http://help.outlook.com/en-us/140/search.aspx?q=New-Mailbox
http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/
Not tried it but it looks also that the Quest Team have some userfriendly scripts
http://www.quest.com/powershell/activeroles-server.aspx
also there is a Powergui:
http://wiki.powergui.org/index.php/Main_Page
MY SAMPLE:
# Creation 14.3.2012
# Script was created for Powershell 1.0
# This Script was tested on Windows 2k8R2 Enterprise Server SP1
# and actual Hotfixes of End of February 2012
# Exchange 2010 Server SP2
# Script was running with User that is a Member of following Groups
# Administrators, Domain Admins, Domain Users, EnterpriseAdmins,
# Group Policy Creator Owners, Organization Management, Remote Desktop Users
# and Schema Admins
#
#
# Special INFO:
# Get-QADUser user|
# Add-QADPermission -Account SELF,Everyone -ExtendedRight "User-Change-Password" -Deny -ApplyTo ThisObjectOnly
Write-Host " CreateADUsersWithMailbox"
Write-Host " First Script asks you needed data to create the users"
#Password only one default for all users
$password = Read-Host "Enter default password that will be used for all users" -AsSecureString
#Get the OU
$OUSiteDef = Read-Host "Enter OU like format PerfTest/Test1 ...."
if (!($OUSiteDef -like "")) {
# given OU is used
}
else {
# Default value is used
$OUSiteDef = 'PerfTest/Test1'
}
#Get the AD-Domain
$FQDN = Read-Host "Enter AD FQDN like format dev3perf.test ...."
if (!($FQDN -like "")) {
# given AD FQDN is used
}
else {
# Default value is used
$FQDN = 'dev3perf.test'
}
#construction of OU in the AD-Domain
$OurOrgUnit = "$FQDN/$OUSiteDef"
[int]$NoOfUsers = Read-Host "Enter Number of Users"
[int]$NoFirstUser = Read-Host "User(i) Starts with Number=i"
#Get the SMTP-Domain (sometimes it is the same like the AD-Domain) but not anytime
$SMTPDomain = Read-Host "Enter SMTP-Domain like format dev3perf.test .... (!!! without the @ symbol !!!)"
if (!($SMTPDomain -like "")) {
# given SMTP-Domain is used
}
else {
# Default value is used
$SMTPDomain = 'dev3perf.test'
}
[int]$iStart = 0
[int]$iLast = 0
[int]$iStart = $NoFirstUser
[int]$iLast = $NoFirstUser + $NoOfUsers -1
Write-Host "Proccessing Creation of $NoOfUsers Users. "
Write-Host "From User$iStart to User$iLast"
Write-Host "Emailaddresses User$iStart@$SMTPDomain till User$iLast@$SMTPDomain"
[int]$i = $iStart
# Do - While Loop to iterrate the Usernames -lt $iLast
[int]$NoOfCreatedUsers = 0
Do {
Write-Host "Proccessing of No $i"
$FirstName ="FirstName" + $i
$LastName = "LastName"+ $i
$Name = "FirstName" + $i + " LastName" + $i
$DisplayName = "FirstName"+ $i +" LastName"+ $i
$Alias = "user" + $i
$EmailAddress = "User" + $i + "@" + $SMTPDomain
Write-Host "Proccessing of $DisplayName with SMTP-Address: $EmailAddress"
#Create the AD-User and the Mailbox, set the PW
#and set some Attributes (can not change, does not expire) for the password
New-Mailbox -UserPrincipalName $EmailAddress -PrimarySmtpAddress $EmailAddress -Alias $Alias -Database "Mailbox Database 0123217039" -Name $Name -OrganizationalUnit
$OurOrgUnit -Password $password -FirstName $FirstName -LastName $LastName -DisplayName $DisplayName -ResetPasswordOnNextLogon $false
#Set the UserCanNotChangePassword by ADSI
USFSetUserCannotChangePassword ($Alias)
#Process Nextone
$i =$i+1
$NoOfCreatedUsers = $NoOfCreatedUsers +1
} While (($i -le $iLast))
Write-Host "$NoOfCreatedUsers Users are created !"
#################################################################################################
# Additional Function UserFriendly SetUserCannotChangePassword
#
# Parameter: Users Alias (logonname)
#################################################################################################
#
Function USFSetUserCannotChangePassword ($UserAlias)
{
[ADSI]$UsersLdapPath = Get_LdapPath ($UserAlias)
Set-UserCannotChangePassword -ADPath $UsersLdapPath
}
#################################################################################################
# Additional Function that returns the LDAP Path
# Parameter the Users Alias (logonname)
#################################################################################################
#
Function Get_LdapPath ($UserAlias)
{
$UserName = Read-Host “username”
$searcher = new-object DirectoryServices.DirectorySearcher([ADSI]“”)
$searcher.filter = “(&(objectClass=user)(sAMAccountName= $UserName))”
$founduser = $searcher.findOne()
$P = $founduser | select path
$p.path
}
#################################################################################################
# Additional Function that sets the UserCannotChangePassword
# http://msdn.microsoft.com/en-us/library/aa746398%28VS.85%29.aspx
#################################################################################################
#
Function Set-UserCannotChangePassword
{
<#
.Synopsis
Sets the attribute 'User Cannot Change Password' on a given account.
.Description
Sets the attribute 'User Cannot Change Password' on a given account.
.Parameter ADPath
The full AD Path of the User
.Example
PS> Set-UserCannotChangePassword -ADPath 'LDAP://cn=Adam,ou=TestOU,dc=Test,dc=Com'
.Notes
NAME: Set-UserCannotChangePassword
AUTHOR: Allan Rogers
#>
Param
(
[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
[String]$ADPath
)
# --- Get the User
$User = [ADSI]($ADPath)
if ($User.Path)
{
# --- Set the Security Objects
$Everyone = [System.Security.Principal.SecurityIdentifier]'S-1-1-0'
$EveryoneDeny = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ($Everyone, `
'Extendedright', 'Deny', [GUID]'ab721a53-1e2f-11d0-9819-00aa0040529b')
$Self = [System.Security.Principal.SecurityIdentifier]'S-1-5-10'
$SelfDeny = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ($Self,`
'Extendedright', 'Deny', [GUID]'ab721a53-1e2f-11d0-9819-00aa0040529b')
# --- Apply the Settings to the User
$User.psbase.get_ObjectSecurity().AddAccessRule($SelfDeny)
$User.psbase.get_ObjectSecurity().AddAccessRule($EveryoneDeny)
$User.psbase.CommitChanges()
}
else
{
throw "Function Set-UserCannotChangePassword failed to get user at '$ADPath'"
}
}