-
Notifications
You must be signed in to change notification settings - Fork 0
/
AD-NewUserProvision.ps1
122 lines (106 loc) · 3.72 KB
/
AD-NewUserProvision.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
param (
[Parameter(Mandatory, ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$FirstName,
[Parameter(Mandatory, ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$LastName,
[Parameter(Mandatory, ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$MiddleInitial,
[Parameter(Mandatory, ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$Department,
[Parameter(Mandatory, ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$Title,
[Parameter(ValueFromPipelineByPropertyname)]
[ValidateNotNullOrEmpty()]
[string]$Location = 'OU=Corporate Users',
[Parameter()]
[ValidateNotNullOrEmpty()]
[string]$DefaultGroup = 'XYZCompany',
[Parameter()]
[ValidateNotNullOrEmpty()]
[string]$DefaultPassword = 'p@$$w0rd12345',
[Parameter()]
[ValidateScript({ Test-Path -Path $_ })]
[string]$BaseHomeFolderPath = '\\MEMBERSRV1\Users'
)
## Find the distinguished name of the domain the current computer is a part of.
$DomainDn = (Get-AdDomain).DistinguishedName
## Define the 'standard' username (first initial and last name)
$Username = "$($FirstName.SubString(0, 1))$LastName"
#region Check if an existing user already has the first initial/last name username taken
Write-Verbose -Message "Checking if [$($Username)] is available"
if (Get-ADUser -Filter "Name -eq '$Username'")
{
Write-Warning -Message "The username [$($Username)] is not available. Checking alternate..."
## If so, check to see if the first initial/middle initial/last name is taken.
$Username = "$($FirstName.SubString(0, 1))$MiddleInitial$LastName"
if (Get-ADUser -Filter "Name -eq '$Username'")
{
throw "No acceptable username schema could be created"
}
else
{
Write-Verbose -Message "The alternate username [$($Username)] is available."
}
}
else
{
Write-Verbose -Message "The username [$($Username)] is available"
}
#endregion
#region Ensure the OU the user's going into exists
$ouDN = "$Location,$DomainDn"
if (-not (Get-ADOrganizationalUnit -Filter "DistinguishedName -eq '$ouDN'"))
{
throw "The user OU [$($ouDN)] does not exist. Can't add a user there"
}
#endregion
#region Ensure the group the user's going into exists
if (-not (Get-ADGroup -Filter "Name -eq '$DefaultGroup'"))
{
throw "The group [$($DefaultGroup)] does not exist. Can't add the user into this group."
}
if (-not (Get-ADGroup -Filter "Name -eq '$Department'"))
{
throw "The group [$($Department)] does not exist. Can't add the user to this group."
}
#endregion
#region Ensure the home folder to create doesn't already exist
$homeFolderPath = "$BaseHomeFolderPath\$UserName"
if (Test-Path -Path $homeFolderPath)
{
throw "The home folder path [$homeFolderPath] already exists."
}
#endregion
#region Create the new user
$NewUserParams = @{
'UserPrincipalName' = $Username
'Name' = $Username
'GivenName' = $FirstName
'Surname' = $LastName
'Title' = $Title
'Department' = $Department
'SamAccountName' = $Username
'AccountPassword' = (ConvertTo-SecureString $DefaultPassword -AsPlainText -Force)
'Enabled' = $true
'Initials' = $MiddleInitial
'Path' = "$Location,$DomainDn"
'ChangePasswordAtLogon' = $true
}
Write-Verbose -Message "Creating the new user account [$($Username)] in OU [$($ouDN)]"
New-AdUser @NewUserParams
#endregion
#region Add user to groups
Write-Verbose -Message "Adding the user account [$($Username)] to the group [$($DefaultGroup)]"
Add-ADGroupMember -Members $Username -Identity $DefaultGroup
Write-Verbose -Message "Adding the user account [$($Username)] to the group [$($Department)]"
Add-ADGroupMember -Members $Username -Identity $Department
#endregion
#region Create the home folder
Write-Verbose -message "Creating the home folder [$homeFolderPath]..."
$null = mkdir $homeFolderPath
#endregion