Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox

Most IT admins know what a pain it is to set up Active Directory user accounts, especially when you need to setup a corresponding 365 mailbox.

Hopefully, this script is going to help you!

I’m going to guide you though using Powershell to create an Active Directory account, with a licenced Office 365 mailbox (in a hybrid Exchange 2013 environment).

I’m assuming you’re executing this script from an Admin Powershell prompt, on a Domain joined PC (It maybe useful for you to run this script in Powershell ISE).

This script will:

  • Create an Active Directory user account + allow you to assign a user password (securely).
  • Complete AD account details such as telephone number and address (useful if you are using my email signature script guide).
  • Create an Office 365 mailbox (this script assumes that you are running in Exchange hybrid mode (i.e. your business also has an on Premise Exchange server).
  • Turn on litigation hold enabled (for this to work, you will need the correct licences, ie: E3).
  • Assign a 365 licence (I’m also assigning an ATP licence, Windows 10 licence and PowerBI standard licence).

Continue reading


Windows Deployment – Advanced – Part 1. Performing Domain Joins Securely

In the first of this new multi-part series, I will show you how to take you Windows Deployment to the next level.

(For this series, we're assuming your running Server 2012 R2 with the latest updates, and the latest release of MDT 2013).

This article looks at locking down the os.deploy account that you use to automatically join computers to the domain.

So, let us improve the security of the mdt join account. This account which we have specified in CustomSettings.ini (Windows Deployment, Part 1: Configuring the Deployment Environment) and which is used by MDT to join the target computer to the domain.

If we leave this account as a Domain User, then MDT will be able to join the first few computers it installs into the domain but then will fail to join any others.

This is because by default Domain Users can only join 10 computers to the domain.

In our initial article, we made the account a member of the domain admins group – of course, perfectly acceptable in a lab environment, but not so in the real world.

This is because of these three facts:

  • The domain admin password is visible in the customsettings.ini
  • The domain admin password is sent in plain text across the network
  • The domain admin password is temporarily stored on the remote pc

So, how do we overcome this??

Continue reading

How to standardize your company email signature

Often, companies have a mismatch of email signatures. Nothing standard or manageable throughout their business.   There are software applications that can assist, but they can be costly.

In this post, i will detail how to roll out a standard email signature using nothing more that a vb script, group policy and a little elbow grease with regards to your Active Directory.

Lets begin:

Requirement:  To implement a standard email signature throughout your organisation

Solution: Create VB script to pull data from Active Directory and set it as the users default signature within Outlook (tested in Outlook 2007, 2010 and 2013).

Continue reading