-
-
Save irwins/ca2e9de93c1ee5488f69 to your computer and use it in GitHub Desktop.
Pester script to validate ADUser properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Author: I.C.A. Strachan | |
Version: 1.0 | |
Version History: | |
Purpose: Pester script to validate ADUser properties. | |
#> | |
[CmdletBinding()] | |
Param( | |
[string] | |
$csvFile = 'Users.csv', | |
[Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding] | |
$Encoding = 'UTF8' | |
) | |
$csvParam = @{ | |
Path = ".\source\csv\$csvFile" | |
Delimiter = "`t" | |
Encoding = $Encoding | |
} | |
$csvADUsers = Import-Csv @csvParam | |
$ADPropertiesToVerify = ($csvADUsers | Get-Member | Where-Object {$_.membertype -eq 'noteproperty'}).name | |
Foreach ($user in $csvADUsers){ | |
#Get AD User attirbutes | |
try{ | |
$verify = Get-ADUser -Identity $user.SamAccountName -Properties * | |
if ($verify) { | |
Describe "AD User operational readiness for $($user.DisplayName)" { | |
Context 'Verifying ADUser Attributes'{ | |
ForEach($attribute in $ADPropertiesToVerify){ | |
if (([string]::isNullOrEmpty($user.$attribute))) { | |
$user.$attribute = $null | |
} | |
if($attribute -eq 'Path'){ | |
it "User is located in $($user.$attribute)" { | |
$verify.DistinguishedName.Contains($user.$attribute) | |
} | |
} | |
else{ | |
it "User property $($attribute) value is $($verify.$attribute)" { | |
$user.$attribute | Should be $verify.$attribute | |
} | |
} | |
} | |
} | |
Context 'Verifying ADUser HomeDirectory Security'{ | |
it 'User HomeDirectory attribute is not empty'{ | |
$user.HomeDirectory | Should not be $null | |
} | |
It "Homedirectory $($user.HomeDirectory) exists"{ | |
Test-Path $user.HomeDirectory | Should be $true | |
} | |
It "User is owner of $($user.HomeDirectory)"{ | |
(Get-Acl $user.HomeDirectory).Owner| Should be "$($env:USERDOMAIN)\$($user.sAMAccountName)" | |
} | |
} | |
} | |
} | |
} | |
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{ | |
Write-Error -Message "User $($user.SamAccountName) account NOT present" | |
} | |
catch { | |
Write-Error -Message "Unhandled exception looking up $($user.SamAccountName)) account." | |
throw $_ | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment