How to Bulk Provision Active Directory Users in a CloudShare Sharepoint Environment

By Danielle Arad - December 4, 2014

A CloudShare hosted environment is a great way to quickly and easily provision virtual machines for demo and testing. In order to present realistic demo and test scenarios you will want a variety of Active Directory user accounts and SharePoint user profiles including My Sites profile information.

A brand new CloudShare environment virtual machine comes with only a few system accounts defined, eg Administrator. You can certainly develop and provision additional user accounts and profiles yourself, along with the scripts to repeat the provisioning each time your environment is refreshed. However, this will take time and effort, which you would probably rather spend on your core business activities. So why not leverage and re-purpose a ready-built alternative from Microsoft.

Microsoft publishes “content packs” to provision several of its popular demo environments (WingTip, etc) that you may have seen at the SharePoint Conference and in other training and demo presentations. These content packs generally include all the installers, scripts, and user accounts data files necessary to fully automate deployment, configuration and provisioning of the various bits of server infrastructure.

In our case we have the server infrastructure already deployed and configured thanks to CloudShare. So we are going to cherry pick out of the content packs just what is necessary to provision a predefined set of user accounts into Active Directory and user profiles into SharePoint. This will save us quite a bit of time over developing similar capability from scratch.

Before starting, download the required content packs from CodePlex. From the SharePoint 2013 Business Intelligence Demo Builds with SQL Server 2012 SP1 CodePlex project,

image

download the following two content packs and extract their zip archives:

Don’t be confused by the name of this CodePlex project. The various content packs in this project can be used somewhat independently of one another, for our purpose to provision Active Directory user accounts and SharePoint user profiles in a CloudShare environment SharePoint farm.

First we use a PowerShell script to create the Active Directory user objects from the Employees.csv file included with the Active Directory Content Pack. The following code fragment shows the important steps in the script. The full script can be download here, load-users.ps1 (caveat, can’t upload PowerShell to WordPress so have embedded it into a Word document). Run the script from the root folder of the Active Directory Content Pack or adjust the Import-Csv cmdlet’s path to the employees.csv file.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Import-Module ActiveDirectory
$dn = ( Get-ADDomain ).DistinguishedName
$forest = ( Get-ADDomain ).Forest
$ou = New-ADOrganizationalUnit -Name "MS Demo Users" -Path $dn –PassThru
#Do this to allow easy clean up or reset
Set-ADOrganizationalUnit $ou -ProtectedFromAccidentalDeletion $false
#Either edit CSV file to remove service accounts and blank lines or filter those out with the transform
$data = Import-Csv "$($(Get-Location).Path)\Demo\Scripts\employees.csv"
#Transform $data to $users with template that is compatible with the New-ADUser cmdlet, and add AD forest reference
$users | ForEach-Object {
$_ | Select @{Name= "Path" ; Expression={ $ou .DistinguishedName}},* | New-ADUser
}

Once this script runs successfully there will be over 270 demo user account available. In Active Directory Users and Computers you should see the following container and user objects:

image

Second we use another PowerShell script to provision the SharePoint user profiles from the People.xml file included with the PeoplePack – UserProfile Provisioning Content Pack.

We must tweak the People.xml file as it explicitly includes the CONTOSO domain in the user account names whereas we must match the domain defined by the CloudShare environment virtual machine, as shown highlighted in the following sample from the file. It is not necessary to change the domain of the email address. <Employee>
<Name>Aaron Painter</Name> <WorkEmail>aaronp@contoso.com</WorkEmail> <AccountName>CONTOSO\aaronp</AccountName> <Manager>CONTOSO\christk</Manager>
<Picture>images\Aaron Painter.jpg</Picture>
</Employee>

Determine the domain name by looking at the VM machine properties or from Active Directory Users and Computers. Create a backup copy of the People.xml file, then edit the original file or tweak the script to point to the correct file name.

The script to provision user profiles is as follows. Run the script from the root folder of the UserProfile Provisioning Content Pack or set the PowerShell working folder to the content pack folder.

1
2
3
4
5
6
7
8
#Ensure that ReadXml.ps1 and SetupUser.ps1 can run, or unblock those files
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
#Determine My Sites URL for CloudShare environment virtual machine
#Pipe each user profile to the user setup script
.\ReadXml.ps1 ".\People.xml" ".\SetupUser.ps1" $site

By default the ReadXml.ps1 and SetupUser.ps1 scripts are blocked as they originated in the content pack downloaded from the Internet, as shown in the file properties panel in the following figure:

ReadXml.ps1 properties

If we choose to unblock these two scripts then the change in PowerShell execution policy is not required, Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass.

The domain user that runs this PowerShell script must have sufficient rights, for UserProfileManager.CreateUserProfile() this is PortalRight.ManageUserProfile permissions as per MSDN. The default permissions and security configuration for each virtual machine template available in a CloudShare environment can vary considerably as the CloudShare team revises the VM templates from time to time. Before we run the above PowerShell script we should check the User Profile Service settings for Administrators and Permissions. We may also need to review the profile database permissions by running Get-SPDatabase | Where-Object {$_.Name –eq “<MySitesProfileDBName>”} | Get-SPShellAdmin, where we replace the fragment enclosed in angle brackets <> with the value specific to our CloudShare environment virtual machine.

Once these two scripts run successfully there will be over 260 fully populated user profiles in your SharePoint 2013 farm My Sites and we will see the following in the User Profile Service Application properties under People | Manager User Profiles:

User Profile Service - Number of User Profiles

At this point we can connect to the SharePoint farm web applications and My Sites host using any of the demo user accounts eg by running a browser as a different user. The My Sites for the demo user Jesper Aaberg will appear as in the following figure:

MySites for Aaberg Jesper

In conclusion, CloudShare’s SharePoint virtual machine templates provide a fully configured and ready to go SharePoint farm for demos and testing but without a set of realistic user accounts and user profiles. With the addition of realistic user accounts and user profiles your demo and testing scenarios will light up and provide a rich and meaningful experience.