Auto Create Outlook MAPI User Profiles Group Policy PowerShell Script
I could not for the life of me find a single script, function or group policy setting that would auto create the Outlook 2007 and 2010 MAPI user profile for my internal users. Perhaps my scenario is different than most. My situation was a XenApp server which both external clients and internal employee’s connect to for published apps. I didn’t want to add a logon script to my internal user’s GPO because it would run on their local machines and inside of the ICA session, and I didn’t want to run a computer level script because it would run for external clients too. That only meant one thing: I would actually have to develop something myself T.T
There is a swarm of legacy programs like RichProfile out there that works on legacy versions such as Outlook 2000 & 2003 on WinXP, but come on…this is 2013, the year of coffee at 6pm while trying to quit your decade-long cigarette habit. My approach is a witches brew of PowerShell v2.0+, Active Directory Security Groups, Group Policy Loopback Processing, Office Customization Tool, delirium and sloppy programming. If only 5 minutes of my time are saved on the phone dealing with a user’s request to configure email in XenApp, the project is a success though it took me hours to develop ;D
You will need PowerShell v2.0+ on the server where the script will be executing. You can find version info by running a built-in environment variable and looking at the Major column.
$PSVersionTable.PSVersion or $Host.version
Next step is create a new GPO or use an existing which is applied to your Citrix or TS server and enable Group Policy loopback processing.
Enable Loopback processing Mode
Using Group Policy Management Console, edit the GPO you desire, expand Computer Configuration\Policies\Administrative Templates\System\Group Policy,
and then double-click User Group Policy Loopback Processing Mode.
Select the appropriate option (Replace or Merge).
Add the following user level login script setting to the GPO
# Travis Runyard 3.26.2013
# Auto-create Outlook MAPI Profiles for Citrix and TS environments
# Requires PowerShell v2.0+
$memberOf = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
$group1 = "YourActiveDirectorySecurityGroupName1"
$group2 = "YourActiveDirectorySecurityGroupName2"
if(($memberOf -contains $group1) -or ($memberOf -contains $group2))
{
$path = "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook"
If(-not(Test-Path -Path $path))
{
Start-Process "C:\Program Files (x86)\Microsoft Office\Office12\Outlook.exe" -ArgumentList "/importprf c:\scripts$\Outlook2007mapi.prf" -WindowStyle Minimized
Start-Sleep -s 5
Get-Process outlook | % { $_.CloseMainWindow() }
#If that did not close Outlook then kill it
Stop-Process -ProcessName Outlook -Force
}
}
Change the $group1 and $group2 variables to your Active Directory security group names which your target users are a member of. If you’re running Outlook 2010 instead of 2007 like I am here, change the folder path Office12 to Office14. Obviously change the path to your prf file in the argument. As you can see what this script will do is checks if the user is a member of either security groups, checks if a profile already exists in the registry, and if not exists, runs Outlook.exe while minimized with the /importprf switch which imports your custom settings that you created earlier, sleeps for 5 seconds, then attempts to gracefully close the Outlook.exe process which is like clicking the X button, and if that fails it forcefully kills the process. Killing Outlook doesn’t prevent the profile creation. Lulz to you Outlook.exe.
This will accomplish all of my requirements:
1.) Automatically create internal user’s MAPI profile for Outlook 2007 and 2010 in a XenApp environment without any user interaction
2.) Does not run on internal employee’s local user workstations
3.) Does not run for external users connecting to the same XenApp server
4.) Internal users can send email directly from applications like Adobe Reader or Foxit without having to load Outlook first
5.) Able to go home tonight knowing that you’ve developed something unique and have a few beers without feeling guilty
May 21, 2013 7:52 am @ 07:52
Great little script Travis! Thank you for sharing!
Question: is there a way to hide the challenge prompt that appears briefly for the user to enter their AD credentials for Microsoft Outlook? It disappears of course, but confuses some of the users.
thanks,
e
May 21, 2013 8:42 am @ 08:42
Glad you like it :) You mean that dialog that prompts for name and initials? If that’s what you’re talking about, I haven’t been able to minimize that. I’m not sure it’s possible to hide that dialog. If you find a way, please let me know
*EDIT*
I just re-read your question. If your users are being prompted with an authentication prompt, then there is something going on deeper. The logged in users credentials should be passed silently. I would investigate why that is not happening before proceeding with my script. I would start checking event logs and Outlook settings. Let me know what you’ve figured out, I’m interested.
¯\_(ツ)_/¯
July 25, 2013 1:32 pm @ 13:32
I just wanted to thank you for the awesome script! I’ve been searching for days for one that does exactly what this script does to no avail. You totally made my day. Rock on!
Steve
July 25, 2013 3:08 pm @ 15:08
Sweet ^_^ Thanks Steve. Appreciate the kind words. Makes me feel like I’ve helped someone out there in this small world.
October 29, 2013 9:02 am @ 09:02
This script is very helpful. I did notice that the -windowstyle minimized did not work for me.. I ended up having to create a shortcut .lnk to outlook.exe and set the shortcut to minimized. I then used invoke-item outlook.lnk to execute which then would successfully minimize the outlook window.
Thank you!
Tom
November 29, 2013 5:12 am @ 05:12
This script just made my day. works a treat. Thanks.
December 3, 2013 5:52 pm @ 17:52
You’re very welcome.
January 18, 2014 1:52 pm @ 13:52
Thanks. I’m in the midst of an Exchange -> Office 365 migration and was struggling to figure out how I was going to change hundreds of mail profiles easily. Did not know about /importprf. So, while my use case was a bit different than yours this post definitely nudged me toward a great solution. I implemented similar code just as a simple DOS batch file. Give users a link to it and bam, they’re reconfigured with proper profiles. Going to save us lots of running around post-migration. Thanks!!
April 22, 2014 6:49 am @ 06:49
Thanks a lot for the comment. It brightened my night.
July 19, 2018 9:15 am @ 09:15
Can you share this. I want to use this too but we are using UPNs to authenticate , Not sure How I can add the UPN
January 18, 2014 1:52 pm @ 13:52
Thanks. I’m in the midst of an Exchange -> Office 365 migration and was struggling to figure out how I was going to change hundreds of mail profiles easily. Did not know about /importprf. So, while my use case was a bit different than yours this post definitely nudged me toward a great solution. I implemented similar code just as a simple DOS batch file. Give users a link to it and bam, they’re reconfigured with proper profiles. Going to save us lots of running around post-migration. Thanks!!
April 22, 2014 6:49 am @ 06:49
Thanks a lot for the comment. It brightened my night.