The PowerShell ActiveDirectory modules from Microsoft are definitely a pain. That’s why Quest (Dell) has developed a bunch of CMDlets to make the user management through PowerShell a lot easier.
I would like to show you how I create and update my AD users.
As base there’s always a CSV file like this one: TemplateADUsers
Recently I’ve setup a Office365 Service with ADFS (Active Directory Federation Service) and a DirSync Server.
Sadly I forgot about a huge disadvantage in this architecture, due to using ADFS as an authentication provider, it’s not possible to change a users password. The communication form the local ActiveDirectory environment to the cloud based Office365 services is only one directional.
That’s why there are only 2 options yet to handle the user password change and expiration:
- Disable the users password expiration or
- Set up a enterprise connected platform to deal with the password change and expiration.
At this time option 1 is active in my environment and option 2 is my goal.
In this post series want to show you the solution I’ve developed.
Let’s start with password expiration. Because Office365 doesn’t handle password expiration, that’s why I have to use another channel to show the users on which date their passwords expire: Let’s do it with an bulk e-mail job.