We are looking at trying to automate the creation of Exchange 2016 mailboxes and the associated Active Directory 2012 R2 account when a new person joins our organisation and they are entered onto our personnel system, written in VB.Net. Currently they join and are entered onto the system, then someone else has to create the mailbox and AD account which often has a lead time leading to users with no or limited access for a period. We hope to eliminate this issue and reduce the burden by automating the process.
We had originally hoped that we would be able to do this via Exchange web service calls, unfortunately this does not look to be possible. What we are now considering is automatically creating a powershell script when a user is added to our personnel system which will then run to create the mailboxes and active directory accounts. Is this the best approach? We have no experience doing this and want to ensure we are going down the most sensible route.
Any thoughts and feedback are appreciated.
Powershell is the best approach. You can run a scheduled task that takes either a database call to your ERP to find any new users, or you can have something export a csv of attributes to use for creating the account.
At a basic level here's the framework of the code:
$Data = Import-CSV "c:\path\to\datafile.csv"
foreach ($user in $data) {
$TargetOU = "OU=CompanySite,DC=example,DC=domain,DC=com" #Use this for where to create the Accounts
#Note: You need to either generate a random password or supply one via the import. I recommend random generation and then have the user set one when the arrive.
New-ADUser -SamAccountName $user.username -GivenName $user.FirstName -Surname $user.LastName -AccountPassword $password -Path $TargetOU -etc -etc -etc #You can set as many attributes as you'd like at creation
Sleep 10 #allow for propogation of account to all DCs
Enable-Mailbox -Identity $user.username -Alias $user.username -Database "only needed if you specify a database manually"
Set-Mailbox -etc -etc #use for anything that needs to be configured after the mailbox is enabled.
}