May 23, 2010

Fun with PowerShell Recently

Normally, I try to keep my blog high level, in the architect space. However, I am currently assigned to a client and they were needing a migration script to convert accounts in SharePoint from AD to LDAP for about 100,000 accounts. The following is what I threw together in about 10 minutes from a few internet posts that I discovered and did the trick. There are far better ways of doing this I am sure, especially in the 2010 version, but this little gem worked wonders – albeit it took a while to run (28 hours).

$strFilter = “User”
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = “LDAP://”
$objSearcher.SearchScope = “Subtree”
$objSearcher.PageSize = 1000
$objSearcher.PropertiesToLoad.Add(“sAMAccountName”)
$objSearcher.PropertiesToLoad.Add(“distinguishedName”)
$objSearcher.PropertiesToLoad.Add(“EmployeeId”)

$objSearcher.Filter = “(objectCategory=$strFilter)”

$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
{
$objUser = $i.GetDirectoryEntry()
$obj = New-Object PSObject
$obj | Add-Member NoteProperty Name $objUser.sAMAccountName
$obj | Add-Member NoteProperty DN $objUser.distinguishedName
$obj | Add-Member NoteProperty EmpID $objUser.EmployeeId
$buildstring = ‘STSADM -o migrateuser -oldlogin domain’
$buildstring1 = $buildstring += $obj.Name
$buildstring2 = $buildstring1 += ‘ -newlogin ldap:’
$buildstring3 = $buildstring2 += $obj.EmpID
$buildstring4 = $buildstring3 += ‘ -ignoresidhistory’
write-output $buildstring4
}

A couple of notes to make this work even better. Stop IIS before running something like this and obviously, you have to have the conjunction between LDAP store and AD store – in this instance, EmpID was the username in the LDAP store so the conversion went pretty easy as the map was already there.