In order for you to successfully run the below script (or a variation of it), you must be signed on with an account with authority to create new accounts in AD and Exchange. Let's start by opening Windows Powershell as an Administrator. You'll need to set a few items next.
First, we're going to lift the resticted security level for powershell scripts.
Set-ExecutionPolicy Unrestricted
Set-ExecutionPolicy Unrestricted
Next, I'm going to grab the credentials to run the script
$UserCredential = Get-Credential
$UserCredential = Get-Credential
Then you need to connect to the Exchange server you are adding mailboxes to. Make sure you change the web address to your server.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ServerFQDN/PowerShell/ -Authentication Kerberos -Credential $UserCredential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ServerFQDN/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Finally, load all the necessary Exchange files.
Import-PSSession $Session
Import-PSSession $Session
Or you can chain them all together.
Set-ExecutionPolicy Unrestricted ; $UserCredential = Get-Credential; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ServerFQDN/PowerShell/ -Authentication Kerberos -Credential $UserCredential; Import-PSSession $Session
Set-ExecutionPolicy Unrestricted ; $UserCredential = Get-Credential; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ServerFQDN/PowerShell/ -Authentication Kerberos -Credential $UserCredential; Import-PSSession $Session
Now you can run your script. Here is an example of a script used to add a user with an Exchange mailbox with the addition to several features added and fields populated using a CSV file.
#bulkAdd.ps1 powershell script
#The below line calls the CSV file and stipulates that the script will run for each row
import-csv -path c:\temp\users3.csv | foreach {
#The below 2 lines split the users name allowing it to first and last name
$givenName = $_.name.split()[0]
$surname = $_.name.split()[1]
#The below line sets the security groups you have entered under one variable. If you include more than 3 groups in your CSV, be sure
#to add those additional groups to the below line.
$groups = $_.group1,$_.group2,$_.group3
#The below line is the command used to add the user to AD.
#Fields with a hyphen denote the variable used by the new-aduser command
#Fields with a $_. denote the column name in your CSV file.
new-aduser -name $_.name -enabled $true –givenName $givenName -displayname $_.displayname –surname $surname -accountpassword (convertto-securestring $_.password -asplaintext -force) -changepasswordatlogon $true -samaccountname $_.samaccountname –userprincipalname ($_.samaccountname+”@YOURDOMAIN.HERE”) -city $_.city -department $_.department -street $_.street -state $_.state -postalcode $_.zip -title $_.title -emailaddress $_.email -path $_.path -HomeDrive $_.drive -HomeDirectory ($_.home+$_.samaccountname) -ScriptPath $_.script -officephone $_.officephone -mobilephone $_.cellphone
#The below line creates a usable varaible for the users account name
$userName = $_.samaccountname
#The below line pauses the script for 10 seconds, allowing the account to be intially created.
Start-Sleep -s 10
#The below 2 lines adds the user to the security groups in your CVS file. A blank field, misspelled, or missing group name will cause an error.
#It will not stop the script.
foreach($group in $groups){
Add-ADGroupMember -Members $userName -Identity $group}
#The below line pauses the script for 30 seconds, allowing the account to be completely created and found by the Exchange server.
Start-Sleep -s 30
#The below line creates the users mailbox on the Exchange server.
Enable-Mailbox -identity $_.samaccountname
#The next line is added because of an existing email address policy. This bypasses that policy.
#Error you will see -
#WARNING: Couldn't update the primary SMTP address because this mailbox is configured to use an e-mail address policy. To disable the e-mail
# address policy for this mailbox, run the command with the EmailAddressPolicyEnabled parameter set to $false.
Set-Mailbox $_.samaccountname -EmailAddressPolicyEnabled $false
#The below line adds an additional email address other than the default email address assigned.
#Examples could be an email address for a second domain or just a secondary email address.
Set-Mailbox $_.samaccountname -EmailAddresses @{add=$_.email}
#The below line sets the additional email address as the primary remail address.
Set-Mailbox $_.samaccountname -PrimarySmtpAddress $_.email
#bulkAdd.ps1 powershell script
#The below line calls the CSV file and stipulates that the script will run for each row
import-csv -path c:\temp\users3.csv | foreach {
#The below 2 lines split the users name allowing it to first and last name
$givenName = $_.name.split()[0]
$surname = $_.name.split()[1]
#The below line sets the security groups you have entered under one variable. If you include more than 3 groups in your CSV, be sure
#to add those additional groups to the below line.
$groups = $_.group1,$_.group2,$_.group3
#The below line is the command used to add the user to AD.
#Fields with a hyphen denote the variable used by the new-aduser command
#Fields with a $_. denote the column name in your CSV file.
new-aduser -name $_.name -enabled $true –givenName $givenName -displayname $_.displayname –surname $surname -accountpassword (convertto-securestring $_.password -asplaintext -force) -changepasswordatlogon $true -samaccountname $_.samaccountname –userprincipalname ($_.samaccountname+”@YOURDOMAIN.HERE”) -city $_.city -department $_.department -street $_.street -state $_.state -postalcode $_.zip -title $_.title -emailaddress $_.email -path $_.path -HomeDrive $_.drive -HomeDirectory ($_.home+$_.samaccountname) -ScriptPath $_.script -officephone $_.officephone -mobilephone $_.cellphone
#The below line creates a usable varaible for the users account name
$userName = $_.samaccountname
#The below line pauses the script for 10 seconds, allowing the account to be intially created.
Start-Sleep -s 10
#The below 2 lines adds the user to the security groups in your CVS file. A blank field, misspelled, or missing group name will cause an error.
#It will not stop the script.
foreach($group in $groups){
Add-ADGroupMember -Members $userName -Identity $group}
#The below line pauses the script for 30 seconds, allowing the account to be completely created and found by the Exchange server.
Start-Sleep -s 30
#The below line creates the users mailbox on the Exchange server.
Enable-Mailbox -identity $_.samaccountname
#The next line is added because of an existing email address policy. This bypasses that policy.
#Error you will see -
#WARNING: Couldn't update the primary SMTP address because this mailbox is configured to use an e-mail address policy. To disable the e-mail
# address policy for this mailbox, run the command with the EmailAddressPolicyEnabled parameter set to $false.
Set-Mailbox $_.samaccountname -EmailAddressPolicyEnabled $false
#The below line adds an additional email address other than the default email address assigned.
#Examples could be an email address for a second domain or just a secondary email address.
Set-Mailbox $_.samaccountname -EmailAddresses @{add=$_.email}
#The below line sets the additional email address as the primary remail address.
Set-Mailbox $_.samaccountname -PrimarySmtpAddress $_.email
Attached is a sample CSV containing the following fields that are used with the above script -
Name - First and Last name of the user.
DisplayName - If different than the name of the user.
samAccountName - Account name.
Password - Temporary password of the account.
Street, City, State, Zip - Fields in the Address tab of the AD account.
Title - Users title.
Department - Department of the user.
Officephone - Number used to populate the Telephone number field.
Cellphone - Number used to populate the mobile number field in the Telephones tab of the AD account.
Email - The email address that will be listed in the email field in the General tab.
Path - The container the user will reside in within AD if something other than Users.
Home - The network path to the users assigned home folder in the Profile tab.
Drive - The drive letter assigned to the users home drive.
Group(1,2,3) - The AD security groups the user will be added to.
Script - The login script that will run when the user logs in.
Download CSV Document
