I have been working with a customer recently when they needed to enable all the users in a certain OU with the exception of a small bunch of users. The way I chose to do this was suggest using a security group to define the exceptions and then use a script to enable everyone who was in the designated OU with the exception of the users in the designated security group.

I have found several other posts across the Internet where people have enabled from an OU but not with the security group exception so I put together this script and thought I'd share it for others to use.

I was scheduling the script file to run on one of the Lync front end servers every day so that any new users will be automatically enabled if they are in the correct OU and not a member of the security group.

The script will also Lync disable users who are currently enabled and then added to the security group.

Below is the script, just copy and save as a .ps1 file and your done.




I was recently working on a project where users were getting new laptops issued to them and this involved users having to have their passwords changed afterwards to ensure security. Rather than do it manually I cooked up this little script with a little help from Google.

The script will look for a CSV file in the location C:\Scripts\Users.csv and will only be looking for one column called SamAccountName. If the file doesn't exist in that location or the CSV file it finds doesn't have a SamAccountName column it wont work and will fail.

If you do use the script you can always change the path manually in the script to where you have stored the CSV file. I may update the script when I get chance to put it into a variable that can be passed into the script but that's for another day.

The script will then read the contents of the CSV file and for each entry it will set the 'User must change password at next logon

Here is the script itself


So imagine a situation where you have Office 365 and you synchronise your on premise Active Directory with Office 365 via DirSync or Windows Azure Active Directory Sync Tool to give its full name. One day an employee comes to you and informs you of their name change which you duly change in your on premise active directory and either wait for a sync to occur or trigger on manually. Then you find out that the users logon name in Office 365 hasn't changed so they are still logging in with their old logon name or worse they cannot access their mailbox. ...continue reading "Changing a user’s logon name in Office 365"

So after installing more than a few times I thought about writing my own powershell script to automate some of the process, there was no need though when I stumbled across this great script..check it out here

You wont be disapppointed, I know I wasnt.