Last active
October 10, 2017 04:40
-
-
Save micmaher/823bcc38977e0d74d910 to your computer and use it in GitHub Desktop.
PowerShell Module - Create AD User with Attributes needed for Office 365 Integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires RunAsAdministrator | |
<# | |
.Author | |
Michael Maher on 2/2/16 | |
#> | |
Function Request-Address{ | |
<# | |
.DESCRIPTION | |
Reads in Office 365 required attributes and creates users | |
Path has been tidied up and replaced the extracted CanonicalName#> | |
Param ([string]$address) | |
Write-Output "Checking address format for $address" | |
If ($address -Like("*SMTP*")) {Get-QADUser $user.samAccountname | Add-QADProxyAddress -Address $address; Write-Output "Proxy address $address written"} | |
ElseIf ($address -Like("*SIP*")) {Get-QADUser $user.samAccountname | Add-QADProxyAddress -CustomType SIP -Address $address; Write-Output "Proxy address $address written" } | |
ElseIf ($address -Like("*X400*")) {Get-QADUser $user.samAccountname | Add-QADProxyAddress -Type X400 -Address $address; Write-Output "Proxy address $address written"} | |
Remove-Variable -name address | |
} | |
Function Import-ADUser{ | |
<# | |
.SYNOPSIS | |
Creates users from CSV file exported from the CORPIR domain. | |
Important: Requires DELL's ActiveRoles extension to PowerShell. Tested with ActiveRoles x64 1.6.0 | |
.DESCRIPTION | |
Reads in Office 365 required attributes and creates users | |
Path has been tidied up and replaced the extracted CanonicalName | |
samAccountName company description employeeid employeetype department | |
mobile title givenName surName displayName userPrincipalName mail | |
ProxyAddress_1 ProxyAddress_2 ProxyAddress_3 | |
When objects are read in from CSV they can be referenced by $user.displayName or $user.canonicalName etc. | |
.EXAMPLE | |
Running the script without parameters will import the user from the CSV with all the neccesary attributes but will leave the use disabled with no H drive | |
Import-ADUser | |
You can run enable3user.ps1 at a later date to enable the user account.create the H drive, set the right permissions, create the DFS link and apply a 2GB quota | |
.EXAMPLE | |
To import the user and have them fully set-up run with the -enable parameter. | |
This will also enable the user account.create the H drive, set the right permissions, create the DFS link and apply a 2GB quota | |
Import-ADUser -enable | |
.INPUTS | |
exportCorpirUsr Module creates a cmdlet called Export-ADUser | |
This cmdlet exports to a file called 'C:\scripts\Users.csv' which is used by this script. | |
Export-ADUser -days 10 -domain CONTOSO -mailto michael.maher@contoso.com | |
A user.csv should look like this in its raw form. | |
"samAccountName","givenName","surName","displayName","canonicalName","userPrincipalName","mail","ProxyAddress_1","ProxyAddress_2","ProxyAddress_3" | |
"VSimpson","Vladimir","Simpson","Vladimir Simpson","contoso.com/User Accounts/Vladimir Simpson","VSimpson@contoso.com","Vladimir.Simpson@contoso.com","SMTP:Vladimir.Simpson@contoso.com", | |
"rsmith3","Richard","Smith","Richard Smith","contoso.com/User Accounts/Contractors/Richard Smith3","rsmith3@contoso.com","Richard.Smith2@contoso.com","SMTP:Richard.Smith2@contoso.com","X400:C=GB;A= ;P=CONTOSO;O=UK;S=Smith;G=Richard;", | |
.OUTPUTS | |
Log file is not created, use -verbose parameter to output to screen | |
.NOTES | |
Can be used to import a single user or many users | |
Needs appropriate rights for user creation | |
#> | |
Param ([switch] $enable) | |
Begin | |
{ | |
import-module activeDirectory | |
$csvFile = "C:\scripts\users.csv" | |
Write-Output "Reading $csvFile " | |
$colUsers = Import-csv $csvFile -useCulture | |
$remoteServer = "fileserver1" | |
$domain = "contoso.com" | |
$homeShare = "Home" | |
$ShareDrive = "E" | |
$Right="FullControl" | |
$absolutePath = "$($shareDrive):\homedrives" | |
$hiddenShare = "homeDrives$($shareDrive)$" | |
$newUserPath="OU=Ireland Users, DC=contoso,DC=com" | |
} | |
Process | |
{ | |
foreach ($user in $colUsers) | |
{ | |
if ($user){ | |
Try{ | |
Write-Output "Creating $($user.samAccountname)" | |
# Create the account | |
New-ADUser -SamAccountName $user.samAccountname -UserPrincipalName $user.mail` | |
-Name $user.displayName -DisplayName $user.displayname -GivenName $user.givenName` | |
-Description $user.description -EmployeeID $user.employeeid` | |
-department $user.department -mobilePhone $user.mobile -title $user.title` | |
-homedrive "H:" -homedirectory $user.homedirectory -emailaddress $user.mail` | |
-SurName $user.surName -Path $newUserPath -AccountPassword (ConvertTo-SecureString "Six6!944" -AsPlainText -force)` | |
-passthru -ErrorAction Stop | |
Write-Output "Created $user.samaccountname" | |
} | |
Catch{Write-Output $error[0].ToString()} | |
Try{ | |
# Add up to 3 proxyaddresses to the account | |
Write-Output "Checking for Proxy Addresses" | |
if ($user.ProxyAddress_1){Request-Address $user.ProxyAddress_1} | |
if ($user.ProxyAddress_2){Request-Address $user.ProxyAddress_2} | |
if ($user.ProxyAddress_3){Request-Address $user.ProxyAddress_3} | |
} | |
Catch{Write-Output $error[0].ToString()} | |
Try{ | |
# Add the employeeType value | |
Write-Output "Adding emplyeeType value" | |
set-qaduser $user.samAccountName -ObjectAttributes @{employeeType=$user.employeeType} | |
Write-Output "employeeType attribute written" | |
} | |
Catch{Write-Output $error[0].ToString()} | |
if ($enable){ | |
Try{ | |
Write-Output "Enabling $user.samAccountName" | |
Enable-ADAccount -Identity $user.samAccountname | |
Write-Output "Enabled $user.samAccountname" | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
Try{ | |
$newHdrive = "$($absolutePath)\$($user.samaccountname)" | |
Write-Output "Creating directory $newHdrive" | |
If ($newHdrive -eq "$($absolutePath)\"){Write-Output "The username not found appended in $newHdrive - script will terminate"; exit} | |
Invoke-Command -computername $remoteServer {New-Item -path $args[0] -type directory} -Args $newHdrive -ErrorAction Stop | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
Try{ | |
Write-Output "Setting home directory permissions" | |
$rule=new-object System.Security.AccessControl.FileSystemAccessRule($user.samaccountname, $Right, "ContainerInherit, ObjectInherit", "None", "Allow") | |
$acl=get-acl "\\$($remoteServer)\$($hiddenShare)\$($user.samaccountname)" | |
$acl.SetAccessRule($rule) | |
set-acl "\\$($remoteServer)\$($hiddenShare)\$($user.samaccountname)" $acl -ErrorAction Stop | |
Write-Output "Set ACLs on Home Directory" | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
Try{ | |
Write-Output "Creating DFS Link for Home Directory" | |
Invoke-Command -computername $remoteServer {New-DfsnFolder -path $args[0] -targetpath $args[1]} -Args "\\$($domain)\$($homeShare)\$($user.samaccountname)", "\\$($remoteServer)\$($hiddenShare)\$($user.samaccountname)" | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
Try{ | |
Write-Output "Setting Home Directory mapping" | |
Set-ADUser -Identity $user.samAccountname -HomeDrive "H:" -HomeDirectory "\\$($domain)\$($homeShare)\$($user.samaccountname)" | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
Try{ | |
Write-Output "Setting 2GB Quota for Home Directory" | |
Invoke-Command -computername $remoteServer {New-FsrmQuota -Path $args[0] -Template "2GB HomeDir Limit"} -Args "$($absolutePath)\$($user)" | |
} | |
Catch{Write-Output $error[0].ToString() + $error[0].InvocationInfo.PositionMessage} | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment