powershell Powershell命令用于导出Azure AD并导入到本地AD

Posted 2021-05-22

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了powershell Powershell命令用于导出Azure AD并导入到本地AD相关的知识，希望对你有一定的参考价值。

# import Users
import-csv C:\Temp\o365userdata.csv -Encoding UTF8 | foreach-object {New-ADUser -Path ("OU="+$_.Department+",OU=Head Office,DC=kingsteel,DC=com") -Name $_.Name -SamAccountName $_.SAMAccountName -GivenName $_.FirstName -Surname $_.LastName -Department $_.Department -DisplayName $_.DisplayName -EmailAddress $_.EmailAddress -Office $_.Office -ChangePasswordAtLogon $True -Title $_.Title -UserPrincipalName $_.UserPrincipalName -Enable $True -AccountPassword (ConvertTo-SecureString -string $_.Password -AsPlainText -force) }

# import csv
$csv = Import-csv C:\Temp\o365GroupData.csv -Encoding UTF8

#connect Azure AD
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Connect-MsolService -Credential $UserCredential

foreach ($item in $csv) 
{
    try 
    {
        # Check if group exists
        $exists = Get-ADGroup $item.DisplayName
        Write-Host "Group $($item.DisplayName) already exists. Skipped!"
    }
    catch 
    {
        # Create AD Groups
        $create = New-ADGroup -Name $item.DisplayName -GroupScope "Global" -DisplayName $item.DisplayName -Path "OU=Groups,DC=kingsteel,DC=com" -PassThru

        Write-Host "Group $($item.DisplayName) created."

        # Get group members from Azure Ad
        $members = Get-MsolGroupMember -GroupObjectId $item.ObjectId | Where {$_.GroupMemberType -eq "User"}

        # Add member to group
        foreach($member in $members)
        {
            # get user from Azure AD
            $u = Get-MsolUser -userprincipalname $member.EmailAddress
            
            # get user SAMAccount property
            $sam = $u.userprincipalname.Replace("@kingsteel.com","").ToLower()

            # Add to group
            Add-ADGroupMember $item.DisplayName $sam

            Write-Host "User "+ $sam + "add to group " + $item.DisplayName 
        }
    }
}

#import office 365 session
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

#connect Azure AD
Connect-MsolService -Credential $UserCredential

#Random password generator
Function random-password ($length = 8)
{
    $punc = 46..46
    $digits = 48..57
    $letters = 65..90 + 97..122

    # Thanks to
    # https://blogs.technet.com/b/heyscriptingguy/archive/2012/01/07/use-pow
    $password = get-random -count $length `
        -input ($punc + $digits + $letters) |
            % -begin { $aa = $null } `
            -process {$aa += [char]$_} `
            -end {$aa}

    return $password
}

#Export User data from o365
$DataPath = "C:\temp\o365UserData.csv"
$GroupDataPath = "C:\temp\o365GroupData.csv"
$Results = @()

$MailboxUsers = get-mailbox -resultsize unlimited 

# Get all users
foreach($user in $mailboxusers)
{
    try 
    {
        $UPN = $user.userprincipalname
        $username = $user.name
        $MOL = Get-MsolUser -userprincipalname $UPN | Select-Object Department, DisplayName, FirstName, LastName, Office, PasswordNeverExpires, SignInName, Title
        $EmailAddress = Get-Mailbox -ResultSize Unlimited -identity $UserName |Select-Object DisplayName,PrimarySmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq "smtp"} | ForEach-Object {$_.SmtpAddress}}}

        $Properties = @{
        Name = $user.name
        Department = $MOL.Department
        Displayname = $MOL.DisplayName
        EmailAddress = $Emailaddress.PrimarySmtpAddress
        FirstName = $MOL.FirstNsame
        LastName = $MOL.LastName
        Office = $MOL.Office
        PasswordNeverExpires = $MOL.Passwordneverexpires
        SignInName = $MOL.SignInName
        Title = $MOL.Title
        UserPrincipalName = $UPN.ToLower()
        SAMAccountName = ($UPN.Replace("@kingsteel.com","")).ToLower()
        #Password = random-password
        Password = "000000"
        }

        $Results += New-Object psobject -Property $properties
    }
    catch 
    {
        Write-Host "Exception!" + $user.userprincipalname
    }
}
# Get all groups from Azure AD
$GroupResults = Get-MsolGroup -All

# Export users to csv
$Results | Select-Object Name, SAMAccountName, DisplayName, Emailaddress, UserPrincipalName, SignInName, Password, PasswordNeverExpires, FirstName, LastName, Department, Office, Title | Sort Department,SignInName | Export-Csv -Path $DataPath -Encoding UTF8

# Export groups to csv
$GroupResults | Select-Object ObjectId, DisplayName, EmailAddress, GroupType, IsSystem | sort DisplayName, GroupType | Export-Csv -Path $GroupDataPath -Encoding UTF8

以上是关于powershell Powershell命令用于导出Azure AD并导入到本地AD的主要内容，如果未能解决你的问题，请参考以下文章

powershell 用于添加上下文菜单项以打开PowerShell命令提示符并使用PowerShell ISE编辑文件的功能

用于从 Appfabric 缓存中删除项目的 Powershell 命令

命令不适用于Powershell中的变量[重复]

将 PowerShell 用于 Visual Studio 命令提示符

用于检查应用程序是不是以提升的权限运行的 PowerShell 命令

Active Directory 命令在 PowerShell 下工作，但不适用于命令提示符