Fun with PowerShell Recently

Slalom Consultant Derek Martin

Slalom Consultant Derek Martin is an accomplished Microsoft systems developer and integrator, experienced in developing and deploying SharePoint and CRM solutions, integrating line of business applications, and leveraging existing infrastructure investments.

Normally, I try to keep my blog high level, in the architect space. However, I am currently assigned to a client and they were needing a migration script to convert accounts in SharePoint from AD to LDAP for about 100,000 accounts. The following is what I threw together in about 10 minutes from a few internet posts that I discovered and did the trick. There are far better ways of doing this I am sure, especially in the 2010 version, but this little gem worked wonders – albeit it took a while to run (28 hours).

$strFilter = “User”
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = “LDAP://”
$objSearcher.SearchScope = “Subtree”
$objSearcher.PageSize = 1000
$objSearcher.PropertiesToLoad.Add(“sAMAccountName”)
$objSearcher.PropertiesToLoad.Add(“distinguishedName”)
$objSearcher.PropertiesToLoad.Add(“EmployeeId”)

$objSearcher.Filter = “(objectCategory=$strFilter)”

$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
{
$objUser = $i.GetDirectoryEntry()
$obj = New-Object PSObject
$obj | Add-Member NoteProperty Name $objUser.sAMAccountName
$obj | Add-Member NoteProperty DN $objUser.distinguishedName
$obj | Add-Member NoteProperty EmpID $objUser.EmployeeId
$buildstring = ‘STSADM -o migrateuser -oldlogin domain\’
$buildstring1 = $buildstring += $obj.Name
$buildstring2 = $buildstring1 += ‘ -newlogin ldap:’
$buildstring3 = $buildstring2 += $obj.EmpID
$buildstring4 = $buildstring3 += ‘ -ignoresidhistory’
write-output $buildstring4
}

A couple of notes to make this work even better. Stop IIS before running something like this and obviously, you have to have the conjunction between LDAP store and AD store – in this instance, EmpID was the username in the LDAP store so the conversion went pretty easy as the map was already there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: