Here is a simple Powershell script to provision accounts in Google Apps
from Active Directory.
The functions of the script are to, firstly, ensure the email address is
saved in Active Directory (required to make Google Apps Password Sync work) and
then use that email address to provision an account in Google Apps. The script
automatically ignores AD accounts that are disabled.
The email address is generated from the User Principal Name field or if
this is empty then the SamAccountName field in AD. A simple status message is
written to the console in relation to each student account found in AD that is
being provisioned to Google Apps.
-------------
import-module ActiveDirectory
import-module gShell
#Retrieve all students from Active Directory
$ADStudents = Get-ADUser -Filter * -SearchBase "ou=Students,DC=a,DC=school"
-SearchScope Subtree -Properties EmailAddress
foreach ($S in $ADStudents)
{
# Check account is enabled
if ($S.Enabled -eq $false)
{
continue
}
#Check for and if necessary set email address in AD for
GAPS
$UPNPre = $null
$UPN = $S.UserPrincipalName
$UPNPre = $UPN.SubString(0,$UPN.IndexOf("@"))
$Logon = $S.SAMAccountName
If ($UPNPre -ne $null)
{
}
else
{
}
$Email = $S.EmailAddress
if ($Email -eq $null)
{
$Email = $NewEmail
Set-ADUser -Identity $Logon
-EmailAddress $Email
}
#Look up in Google Apps
Write-Host ("Looking up Google Apps for " + $Email +
"...") -NoNewline
$User = $null
try
{
$User = Get-GAUser -UserName
$Email -ErrorAction Stop
}
catch
{
}
if ($User -eq $null)
{
#Add if not there
New-GAUser -UserName $Email
-GivenName $S.GivenName -FamilyName $S.Surname -PasswordLength 8
-IncludeInDirectory $true `
-OrgUnitPath "/Students"
-ChangePasswordAtNextLogin $false
Write-Host ("Added " + $Email +
" to Google Apps")
}
else
{
Write-Host ""
}
}