Adding Aliases to AD with PowerShell

Adding aliases in AD is a VERY simple task.

You can just find the user via the ADUC (Active Directory Users and Computers), go to the ‘attributes‘ tab on them, find ‘proxyaddresses‘ and add a new record prefixed with smtp:. For example, you could add ‘smtp:firstname.lastname@domain.com

But what if you need to add lots of aliases to lots of people?

You can do this with just a CSV file and the right PowerShell commands.

First, lets start off with the formatting of the CSV file. This should have two columns, one for the samaccountname of the user and another for the proxy addresses. Proxy addresses NEED to be prefixed with ‘smtp:‘, separated by a semi-colon and all lowercase.

Here’s an example:

samaccountnameProxyaddresses
usernamesmtp:name@domain.com;smtp:name2@domain.com

Next, we need to build the correct PowerShell script. I’ll list the steps of the script below followed by the script itself:

  1. Import the CSV file
  2. Run through each item in the CSV and try to add the proxy addresses
  3. Output either a success or failure message

Once you’ve built both components, you’ll need to update the CSV path in the PowerShell script.

You can now run the script for the aliases to be created. It can take a while for the entries to show, for me it’s typically 30 seconds to 5 minutes depending on the size of the CSV.

Enjoy! 🎉

Server Reboot Script

Running a little low on content this last few months, plus I’ve been busy with other work stuff.

I had the requirement to create a PowerShell script that would get the uptime of a server and then decide whether or not the server needed rebooting.

I also wanted the script to randomize the reboot of the servers, that way if there are multiple servers that need rebooting at once, they don’t cause a power spike or resource issues on the hosts. I did this by creating a random number between 1 and 5 and then if the number equals 5, the server is rebooted. If not then the server isn’t rebooted.

This is the script that I ended up with and what is currently being tested:

$loglocation = "C:\scripts\reboot\log"
$dateforfile = Get-Date

#GETS UPTIME IN DAYS
$lastbootuptime = Get-WmiObject win32_operatingsystem
$uptime = (Get-Date) - ($lastbootuptime.converttodatetime($lastbootuptime.lastbootuptime))
$uptimeindays = $uptime.days

#GETS RANDOM NUMBER
$randomnumber = Get-Random -Minimum 1 -Maximum 6

if ($uptimeindays -ge "14"){

 Add-Content -Path "$loglocation\$env:COMPUTERNAME.txt" -Value @"
=====================================================================================
Server restarted at:
$dateforfile
This was an immediate shutdown as the server had been up for $uptimeindays days
"@

 Restart-Computer -Force

}elseif ($uptimeindays -lt "14" -and $uptimeindays -ge "7"){

    if ($randomnumber -eq "5"){

        Add-Content -Path "$loglocation\$env:COMPUTERNAME.txt" -Value @"
=====================================================================================
Server restarted at :
$dateforfile
This was a random restart as uptime was only $uptimeindays days
"@
        Restart-Computer -Force
    }else{

        Add-Content -Path "$loglocation\$env:COMPUTERNAME.txt" -Value @"
=====================================================================================
Server NOT restarted
$dateforfile
This was not randomly restarted. Uptime is currently $uptimeindays days. Random number was $randomnumber
"@
    }
}else{

Add-Content -Path "loglocation\$env:COMPUTERNAME.txt" -Value @"
=====================================================================================
No restart required
$dateforfile
No restart required since uptime is only $uptimeindays days
"@
}

The first time I created this script and set it up as a scheduled task, nothing happened. Turns out that I needed the -Force parameter in order for the server to be rebooted.

This will later be used in a group policy without the log creating as that is only necessary in the testing stage.

Enjoy!

 

Create, Store & Use Encrypted Passwords With PowerShell

This is just a neat little “tactic” I use when I need to connect to the same machine over and over again but don’t want to drive myself insane with having to constantly enter the same username and password. For example, when testing a script.

First you need to enter your password, in plain text, into this script so that it can get the password. This a perfectly safe as it will only be at this point where the password is in plain text.

$password = "PUT PASSWORD HERE" | ConvertTo-SecureString -AsPlainText -Force

This gets the password that you just entered and encrypts it and also puts it into the variable “password”

Now you need to convert the password to an encrypted string of characters using the below command:

$Password2 = $password | ConvertFrom-SecureString | Out-File "PATH TO TEXT FILE TO STORE PASSWORD"

This puts the encrypted password into the text file for later use.

Now, whenever you need to connect to a machine, you can put this into a variable along with the username. Then put them together into a credential and away you go:

$Username = "DOMAIN\username"

$EcryptedPassword = Get-Content "LOCATION TO TEXT FILE" | ConvertTo-SecureString

$Credential = New-Object System.Management.Automation.PSCredential($Username, $EncryptedPassword)

This builds the credential which you can now use with something similar to below:

Invoke-Command -Credential $Credential -ScriptBlock {echo "test"} -ComputerName "COMPNAME" -Authentication CredCSSP

Enjoy!