“How can I get import numbers into the Active Directory mobile phone attribute?” That was the most common question to the Reset User Password with Self Service blog post. While it would be easy to do this with a massive CSV, that method still means you (the IT Administrator) will have to maintain it. Today, I have two automatic ways for you – both delegate the work to the end user and allow you to keep working on cooler things!
Gathering Active Directory Mobile Phone Attributes: The Exchange Way
You would think that Exchange would be a nice fit and would allow users to edit their own contact information. Up until Exchange 2003, it was possible to delegate the permissions to do this. However, Exchange 2003 and 2007 removed this ability.
If you have Exchange 2010 or above, you now have this functionality built into the Exchange Control Panel. Once delegated, users can log into OWA and can edit certain properties (including their mobile number).
Because our environment is still on Exchange 2007, I was not able to use this process. If you use the Exchange method to gather your user’s mobile number, leave me a comment and let me know how it goes.
Gathering Active Directory Mobile Phone Attributes: The PowerShell Way
Gathering user mobile numbers is actually really easy with PowerShell and can be accomplished with two small scripts. The first script will prompt our user for their mobile. Let’s look at it now:
$Mobile = Read-Host 'Enter your cell number with the area code. EX:9122674100. Press Enter when done' New-Object PSObject -Property @{ Username = $env:username Mobile = $Mobile } | Export-Csv \\SERVER\SHARE\MobileNumber\UserInfo\$env:username.csv -NoTypeInformation Write-Host "Thank you very much!" Start-Sleep -Seconds 3
After prompting for the user’s mobile number, this script creates a new object. Inside this object is the username of the logged in user and the phone number that the user typed. The properties of this object are then exported to a CSV file named after their username. You will need to change the CSV location and give your users write permission to this folder.
On a network share (but not in the UserInfo folder from our path above), save this script. Next, create a new shortcut with a target of:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file “\\SERVER\SHARE\MobileNumber\UserInfo\Enter Mobile Number.ps1”
Save this shortcut and give it a nice custom icon. Personally, I like the Key Lock icon in %SystemRoot%\system32\SHELL32.dll. Finally, create a Group Policy Preference File item that copies this shortcut file (.lnk) to the start menu of your clients.
Our second script will run from a server as a scheduled task. It uses the Quest AD CMDLets.
Add-PSSnapin Quest.ActiveRoles.ADManagement Set-Location "\\SERVER\SHARE\MobileNumber\UserInfo\" $Items = Get-ChildItem "\\SERVER\SHARE\MobileNumber\UserInfo\" foreach ($Item in $Items){ $ImportCSV = import-csv $Item.Name $Mobile = $ImportCSV.Mobile $Mobile = "$Mobile" -Replace "[^\d]" Set-QADUser -Identity $ImportCSV.Username -MobilePhone $Mobile $Date= Get-Date Get-QADUser -Identity $ImportCSV.Username | Select-Object Name,UserPrincipalName,MobilePhone,@{N="Date";e={$Date}} | export-csv C:\Users\Public\Scripts\ImportUserMobileNumber\MobilePhoneLog.CSV -Append -NoTypeInformation $User= Get-QADUser -Identity $ImportCSV.Username Send-MailMessage -From "reset@YOURDOMAIN" -to $User.Email -Subject "Your Registered Mobile Number" -SmtpServer "YOUR MAIL SERVER" -Body "You recently registered your cellphone ($Mobile) to your Glynn County Board of Education account. You can now reset your password by texting 'Reset' to Reset@YOURDOMAIN from this phone." #Copy-Item $Item.Name -Destination "C:\Users\Public\Scripts\ImportUserMobileNumber\Backup\" Remove-Item $Item.Name }
In a nutshell, this script cycles through every CSV file in your share and uses the Set-QADUser to configure the user’s mobile number. It then creates a log file that includes the name, mobile number, and the date that the user’s account was modified. The magic happens with this line: $Mobile = “$Mobile” -Replace “[^\d]”. By using a regular expression, we strip away any character from the $Mobile variable that is not a digit.
Let’s say that a user enters this as their mobile number:
Not only do we have parenthesis in our number but the user also entered two spaces! The picture below shows the power of regular expressions:
Finally, the script sends a confirmation email to our user to let them know that their mobile number was registered. If you have any questions or comments, please let me know! If you still haven’t automated password resets and unlocking accounts, do so now! On a side note, I am starting to think I should rename my blog to PowerShellHappiness or something like that. 🙂
This is fantastic. However, icing on the cake would be ensuring that the user enters only numerics and no other characters to a maximum of 10. We have people that see the window pop-up and just type in anything to get rid of it.
Love your work!
Peter.
I don’t know why there aren’t more comments, this is awesome! I’ve already got the reset portion working, and added the requirement to change their password on first log on. Once I get this working, I’m going to sell it to management, and get us out of the password reset business once and for all.
I’m glad you like it so much Rob! There are a lot more comments on the reset password script page about this setup.