Powershell to compare and modify mailNickname against UserPrincipalName

Eaven HUANG 2,166 Reputation points
2021-07-27T00:37:37.09+00:00

Dear friends,

I'm looking for a script to compare the AD user attributes of mailNickName and UserPrincipalName. The condition is that UserPrincipleName has a suffix of username@keyman .com while there is none for mailNickName. The ideal solution is:

  1. Compare the username part in mailNickName and UserPrincipalName, export only those users are with different values in these 2 fields.
  2. Replace mailNickName with the prefix of UserPrincipalName (without @keyman .com)
  3. Make this script check on our AD environment regularly, I can add this script into Windows Task Scheduler if possible?

Following is my current script used to export the attributes, but I would need to manually remove @keyman .com via excel then compare them in excel for another run, this seems quite time-consuming. So I'm wondering how to make these more automatic in the script?

  $OUs="OU=Users,xxx,DC=edu,DC=cn"  
 foreach ($OU in $OUs) {  
     Get-ADUser -Filter * -SearchBase $OU -Properties samAccountName,userPrincipalName,mailNickname,Enabled |   
     Where-Object {$_.Enabled -eq $True -and $_.userPrincipalName -ne $_.mailNickname} | Export-Csv -NoType 'C:\tmp\userPrincipalName_vs_mailNickname.csv'  
 }  

Basically my current script exports all the users because there is @keyman .com in userPrincipalName field while there is none in mailNickName field.

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,526 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 46,796 Reputation points
    2021-07-27T02:01:17.087+00:00

    As written, the script is supposed to replace the mailNickname -- but I think the replace will fail if the mailNickname property has a null or empty value. If that's true, it's easy enough to handle that by ADDing the missing property:

    $OUs = "OU=Users,xxx,DC=edu,DC=cn"
    foreach ($OU in $OUs) {
        Get-ADUser -Filter * -SearchBase $OU -Properties samAccountName, userPrincipalName, mailNickname, Enabled | 
            Where-Object { $_.Enabled -eq $True} |
                ForEach-Object{
                    $parts = $_.userPrincipalName -split '@'
                    if ($_.mailNickname){
                        if ($parts[0] -ne $_.mailNickname){
                            $was = $_.mailNickName
                            Set-ADUser -Identity $_.samAccountName -Replace @{mailNickname=$parts[0]}
                        }
                    }
                    else{
                        $was = "EMPTY"
                        Set-ADUser -Identity $_.samAccountName -Add @{mailNickname=$parts[0]}
                    }
                    [PSCustomObject]@{
                        Identity = $_.samAccountName
                        UPN = $_.userPrincipalName
                        NicknameWas = $was
                        NickNameNow = $parts[0]
                    }
                }
            } | Export-Csv -NoType 'C:\tmp\userPrincipalName_vs_mailNickname.csv'
    }
    

1 additional answer

Sort by: Most helpful
  1. Rich Matheisen 46,796 Reputation points
    2021-07-27T01:34:13.323+00:00

    Try this on a limited set of users (or add "-WhatIf:$true" to the Set-ADUser) -- but watch out, because not all AD User objects are maibox- or mail-enabled! You'd probably want to adjust the Where-Object conditions to verify the user is supposed to have a mailNickName!

    $OUs = "OU=Users,xxx,DC=edu,DC=cn"
    foreach ($OU in $OUs) {
        Get-ADUser -Filter * -SearchBase $OU -Properties samAccountName, userPrincipalName, mailNickname, Enabled | 
            Where-Object { $_.Enabled -eq $True} |
                ForEach-Object{
                    $parts = $_.userPrincipalName -split '@'
                    if ($parts[0] -ne $_.mailNickname){
                        $was = $_.mailNickName
                        Set-ADUser -Identity $_.samAccountName -Replace @{mailNickname=$parts[0]}
                        [PSCustomObject]@{
                            Identity = $_.samAccountName
                            UPN = $_.userPrincipalName
                            NicknameWas = $was
                            NickNameNow = $parts[0]
                        }
                    }
                } | Export-Csv -NoType 'C:\tmp\userPrincipalName_vs_mailNickname.csv'
    }
    

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.