As techies, we tend to hunt around to find nifty tools and utilities that will help us do our job easier or better.  I think it is a GREAT idea to share the good finds with our friends.  In that vein, I wanted to share with you a nice tool that helps with provisioning of Active Directory, Exchange and Lync accounts and even has the ability to create Office 365 entries.

The tool I’m referring to is the Z-Hire Employee Provisioning App written by Zeya Oo.  You can find the tool on TechNet Gallery.

I contacted Zeya and asked him to provide a detailed write up so I can post as a Guest Post on my blog.  Below is his guest post.


When an administrator is in the final stages of a Lync deployment, he must enable the entire organization for Lync. Presumably, he will bulk enable current Lync users by piping get-CSaduser PowerShell command into the enable-CSuser command. But what about the new hires? Currently, there are only two ways he would approach this: either manually enable Lync users from the Lync control panel or enable Lync users via PowerShell. The problem with these two methods is the likeliness of inconsistency in accounts created. For example, in an organization with several administrators, if Admin X chooses to enable voice chat for users, while Admin Y does not, the lack of a standard can cause maintenance or troubleshooting nightmares when user problems occur and an administrator discovers that each user has varying enabled features.

It is essential that an organization conform to standards to ensure that each and every account is consistent. With many attributes available for different aspect of IT systems, this section can be easily overlooked during the process of creating new accounts. At the very least, an administrator should keep the following consistent: Conferencing policy, External access policy, and Registrar pool.

The idea came upon me on a typical Friday night, working as usual, but this time with help-desk team, when it occurred to me that there must be a simpler and quicker way to create IT system accounts for our 10 new hires starting on Monday. As a systems administrator, I understand the frustration of help-desk personnel. One of the responsibilities of help-desk is to create accounts for new hires as a part of the onboarding process. Creating each individual account for every IT system, such as Active Directory, Exchange and Lync, for each person is a lengthy process and the quality of work often lacks consistency. Having worked for various small and large organizations, even some of the most well-established large organizations do not have this process automated. Yes, the process can be automated via VBscript or PowerShell, but not all help-desk personnel are familiar with command line and may find it too complicated. Therefore, would it not be great to have one application that will create an account for every IT system? I wrote an application that will automate the creation of accounts for the following IT systems: Active Directory, Exchange, Lync and Office 365.

With just one click of a button, the accounts for Active Directory, Exchange, and Lync will be created. For Active Directory accounts, an OU can be specified to dictate new user’s location. When specifying the sAMAccountName format, the Z-Hire app will automatically generate a sAMAccountName using the user’s first and last name. Other common active directory attributes such as title, department, or company can also be set from this app. This app will also allow admins to Templatize their settings and save frequently used settings. For example, you may want all users in marketing department to have same “Department” and add to specific list of groups. This speeds up account deployment time significantly since duplicate data doesn’t need to be entered.

In Exchange 2007, which runs on PowerShell 1.0, you must locally install Exchange 2007 management shell if you want to create Exchange 2007 mailboxes using this application. Remember though, that this app simply runs enable-mailbox PowerShell cmdlet in the background, which means that all parameters such as mailbox database, managed folder policy, and ActiveSync policy is configurable. The awesome part of Exchange 2010 is PowerShell’s remoting feature of PowerShell 2.0, which allows the application to connect to it remotely and execute remote commands. For Exchange 2010, it supports Archive database, retention policy, managed folder policy and ActiveSync policy. Lastly, this app allows configuration of parameters associated with enable-csuser and set-csuser command, including conferencing policy, external access policy, registrar pool, sip domain, and peer-to-peer AV feature. For Office365, the only requirement is the MSOL powershell module that can be downloaded from Microsoft. User template information is simply saved in XML format which means you can back up the data or modify it using Notepad. In short, this app works by initiating a remote PowerShell session to both Exchange and Lync servers and then executes PowerShell commands. For Office 365, It connects directly to Microsoft cloud. It is as simple and basic as that, but the fact that all three accounts can be simultaneously created with just one click is pretty awesome. The only requirement for this application is that you must enable PS remoting on the servers it is connecting to. This feature is enabled by default. However, this can also be done by running "Enable-Psremoting" PowerShell command on the Exchange and Lync servers you wish to connect to.

A process that normally lasts for minutes can now be accomplished in mere seconds with this freeware application.  Below are screenshots from the application.

ActiveDirectoryAccount  customTemplate  ExchangeMailbox  LyncAccountZhireV4_CustomScript  ZhireV4_Office365_MSOLUser

Harold Wong