Create BizTalk Groups and Service Accounts with PowerShell

CreateAccountsAndGroups.ps1

# Path where to create the biztalk groups and service accounts
$BtsOuPath = "OU=BizTalk,OU=Service Accounts,DC=LABO,DC=local"
# Path where to create the biztalk admin user
$AdminOuPath = "CN=Users,DC=LABO,DC=local"
 
$DomainAdmin = "JMADMIN"
$BtsAdmin = "BTSADMIN"
 
# Convert the plain text passwords
$BtsAdminPassword = ConvertTo-SecureString "P@$$w0rd0" -AsPlainText -Force
$SSOServiceUserPassword = ConvertTo-SecureString "P@$$w0rd1" -AsPlainText -Force
$BTSHostUserPassword = ConvertTo-SecureString "P@$$w0rd2" -AsPlainText -Force
$BTSIsoHostUserPassword = ConvertTo-SecureString "P@$$w0rd3" -AsPlainText -Force
 
# Create biztalk groups
New-ADGroup -Name "SSO Administrators" -GroupCategory Security -GroupScope Global -DisplayName "SSO Administrators" -Path $BtsOuPath
New-ADGroup -Name "SSO Affiliate Administrators" -GroupCategory Security -GroupScope Global -DisplayName "SSO Affiliate Administrators" -Path $BtsOuPath
New-ADGroup -Name "BizTalk Application Users" -GroupCategory Security -GroupScope Global -DisplayName "BizTalk Application Users" -Path $BtsOuPath
New-ADGroup -Name "BizTalk Isolated Host Users" -GroupCategory Security -GroupScope Global -DisplayName "BizTalk Isolated Host Users" -Path $BtsOuPath
New-ADGroup -Name "BizTalk Server Administrators" -GroupCategory Security -GroupScope Global -DisplayName "BizTalk Server Administrators" -Path $BtsOuPath
New-ADGroup -Name "BizTalk Server Operators" -GroupCategory Security -GroupScope Global -DisplayName "BizTalk Server Operators" -Path $BtsOuPath
New-ADGroup -Name "BizTalk Server B2B Operators" -GroupCategory Security -GroupScope Global -DisplayName "BizTalk Server B2B Operators" -Path $BtsOuPath
 
# Create service accounts
New-ADUser -SamAccountName SSOServiceUser -AccountPassword $SSOServiceUserPassword -name "SSOServiceUser" -enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -Path $BtsOuPath
New-ADUser -SamAccountName BTSHostUser -AccountPassword $BTSHostUserPassword -name "BTSHostUser" -enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -Path $BtsOuPath
New-ADUser -SamAccountName BTSIsoHostUser -AccountPassword $BTSIsoHostUserPassword -name "BTSIsoHostUser" -enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -Path $BtsOuPath
New-ADUser -SamAccountName $BtsAdmin -AccountPassword $$BtsAdminPassword -name $BtsAdmin -enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -Path $AdminOuPath
 
# Add the service accounts to necessary groups
Add-ADPrincipalGroupMembership -Identity "SSOServiceUser" -MemberOf "SSO Administrators"
Add-ADPrincipalGroupMembership -Identity "BizTalk Server Administrators" -MemberOf "SSO Administrators"
Add-ADPrincipalGroupMembership -Identity $BtsAdmin -MemberOf "BizTalk Server Administrators"
Add-ADPrincipalGroupMembership -Identity "BTSHostUser" -MemberOf "BizTalk Application Users"
Add-ADPrincipalGroupMembership -Identity "BTSIsoHostUser" -MemberOf "BizTalk Isolated Host Users"
 
# Add the domain admin to all groups
Add-ADPrincipalGroupMembership -Identity $DomainAdmin -MemberOf "BizTalk Server Administrators"
Add-ADPrincipalGroupMembership -Identity $DomainAdmin -MemberOf "SSO Administrators"
Add-ADPrincipalGroupMembership -Identity $DomainAdmin -MemberOf "BizTalk Isolated Host Users"
Add-ADPrincipalGroupMembership -Identity $DomainAdmin -MemberOf "BizTalk Application Users"