Last active
May 6, 2024 00:26
-
-
Save chrisATautomatemystuff/bea04e341ac9cd78453ccbfcc946f6a6 to your computer and use it in GitHub Desktop.
Student_Insert.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $insertFilePath = "C:\IDM\<DISTRICT>_students_insert.csv" | |
| $content = get-content -Path $insertFilePath | |
| if($content -ne $null) | |
| { | |
| Import-Module ActiveDirectory | |
| #DEFINE CURRENT DATE AND TIME | |
| $currentDateTime = (Get-Date).ToString('yyyy-MM-dd@hhmm') | |
| #DEFINE CURRENT DATE | |
| $currentDate = (Get-Date).ToString('MMddyy') | |
| #DEFINE CURRENT YEAR | |
| $currentYear = (Get-Date).ToString('yyyy') | |
| #DEFINE CURRENT MONTH | |
| $currentMonth = (Get-Date).ToString('MM') | |
| $students = Import-Csv -Path $insertFilePath | |
| #CREATE EMPTY ARRAY TO STORE NEW USERS DISCOVERED | |
| $i = 0 | |
| $array = @() | |
| foreach ($student in $students) | |
| { | |
| #region VARIABLE DEFINITIONS | |
| #DEFINE ALL THE THINGS FROM EXPORT FILE | |
| $firstName = $student.idm_first_name | |
| $firstInitial = $firstName.Substring(0,1) | |
| $middleName = $student.idm_middle_name | |
| if($middleName -ne $null -AND $middleName -ne '') | |
| { | |
| $middleInitial = $middleName.Substring(0,1) | |
| } | |
| $lastName = $student.idm_last | |
| $lastInitial = $lastName.Substring(0,1) | |
| $fullName = $firstName + ' ' + $lastName | |
| $displayName = $firstName + ' ' + $lastName | |
| $samAccountName = $student.idm_samaccountname | |
| $userPrincipalName = $student.idm_upn | |
| $emailAddress = $student.idm_email | |
| $title = 'Student' | |
| $gradeLevel = $student.idm_student_grade_level | |
| $yearofGrad = $student.idm_student_graduation_year | |
| $employeeID = $student.idm_employeeid | |
| $employeeNumber = $student.idm_employeenumber | |
| $employeeNumberLength = $employeeNumber.Length | |
| $studentID = $employeeNumber.Substring(3) | |
| $studentIDLast4 = -join "$studentID"[-4..-1] | |
| #DEFINE HOME DRIVE LETTER AND PATH IF USED IN DISTRICT | |
| $homeDrive = 'H:' | |
| $homeDirectory = '\\<SERVER_FQDN>\Student Home Drives\' + $yearOfGrad + '\' + $samAccountName | |
| #DEFINE THE USERS YEAR OF GRAD SECURITY GROUP | |
| $group_YearofGrad = 'Student_' + $yearofGrad | |
| #CREATE AN EMPTY ARRAY TO STORE THE SECURITY GROUPS TO ADD THE USER TO | |
| $groupList = @() | |
| #ADD THE USER TO THEIR YEAR OF GRAD SECURITY GROUP | |
| $groupList += $group_YearofGrad | |
| #SET A TEMPORARY PASSWORD TO SUPPORT FINE-GRAINED PASSWORD POLICIES | |
| #WHICH REQUIRE GROUP MEMBERSHIP BEFORE A NON-SECURE PASSWORD CAN BE USED | |
| $passwordTemporary = (ConvertTo-SecureString -AsPlainText 'IWishYouHad8DigitPasswords' -Force) | |
| #DEFINE THE STATE BUILDING CODE FOR THE USER | |
| $buildingCode = $student.idm_building01code | |
| #DEFINE BUILDING VARIABLES BASED ON STATE BUILDING CODES | |
| switch ($buildingCode) | |
| { | |
| '<BUILDING_CODE_1>' { | |
| $buildingShortName = '<SHORTNAME>' | |
| $office = '<ELEMENTARY_BUILDING_NAME>' | |
| $streetAddress = '<BUILDING_ADDRESS' | |
| $city = '<DISTRICT>' | |
| $postalCode = '<ZIP_CODE>' | |
| $officePhone = '<PHONE_NUMBER>' | |
| $passwordInsecure = '<ELEM_SIMPLE_PASSWORD>' | |
| $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force) | |
| $ouPath_append = ',<OU_PATH_TO_ELEM_STUDENTS>' | |
| } | |
| '<BUILDING_CODE_2>' { | |
| $buildingShortName = '<SHORTNAME>' | |
| $office = '<HIGHSCHOOL_BUILDING_NAME>' | |
| $streetAddress = '<BUILDING_ADDRESS' | |
| $city = '<DISTRICT>' | |
| $postalCode = '<ZIP_CODE>' | |
| $officePhone = '<PHONE_NUMBER>' | |
| $passwordInsecure = '<HIGHSCHOOL_PASSWORD_ALGORITHM>' | |
| $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force) | |
| $ouPath_append = ',<OU_PATH_TO_HIGHSCHOOL_STUDENTS>' | |
| } | |
| } | |
| #DEFINE OU PATH FOR THE DISTRICT | |
| $ouPath = 'OU=' + $yearOfGrad + $ouPath_append | |
| $ouPath_disabled = 'OU=Disabled Users,<OU_PATH>' | |
| #DEFINE THE USER DESCRIPTION | |
| $description = $buildingShortName + ' - Class of ' + $yearOfGrad | |
| #DEFINE DISTRICT SPECIFIC VARIABLES | |
| $organization = '<ORG>' | |
| $state = 'MI' | |
| $company = '<DISTRICT>' | |
| $domainName = '<DOMAIN_SHORTNAME>' | |
| $domainAddress = '<DOMAIN_ADDRESS>' | |
| $department = $buildingShortName + ' - Class of ' + $yearOfGrad | |
| #endregion | |
| #region USER CREATION | |
| $i = $i + 1 | |
| $array += $student | |
| Write-Host "Creating user: $samAccountName" -ForegroundColor Green | |
| #DEFINE ALL THE NEW USER ATTRIBUTES FOR SPLATTING | |
| $newUserSplat = @{ | |
| Name = $fullName | |
| DisplayName = $displayName | |
| GivenName = $firstName | |
| Surname = $lastName | |
| SamAccountNAme = $samAccountName | |
| UserPrincipalName = $userPrincipalName | |
| EmailAddress = $emailAddress | |
| AccountPassword = $passwordTemporary | |
| ChangePasswordAtLogon = $false | |
| CannotChangePassword = $true | |
| PasswordNeverExpires = $true | |
| Path = $ouPath | |
| StreetAddress = $streetAddress | |
| City = $city | |
| State = $state | |
| PostalCode = $postalCode | |
| Organization = $organization | |
| Company = $company | |
| Office = $office | |
| OfficePhone = $officePhone | |
| Department = $department | |
| Title = $title | |
| Description = $description | |
| EmployeeID = $employeeID | |
| EmployeeNumber = $employeeNumber | |
| HomeDirectory = $homeDirectory | |
| HomeDrive = $homeDrive | |
| Enabled = $true | |
| } | |
| #CREATE THE USER BASED ON SPLAT | |
| New-ADUser @newUserSplat | |
| #SET THE MIDDLE NAME AND INITIALS IF THE USER HAS THEM | |
| if($middleName -ne $null -AND $middleName -ne '') | |
| { | |
| Set-ADUser -Identity $samAccountName -OtherName $middleName -Initials $middleInitial | |
| } | |
| else | |
| { | |
| Set-ADUser -Identity $samAccountName -Clear MiddleName,Initials | |
| } | |
| #ADD THE USER TO THEIR GROUPS | |
| if($groupList -ne $null) | |
| { | |
| $groupList = $groupList | ForEach-Object {Get-ADGroup -Identity $_} | |
| $groupList | ForEach-Object {Add-ADGroupMember -Identity $_ -Members $samAccountName} | |
| } | |
| #SET THE USERS PASSWORD | |
| #IF FINE-GRAINED PASSWORD POLICIES ARE INE FFECT THEY WILL BE HONORED | |
| #IF THE USER IS IN THE APPROPRIATE SECURITY GROUP BEFORE THIS COMMAND | |
| Set-ADAccountPassword -Identity $samAccountName -Reset -NewPassword $passwordSecure | |
| #CREATE HOME DIRECTORY | |
| New-Item -Path $homeDirectory -ItemType Directory -Force | |
| #APPLY PERMISSIONS TO HOME FOLDER | |
| $identityReference = $domainName + '\' + $samAccountName | |
| $fileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]::Modify | |
| $inheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit | |
| $propagationFlags = [System.Security.AccessControl.PropagationFlags]::None | |
| $accessControl = [System.Security.AccessControl.AccessControlType]::Allow | |
| $accessRuleSplat = $identityReference, $fileSystemAccessRights, $inheritanceFlags, $propagationFlags, $accessControl | |
| $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $accessRuleSplat | |
| $homeDirectoryACL = Get-Acl $homeDirectory | |
| $homeDirectoryACL.AddAccessRule($accessRule) | |
| Set-Acl -Path $homeDirectory -AclObject $homeDirectoryACL | |
| #endregion | |
| } | |
| $array | |
| $array | Export-Csv -Path C:\IDM\<DISTRICT>_NEW_$currentDateTime.csv -NoTypeInformation | |
| $i | |
| $body = $array | Out-String | |
| if($i -gt 0) | |
| { | |
| #DEFINE CURRENT DATE | |
| $emailCurrentDate = (Get-Date).ToString('MM/dd/yy') | |
| $emailPassword = ConvertTo-SecureString "<SMTPPASSWORD>" -AsPlainText -Force | |
| $emailCred = New-Object System.Management.Automation.PSCredential ("<USERNAME>",$emailPassword) | |
| $emailToAddresses = @('<user1_email>','<user2_email>') | |
| Send-MailMessage -SmtpServer <SMTP_SERVER> -Subject "$emailCurrentDate - $company Student Account Creation" -Body "$body" -From idm_insert@$domainAddress -To $emailToAddresses -Credential $emailCred | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment