In the past twenty years more and more organizations have started using Active Directory for their authentication and authorization processes. Open source projects like Samba Winbind have made it easy to link Unix (AIX, hp-ux) and Linux systems with Active Directory. Before you can make the jump however, you need to migrate the old user attributes. If you don’t you’ll destroy the permission system on which Unix and Linux systems are based.

So how do you migrate existing UID, GID, login shell and homedirectory attributes from Unix and Linux systems to Active Directory before making the switch? It’s fairy easy, just merge the contents of your passwd file with Active Directory user accounts using a simple PowerShell-script.

The script will import a .csv file named passwd.csv, the quickest way is to just copy your passwd file and add .csv to the filename. The colon is used as the delimiter, so you won’t even have to edit it.

$csv = Import-csv "passwd.csv" -delimiter ':' -Header @("Username","password","uidNumber","gidNumber","gecos","homeDirectory","loginShell")
usera:!:100:100:gecos:/home/usera:/bin/bash
userb:!:101:100:gecos:/home/userb:/bin/bash
userc:!:102:100:gecos:/home/userc:/bin/bash

Once the file is loaded it’ll print the contents of the file and write the attributes, if the user already exists in the ‘User’ OU, to Active Directory. If the user doesn’t exist it’ll show an error, at the end of the script it’ll show you how much users have been edited successfully.

Required steps Install Identity Management for Unix Make sure the users in your passwd file exist in ADS Create csv file from the passwd file Change the msSFU30NisDomain in the script Make a (good) backup of your Active Directory

USE WITH CARE! Make sure you understand the script and make backups.

#Clean the screen and previous variables
Clear-Host
Remove-Variable -Name * -Force -ErrorAction SilentlyContinue

# Loading Active Directory module
Import-Module ActiveDirectory

# Importing the .csv file
$csv = Import-csv "passwd.csv" -delimiter ':' -Header @("Username","password","uidNumber","gidNumber","gecos","homeDirectory","loginShell")

# Defining the needed counters
$successCount = 0
$errorCount = 0

# Foreach loop to merge each line of the .csv file with existing users in Active Directory
foreach ($line in $csv) {
    # Reading each attribute from the selected line
    $Username = $line.Username
    $uidNumber = $line.uidNumber
    $gidNumber = $line.gidNumber
    $gecos = $line.gecos
    $homeDirectory = $line.homeDirectory
    $loginShell = $line.loginShell

    #selecting domain, change this!
    $msSFU30NisDomain = "contoso"

    # Printing the loaded attributes
    Write-Host " "
    Write-Host "NIS Domain:" $msSFU30NisDomain
    Write-Host "Username:" $Username
    Write-Host "UID:" $uidNumber
    Write-Host "Primary GID:" $gidNumber
    Write-Host "Homedirectory:" $homeDirectory
    Write-Host "Shell:" $loginShell
    Write-Host "Gecos:" $gecos

    # Checking if the user from the selected line exists in Active Directory
    if (Get-ADUser -Filter {sAMAccountName -eq $Username} ) {
        # Opening the user object
        $user = Get-ADUser -Identity $Username

        # Preparing data and variables
        $user.msSFU30NisDomain = $msSFU30NisDomain
        $user.uidNumber = $uidNumber
        $user.gidNumber = $gidNumber
        $user.gecos = $gecos
        $user.homeDirectory = $homeDirectory
        $user.loginShell = $loginShell

        # Writing the attributes to the user object
        Set-ADUser -Instance $user

        # Succes counter
        $successCount++

        # Hooray!
        Write-Host "Updating user" $Username "has succeeded!" -foregroundcolor black -backgroundcolor green
        Write-Host " "

    # What to do when the user is not in the selected OU
    } else {
        # Error counter
        $errorCount++

        Write-Host "Updating user" $Username "has failed!, user object does not exist!" -foregroundcolor white -backgroundcolor red
        Write-Host " "

    }

}

# Printing the result
Write-Host "Successful:" $succesCount "Not successful:" $errorCount