Creating Exchange Users with Excel (Part 2)

If you missed the first part in this article series please read Creating Exchange Users with Excel (Part 1).

Introduction

In the previous article I showed how using VBA can save you time when bulk adding users into Active Directory and creating Exchange mailboxes for them. However, there are some limitations to that script because some fields only become available when the mailbox is stamped by the Exchange RUS. Also, the script is a one way, a one time deal. In this article I will show you how to overcome those problems and how to synchronize an Excel sheet with Active Directory.

Activating the RUS

Remember the student list we had in the previous article?


Figure 1

The second column contained the social security number of the student. I decided to put in the description attribute of the user. However, since the description is a useful field that I can use for identifying roles of teachers and other school workers, let’s decide now to move the social security number to the first Extension Attribute of the user, extensionAttribute1.

Though this attribute supposedly exists for all users once the schema has been extended for Exchange use, you won’t be able to set it unless the user has been stamped by the RUS, enabling this attribute.

Luckily for us, we can help speed this process up. This works best in a single Exchange environment where user management and replication is fast and easy. In a more complex environment the script should point to the domain controller which the RUS uses.

Let’s look closely at the following code:

Sub FireRUS
‘Activate the RUS stamping
Dim RootDse
Set RootDse = GetObject(LDAP://RootDSE)
strdn = RootDse.Get(“defaultNamingContext”)
strDomainName = “DOMAIN”
strConfigurationNC = RootDse.Get(“ConfigurationNamingContext”)
strExchangeOrg = FindAnyOrg(strConfigurationNC)
strRUS = “CN=Recipient Update Service (” & strDomainName & “),CN=Recipient Update Services,” & _
            “CN=Address Lists Container,CN=” & strExchangeOrg & “,CN=Microsoft Exchange,CN=Services,” & _
         “CN=Configuration,” & strdn
Set objRUS = GetObject(“LDAP://” & strRUS)
objRUS.Put “msExchReplicateNow”, True
objRUS.SetInfo
End Sub
Function FindAnyOrg(strConfigurationNC)
Set oConnection = CreateObject(“ADODB.Connection”)
   Set oCommand = CreateObject(“ADODB.Command”)
   Set oRecordSet = CreateObject(“ADODB.RecordSet”)
   Dim strQuery
   ‘ Open the Connection
   oConnection.Provider = “ADsDSOObject”
   oConnection.Open “ADs Provider”
   ‘ Build the query to find the private Exchange Organization
   strQuery = “<LDAP://” & strConfigurationNC & “>;(objectCategory=msExchOrganizationContainer);name,adspath;subtree”
   oCommand.ActiveConnection = oConnection
   oCommand.CommandText = strQuery
   Set oRecordSet = oCommand.Execute
   ‘ If we have an Organization then return the first one
   If Not oRecordSet.EOF Then
     oRecordSet.MoveFirst
     FindAnyOrg = CStr(oRecordSet.Fields(“name”).Value)
   Else
     FindAnyOrg = “”
   End If
   ‘Clean Up
   oRecordSet.Close
   oConnection.Close
   Set oRecordSet = Nothing
   Set oCommand = Nothing
   Set oConnection = Nothing
End Function


































This script fires up the RUS so that users get stamped. Now you can combine this with any of our user creation scripts or Excel macros so that the users get stamped almost immediately. This is all very well but can be quite hefty in large Exchange servers with thousands of users. You can specify a waiting period using the WScript.Sleep command (the time specified is in milliseconds). Still if you add 4000 users you wouldn’t want the RUS to run 4000 times, especially in a large environment.

Instead we can remove the following line from our script:

    oUser.Put “description”, ID

And add the FireRUS subroutine at the end of the script or simply run it separately. Now the script will look like this:

Sub CreateUsers()
Dim Row As Integer
Dim oMailbox As CDOEXM.IMailboxStore
Dim oUser As IADsUser
Set rootDSE = GetObject(LDAP://RootDSE)
DomainContainer = rootDSE.Get(“defaultNamingContext”)
Set oOU = GetObject(LDAP://OU=Test,DC=mycompany,DC=local)
Row = 1
Do Until Cells(Row, 1) = Empty
    gname = Trim(Cells(Row, 1).Value)
    sname = Trim(Cells(Row, 2).Value)
    ID = Cells(Row, 3).Value
    mailingaddress = Cells(Row, 4).Value
    city = Cells(Row, 5).Value
    postalcode = Cells(Row, 6).Value
    homephone = Cells(Row, 7).Value
    cellular = Cells(Row, 8).Value
    dept = Trim(Cells(Row, 9).Value)
    FullName = gname & ” ” & sname
    AliasCount = 2
    Alias = LCase(gname & Left(sname, AliasCount))
    Set conn = CreateObject(“ADODB.Connection”)
    conn.Provider = “ADSDSOObject”
    conn.Open “ADs Provider”
    ldapStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(mailNickname=” & Alias & “));adspath;subtree”
    Set rs = conn.Execute(ldapStr)
    While rs.RecordCount > 0
      AliasCount = AliasCount + 1
      Alias = LCase(gname & Left(sname, AliasCount))
      ldapStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(mailNickname=” & Alias & “));adspath;subtree”
      Set rs = conn.Execute(ldapStr)
   Wend
    ‘ Update User Record
    Set oUser = oOU.Create(“user”, “cn=” & FullName)
    oUser.Put “cn”, FullName
    oUser.Put “SamAccountName”, Alias
    oUser.Put “userPrincipalName”, Alias & “@mycompany.local”
    oUser.Put “givenName”, gname
    oUser.Put “sn”, sname
    oUser.Put “streetaddress”, mailingaddress
    oUser.Put “l”, city 
    oUser.Put “postalCode” , CStr (postalcode)
    oUser.SetInfo
    oUser.GetInfo
    ‘ Enable Account
    oUser.AccountDisabled = False
    ‘ Set Pwd to be same as 123456
    oUser.SetPassword (“123456”)
    ‘Account is not disabled
    oUser.AccountDisabled = False
    ‘ User must change password at next Logon
    oUser.Put “pwdLastSet”, CLng(0)
    oUser.SetInfo 
    Set oMailbox = oUser
    MDBName = “Mailbox Store (EXCHANGE)”
    StorageGroup = “First Storage Group”
    Server = “Exchange”
    AdminGroup = “MyCompany”
    Organization = “MyCompany School of Arts”
    DomainDN = “DC=mycompany,DC=local”
    oMailbox.CreateMailbox “LDAP://CN=” & MDBName & _
                                   “,CN=” & StorageGroup & _
                                   “,CN=InformationStore” & _
                                   “,CN=” & Server & _
                                   “,CN=Servers” & _
                                   “,CN=” & AdminGroup & _
                                   “,CN=Administrative Groups” & _
                                   “,CN=” & Organization & _
                                   “,CN=Microsoft Exchange,CN=Services” & _
                                   “,CN=Configuration,” & DomainDN
    oUser.SetInfo
    StrobjGroup1 = “LDAP://CN=” & dept & “,OU=Test,DC=mycompany,DC=local”
    Set objGroup1 = GetObject(StrobjGroup1)
    objGroup1.Add (oUser.ADsPath)
    Set oUser = Nothing
    Row = Row + 1
Loop
FireRUS
End Sub

























































Notice that I added a few lines in the middle of the script to populate the user’s address. This information will help the second macro locate the user.

Adding the Attribute to the Users

The second Macro reads the Excel cells as before, but instead of creating the user it searches for an existing one using the user’s name and address. When it locates the user, it simply adds the ID number to the user object ExtensionAtttribute1 attribute.

Sub AddExtensionAttribute1()
Dim Row As Integer
Dim oUser As IADsUser
Set RootDse = GetObject(LDAP://RootDSE)
DomainContainer = RootDse.Get(“defaultNamingContext”)
Set oOU = GetObject(LDAP://OU=Test,DC=domain,DC=local)
Set conn = CreateObject(“ADODB.Connection”)
conn.Provider = “ADSDSOObject”
conn.Open “ADs Provider”
Row = 1
Do Until Cells(Row, 1) = Empty
    gname = Trim(Cells(Row, 1).Value)
    sname = Trim(Cells(Row, 2).Value)
    ID = Cells(Row, 3).Value
    mailingaddress = Cells(Row, 4).Value
    city = Cells(Row, 5).Value
    postalcode = Cells(Row, 6).Value
    homephone = Cells(Row, 7).Value
    cellular = Cells(Row, 8).Value
    dept = Trim(Cells(Row, 9).Value)
‘Construct an LDAP query to Active Directory looking for users with the specified attributed,
‘first name, last name, address, etc.
    LDAPStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(givenName=” & gname & “)(sn=” & sname & “)(streetaddress=” & mailingaddress & “)(l=” & city & “));adspath;subtree”
         Set rs = conn.Execute(LDAPStr)
‘If there is more than one user found – and there supposed to be just one
        If rs.RecordCount > 0 Then
‘Populate the Exchange extension attribute no.1
            Set oUser = GetObject(rs.Fields(0).Value)
            oUser.Put “extensionAttribute1”, ID
        oUser.SetInfo
        End If
    Set oUser = Nothing
    Set rs = Nothing
    Row = Row + 1
Loop
End Sub


























Synchronizing Users

The script above is pretty simple yet we can use it as a base for a synchronization script. If we can locate a user, why not use this to our advantage and create a user if it is not found, or update a user’s record?

Let’s add another user and change some information on our Excel sheet:


Figure 2

I added a new user and changed the zip code for another.

Now all we need to do is combine the first and second script.

Sub SyncUsers()
Dim Row As Integer
Dim oMailbox As CDOEXM.IMailboxStore
Dim oUser As IADsUser
Set RootDse = GetObject(LDAP://RootDSE)
DomainContainer = RootDse.Get(“defaultNamingContext”)
Set oOU = GetObject(LDAP://OU=Test,DC=domain,DC=local)
Set conn = CreateObject(“ADODB.Connection”)
conn.Provider = “ADSDSOObject”
conn.Open “ADs Provider”
Row = 1
Do Until Cells(Row, 1) = Empty
    gname = Trim(Cells(Row, 1).Value)
    sname = Trim(Cells(Row, 2).Value)
    ID = Cells(Row, 3).Value
    mailingaddress = Cells(Row, 4).Value
    city = Cells(Row, 5).Value
    postalcode = Cells(Row, 6).Value
    homephone = Cells(Row, 7).Value
    cellular = Cells(Row, 8).Value
    dept = Trim(Cells(Row, 9).Value)
    LDAPStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(givenName=” & gname & “)(sn=” & sname & “)(streetaddress=” & mailingaddress & “)(l=” & city & “));adspath;subtree”
         Set rs = conn.Execute(LDAPStr)
    If rs.RecordCount > 0 Then
        Set oUser = GetObject(rs.Fields(0).Value)
       oUser.Put “streetaddress”, mailingaddress
       oUser.Put “l”, city
       oUser.Put “postalCode”, CStr(postalcode)
       oUser.Put “extensionAttribute1”, ID
       oUser.SetInfo
    Else
    ‘If Record Count is zero because no user is found    
       FullName = gname & ” ” & sname
       AliasCount = 2
       Alias = LCase(gname & Left(sname, AliasCount))
       Set conn = CreateObject(“ADODB.Connection”)
       conn.Provider = “ADSDSOObject”
       conn.Open “ADs Provider”
       LDAPStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(mailNickname=” & Alias & “));adspath;subtree”
       Set rs = conn.Execute(LDAPStr)
       While rs.RecordCount > 0
         AliasCount = AliasCount + 1
         Alias = LCase(gname & Left(sname, AliasCount))
         LDAPStr = “<LDAP://” & DomainContainer & “>;(&(objectCategory=user)(mailNickname=” & Alias & “));adspath;subtree”
         Set rs = conn.Execute(LDAPStr)
       Wend
       ‘ Update User Record
       Set oUser = oOU.Create(“user”, “cn=” & FullName)
       oUser.Put “cn”, FullName
       oUser.Put “SamAccountName”, Alias
       oUser.Put “userPrincipalName”, Alias & “@domain.local”
       oUser.Put “givenName”, gname
       oUser.Put “sn”, sname
        oUser.SetInfo
       oUser.GetInfo
       oUser.Put “streetaddress”, mailingaddress
       oUser.Put “l”, city
       oUser.Put “postalCode”, CStr(postalcode)
       oUser.SetPassword “123456”
       oUser.AccountDisabled = False
       oUser.SetInfo
       Set oMailbox = oUser
       MDBName = “Mailbox Store (EXCHANGE)”
       StorageGroup = “First Storage Group”
       Server = “Exchange”
       AdminGroup = “AG”
       Organization = “Org”
       DomainDN = “DC=domain,DC=local”
       oMailbox.CreateMailbox “LDAP://CN=” & MDBName & _
                                      “,CN=” & StorageGroup & _
                                      “,CN=InformationStore” & _
                                      “,CN=” & Server & _
                                      “,CN=Servers” & _
                                      “,CN=” & AdminGroup & _
                                      “,CN=Administrative Groups” & _
                                      “,CN=” & Organization & _
                                      “,CN=Microsoft Exchange,CN=Services” & _
                                      “,CN=Configuration,” & DomainDN
       oUser.SetInfo
       ‘ Enable Account
       oUser.AccountDisabled = False
       ‘ Set Pwd to be same as user name/alias
       oUser.SetPassword (“123456”)
       ‘ User must change password at next Logon
       oUser.Put “pwdLastSet”, CLng(0)
       oUser.SetInfo
       StrobjGroup1 = “LDAP://CN=” & dept & “,OU=Test,DC=domain,DC=local”
       Set objGroup1 = GetObject(StrobjGroup1)
       objGroup1.Add (oUser.ADsPath)
       Set oUser = Nothing
   End If
   Row = Row + 1
Loop
FireRUS
Exit Sub
End Sub








































































The script goes through all the rows as before but if it finds a user that does not exist, it creates it. This does not perform full synchronization as ExtensionAttribue1 will only get updated during the second run of the script. However, if you run this script using a scheduler every few hours you will eventually get full synchronization.

Conclusion

We’ve established a mechanism that we can use to synchronize Active Directory using an Excel sheet. This opens up possibilities. You could have HR or secretaries edit this sheet without them having to learn how to use Active Directory Users and Computers and possibly without granting them any actual permissions. You can run all sorts of checks on an Excel sheet before entering the data into Active Directory. You can import information from another system into Excel and from there populate Active Directory. After all, most applications, even old ones can export to a CSV or Tab Separated text file which can be read by Excel.

You can also import information from separate systems that have no direct connections between them due to security reasons, because all you need is to transfer an Excel sheet and work some scripting magic.

If you missed the first part in this article series please read Creating Exchange Users with Excel (Part 1).

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top