Ugly GALsync


I often ( frequently, not someone who has lost his parents* ) find that while I am testing FIM joins and attribute flows, I would like to maintain contact objects in forest B for the users I am creating if forest A, or vice versa.

Rather than setup FIM to do classic GALsync, since I don't really care about the GAL, just having AD user and contact objects in alternate forests that I can project, join, etc..  I just use this simple powershell script.

All it does is find every user in the OU specified in forest A ( I call mine ForestA, yes VERY creative ) and if that user has a primary SMTP address, I create a contact object in the specified OU in forest B ( I'll let you try and guess that forest name ) with a target address matching the primary STMP from the user, along with the same display name, first name, last name and so on…

As the title implies, this is VERY ugly, and does almost no error checking, but it does duplicate users as contacts between forests ( I actually have 3, you'll never guess the 3rd forest's name ) with minimal effort.  

It uses the Quest Active Roles powershell cmdlets.

It does NOT do deletions, only additions, again "ugly" … 

$localusers = Get-QADuser * -SearchRoot "OU=test,DC=forestA,DC=local"

$forestBPW = read-host "Password for Administrator on ForestB and ForestC" -assecurestring

$targetB = Connect-QADService forestb.local -Connectionaccount "forestB\Administrator" -connectionpassword $ForestBPW

$targetC = Connect-QADService forestc.local -Connectionaccount "forestC\Administrator" -connectionpassword $ForestBPW

 

foreach ($localuser in $localusers)

{

if ($localuser.primarysmtpaddress -ne $null)

{

$ForestBOU = "OU=contacts,DC=forestb,DC=local"

$ForestCOU = "OU=contacts,DC=forestc,DC=local"

$BProperties = @{"targetaddress"=$localuser.primarysmtpaddress;"givenName"=$localUser.givenName;"sn"=$localUser.sn;"mail"=("$($localuser.sAMAccountName)@forestb.local")}

$CProperties = @{"targetaddress"=$localuser.primarysmtpaddress;"givenName"=$localUser.givenName;"sn"=$localUser.sn;"mail"=("$($localuser.sAMAccountName)@forestb.local")}

New-QADObject -Connection $targetb -Name $localuser.displayName -Type 'Contact' -DisplayName $localuser.displayName -ObjectAttributes $BProperties -ParentContainer $ForestBOU

New-QADObject -Connection $targetc -Name $localuser.displayName -Type 'Contact' -DisplayName $localuser.displayName -ObjectAttributes $CProperties -ParentContainer $ForestCOU

}

}

* Extra points if you can name the horrible movie.

Comments (0)

Skip to main content