on your requirements).
  • If it is essential to use SMTP client submission and your printer only supports SSL 3.0, you can set up an alternative configuration called Indirect SMTP client submission. This uses a local SMTP relay server to connect to Office 365. This is a much more complex setup. Instructions can be found here: How to configure Internet Information Server (IIS) for relay with Office 365.
NoteNote:
If your device recommends or defaults to port 465, it does not support SMTP client submission.

How to configure direct send

Devices and applications vary in functionality and terminology use. To configure direct send, enter the following settings on the device or in the application directly.

 

Device or application settingValue
Server/smart hostYour MX endpoint, for example, contoso-com.mail.protection.outlook.com
PortPort 25
TLS/StartTLSEnabled
Email addressAny email address for one of your Office 365 accepted domains. This email address does not need to have a mailbox.
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:

 

DNS entryValue
SPFv=spf1 ip4: include:spf.protection.outlook.com ~all

Full configuration instructions for direct send

  1. If your device or application can send from a static public IP address, obtain this IP address and make a note of it. You can share your static IP address with other devices and users, but don't share the IP address with anyone outside of your company. Your device or application can send from a dynamic or shared IP address but messages are more prone to antispam filtering.
  2. Log on to the Office 365 Portal.
  3. Make sure your domain, such as contoso.com, is selected. Click Manage DNS, and find the MX record. The MX record will have a POINTS TO ADDRESS value that looks similar to cohowineinc-com.mail.protection.outlook.com, as depicted in the following screenshot. Make a note of the MX record POINTS TO ADDRESS value, which we refer to as your MX endpoint.
    Make a note of the MX record Points to address value.
  4. Check that the domains that the application or device will send to have been verified. If the domain is not verified, emails could be lost, and you won’t be able to track them with the Exchange Online message trace tool.
  5. Go back to the device, and in the settings, under what would normally be called Server or Smart Host, enter the MX record POINTS TO ADDRESS value you recorded in step 3.
  6. Now that you are done configuring your device settings, go to your domain registrar’s website to update your DNS records. Edit your sender policy framework (SPF) record. In the entry, include the IP address that you noted in step 1. The finished string looks similar to this:
    v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all
    where 10.5.3.2 is your public IP address.
    NoteNote:
    Skipping this step might cause email to be sent to recipients’ junk mail folders.
  7. To test the configuration, send a test email from your device or application, and confirm that the recipient received it.

This method allows Office 365 to relay emails on your behalf by authenticating using your public IP address (or a certificate). This requires a connector to be set up for your Office 365 account. If your device or application supports or requires user name and password authentication, consider the SMTP client submission method instead. Quick configuration details follow. If you prefer full instructions, check the next section.

 

Device or application settingValue
Server/smart hostYour MX endpoint, e.g. yourcontosodomain-com.mail.protection.outlook.com
PortPort 25
TLS/StartTLSEnabled
Email addressAny email address for one of your Office 365 verified domains. This email address does not need a mailbox.
If you have set up Exchange Hybrid or have a connector configured for mail flow from your email server to Office 365, it is likely that no additional setup will be required for this scenario. Otherwise, create a mail flow connector to support this scenario:

 

Connector settingValue
FromYour organization's email server
ToOffice 365
Domain restrictions: IP address/rangeYour on-premises IP address or address range that the device or application will use to connect to Office 365.
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:

 

DNS entryValue
SPFv=spf1 ip4: include:spf.protection.outlook.com ~all

  1. Obtain the public (static) IP address that the device or application with send from. A dynamic IP address isn’t supported or allowed. You can share your static IP address with other devices and users, but don't share the IP address with anyone outside of your company. Make a note of this IP address for later.
  2. Log on to the Office 365 Portal.
  3. Select Domains. Make sure your domain, such as contoso.com, is selected. Click Manage DNS and find the MX record. The MX record will have a POINTS TO ADDRESS value that looks similar to cohowineinc-com.mail.protection.outlook.com as depicted in the following screenshot. Make a note of the MX record POINTS TO ADDRESS value. You'll need this later.
    Make a note of the MX record Points to address value.
  4. Check that the domains that the application or device will send to have been verified. If the domain is not verified, emails could be lost, and you won’t be able to track them with the Exchange Online message trace tool.
  5. In Office 365, click Admin, and then click Exchange to go to the Exchange admin center.
    NoteNote:
    If you have Microsoft Office 365 Small Business Premium, see the instructions here.
  6. In the Exchange admin center, click mail flow, and click connectors.
  7. Check the list of connectors set up for your organization. If there is no connector listed from your organization's email server to Office 365, create one.
    1. To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:
      Choose from your organization's email server to Office 365
      Click Next, and give the connector a name.
    2. On the next screen, choose the option By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization, and add the IP address from step 1.
    3. Leave all the other fields with their default values, and select Save.
  8. Now that you are done with configuring your Office 365 settings, go to your domain registrar’s website to update your DNS records. Edit your SPF record. Include the IP address that you noted in step 1. The finished string should look similar to this: v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all, where 10.5.3.2 is your public IP address. Skipping this step can cause email to be sent to recipients’ junk mail folders.
  9. Now, go back to the device, and in the settings, find the entry for Server or Smart Host, and enter the MX record POINTS TO ADDRESS value that you recorded in step 3.
  10. To test the configuration, send a test email from your device or application, and confirm that it was received by the recipient.

Active Directory restores: How to restore deleted objects

Windows Server 2008 and Windows Server 2008 R2 allow you to restore deleted objects back to the Active Directory. In this article, I will demonstrate an Active Directory restore with a combination of authoritative and non-authoritative techniques.

A non-authoritative restoration is a process in which the domain controller is restored, and then the Active Directory objects are brought up to date by replicating the latest version of those objects from other domain controllers in the domain.

An authoritative restore is an operation in which the data that has been restored takes precedence over the data that exists on other domain controllers in the domain. When you perform an authoritative restore, the current versions of objects in the Active Directory are overwritten by the versions of the objects which were restored.


This process works the same way regardless of how you made the backup or where the data is being restored from. The Active Directory objects that have been restored are assigned a new version number, which ensures that the Active Directory replication process will overwrite the existing Active Directory objects with the objects that have been restored. This process is completely automated and it affects all of the domain controllers in the domain.

Performing the restoration
The restoration process is performed from the command line. To begin, you’ll need to know the name of the object that you plan to restore, as well as that object’s location within the Active Directory.
Because we are restoring an object that has been previously overwritten or deleted, we will have to perform an authoritative restore. That way the item that you have restored will not be overwritten by a newer copy during the Active Directory replication process.

However, we can’t just jump right in to an authoritative restoration, because the entire Active Directory would be rolled back to a previous state and defeat the purpose of performing a granular restoration.

To keep that from happening, we’ll perform a non-authoritative restore of the entire Active Directory. After doing so, we can make the restoration authoritative for the specific object that needs to be restored.

Performing a non-authoritative restoration
There are a variety of methods for performing the initial non-authoritative restore. The easiest way to complete this process is to stop the Active Directory Domain Services and then restore a valid system state. To stop the Active Directory Domain Services you will need to open an elevated command prompt and then enter the following command:

Net Stop NTDS

As you can see in Figure A, shutting down the Active Directory Domain Services causes several other dependency services to stop as well. The dependency services that are affected by this operation include:


Figure A

Kerberos Key Distribution Center
Intersite Messaging
DNS Server
DFS Replication

Once the Active Directory Domain Services have been stopped, you can restore a System State backup. When the restoration process completes, you will likely be prompted to reboot your server. You should avoid rebooting because doing so will cause the Active Directory Domain Services to be restarted, which will cause your restoration to be overwritten.

Performing an authoritative restore
Before the server is rebooted, we need to tell Windows which Active Directory object needs to be restored authoritatively. This can be accomplished by using the NTDSUTIL utility. You can begin the process by entering the following commands:

cmd> Ntdsutil
ntdsutil: Activate Instance NTDS
ntdsutil: Authoritative Restore

Although not technically required, I recommend entering the LIST NC CRs command at this point. This command will list the various Active Directory partitions and their cross references. It allows you to validate that you are about to perform an authoritative restore within the correct Active Directory partition, as shown in Figure B.


Figure B

Now it’s time to specify the object that needs to be restored. You can do so by using the Restore Object command. For example, suppose that you wanted to restore a user account named User1 that existed in the Users container in a domain named Contoso.com. To perform such a restoration, you would use the following command:

Restore Object “CN=User1,CN=Users,DC=Contoso,DC=com”

Wrapping it up
Now that you have marked the object that needs to be restored, the only thing that is left do is to restart the Active Directory Domain Services. This can be accomplished by entering the following command:

Net Start NTDS


When the Active Directory Domain Services start, the object that you restore will be replicated to the other domain controllers in the domain.

Disable USB Storage via GPO

The use of USB-devices (flash drives, USB HDD, SD cards and so on) is disabled for safety reasons to prevent security leakage and virus infection. This article will tell how to disable the use of external USB-drives, prevent writing to them or run executable files using group policies (GPO).
USB device policy will work if an infrastructure complies with these requirements:
1.     Active Directory schema version — Windows Server 2008 or higher
Note. The set of policies allowing to control the installation and use of removable drives has been only appeared in this AD version.
2.     Client OSs – Windows Vista, Windows 7 or higher
We are going to restrict the use of USB-drives for all computers in a certain container (OU). Let’s assume that we want to apply the policy to OU named Workstations. To do it, open the GPO management console (gpmc.msc), right-click on OU Workstations and create a new policy (Create a GPO in this domain and Link it here.)
Tip. In case of stand-alone computer, the USB-port usage restriction policy can be edited using a Local Group Policy Editor – gpedit.msc.



Name the policy “Disable USB Access”.


After that, edit its parameters (Edit).


The settings of external devices restrictions located in the user and computer sections of the GPO:
1.     User Configuration-> Policies-> Administrative Templates-> System->Removable Storage Access
2.     Computer Configuration-> Policies-> Administrative Templates-> System-> Removable Storage Access
In our case, we want to disable USB-drives on the computer level so we need the second section. Expand it.
In Removable Storage Access section, there are some policies allowing to turn off the use of different types of storage devices — CD/DVDs, FDD, USB-devices, tapes and so on.
The “strongest” lockout policy — All Removable Storage Classes: Deny All Access – allows to deny the access to all types of external storage devices. To turn on the policy, open it and check Enable.


After enabling and updating the policy on customer computers (cmdgpupdate /force), the system detects the external devices being connected and returns the following error message when trying to open them:

Location is not available
Drive is not accessible. Access is denied


Tip. The same restriction can be set using the registry by creating Deny_All key of Dword-type with the value 00000001 in HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\RemovableStorageDevices branch
In this policy section, more flexible restriction to use external USB-drives can be configured.
For example, to prevent writing to USB flash drives and disks, you should only enable the policy Removable Disk: Deny write access.


In this case, users will be able to read the data stored on a USB flash drive but if they try to write some information to it the following error message will appear:

Destination Folder Access Denied
You need permission to perform this action


You can deny to run executable and script files stored on USB-drives using Removable Disks: Deny execute access policy.


Tuesday, July 26, 2016

Create Bulk AD Users from CSV using Powershell Script

Creating Bulk AD Users in Active Directory is one of the important task for every Administrator either for testing or for set of actual new employees. Normally you can create new AD user using ADUC console. But it is time consuming job if you want create multiple ad users at the same time. To overcome this every administrator should rely on any of the script technology like VBScript and Powershell. In this article. I am going write and explain Powershell Script to Create Bulk AD Users from CSV.

Before proceed, please ensure that the Active Directory module for Windows Powershell is installed or not in your machine. It will be installed by default in Domain Controller. In client machines, you need to install it through Remote Server Administration Tools.
Use below command to check Active Directory module is installed or not:

1
Get-Module -Listavailable
Create Multiple AD Users from CSV using Powershell Script
If you are newbie to Powershell, don’t forget to set your Execution Policy to unrestricted or you might get an error when you try run the script. Use the below command to set your Execution Policy:

1
Set-ExecutionPolicy Unrestricted
Powershell Script to Create Bulk Active Directory Users from CSV

Powershell Script to Create Bulk AD Users from CSV file

   1. Consider the CSV file NewUsers.csv which contains set of New AD Users to create with the attributes Name, samAccountName and ParentOU.

Create Bulk AD Users from CSV file using Powershell Script
Note: The value of ParentOU should be enclosed with double quote ("). like "OU=TestOU,DC=TestDomain,DC=Local" since it has the special character comma (,). because in csv file the comma (,) is the key character to split column headers. (Ex file: Download NewUsers.csv).

   2. Copy the below Powershell script and paste in Notepad file.
   3. Change the NewUsers.csv file path with your own csv file path.
   4. Change the domain name TestDomain.local into your own domain name
   5. SaveAs the Notepad file with the extension .ps1 like Create-BulkADUsers-CSV.ps1

Click to download Powershell script as file Download Create-BulkADUsers-CSV.ps1












Import-Module ActiveDirectory
Import-Csv "C:\Scripts\NewUsers.csv" | ForEach-Object {
 $userPrincinpal = $_."samAccountName" + "@TestDomain.Local"
New-ADUser -Name $_.Name `
 -Path $_."ParentOU" `
 -SamAccountName  $_."samAccountName" `
 -UserPrincipalName  $userPrincinpal `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -ChangePasswordAtLogon $true  `
 -Enabled $true
Add-ADGroupMember "Domain Admins" $_."samAccountName";
}
   6. Now run the Create-BulkADUsers-CSV.ps1 file in Powershell to create Bulk Active Directory users from CSV file.
1
PS C:\Scripts> .\Create-BulkADUsers-CSV.ps1
Create Bulk Active Directory Users from CSV Powershell Script

Note: I have placed script file in the location C:\Scripts, if you placed in any other location, you can navigate to that path using CD path command (like cd "C:\Downloads").

   7. Now you can check the newly Created AD Users though ADUC console.

Powershell Script to Create Bulk AD Users from CSV file
Add more AD Attributes to New User:

Here, we have Created Bulk AD Users from CSV with only three attributes Name, samAccountName and ParentOU by CSV input. If you want to give more attributes from CSV input, you can add that attributes into csv file and change the above Powershell script accordingly.

Example: if you want to add EmailAddress to new user, your csv file should be like below file.


Create Bulk AD Users from CSV Powershell Script

Change the Powershell script like this:














Import-Module ActiveDirectory
Import-Csv "C:\Scripts\NewUsers.csv" | ForEach-Object {
 $userPrincinpal = $_."samAccountName" + "@TestDomain.Local"
New-ADUser -Name $_.Name `
 -Path $_."ParentOU" `
 -SamAccountName  $_."samAccountName" `
 -UserPrincipalName  $userPrincinpal `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -ChangePasswordAtLogon $true  `
 -Enabled $true `
 -EmailAddress $_."EmailAddress"
Add-ADGroupMember "Domain Admins" $_."samAccountName";
}


Refer this technet article http://technet.microsoft.com/en-us/library/ee617253.aspx to Create Bulk AD Users with more AD attributes.

Upgrade or migrate to Endpoint Protection 12.1.6 - 12.1.6 MP5

Situation

Solution