A small script to add users to an AD environment based off a CSV file. More detail in my website - www.parkisecurity.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| .DESCRIPTION | |
| .PARAMETER CSVPath | |
| .INPUTS | |
| None | |
| You cannot pipe objects to this cmdlet | |
| .OUTPUTS | |
| Various and sundry. | |
| .NOTES | |
| bite me | |
| .EXAMPLE | |
| Kansa.ps1 | |
| In the above example the user has specified no arguments, which will | |
| cause Kansa to run modules per the .\Modules\Modules.conf file against | |
| a list of hosts that it is able to query from Active Directory. Errors | |
| and all output will be written to a timestamped output directory. If | |
| .\Modules\Modules.conf is not found, all ps1 scripts starting with Get- | |
| under the .\Modules\ directory (recursively) will be run. | |
| #> | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true,Position=0)] | |
| [String]$CSVPath='users.csv', | |
| [Parameter(Mandatory=$false,Position=1)] | |
| [String]$Delimiter=',', | |
| [Parameter(Mandatory=$true,Position=2)] | |
| [String]$OutputCsvPath='users.csv' | |
| ) | |
| Function GenerateStrongPassword ([Parameter(Mandatory=$true)][int]$PasswordLenght) | |
| { | |
| Add-Type -AssemblyName System.Web | |
| $PassComplexCheck = $false | |
| do { | |
| $newPassword=[System.Web.Security.Membership]::GeneratePassword($PasswordLenght,1) | |
| If ( ($newPassword -cmatch '[A-Z\p{Lu}\s]') ` | |
| -and ($newPassword -cmatch '[a-z\p{Ll}\s]') ` | |
| -and ($newPassword -match '[\d]') ` | |
| -and ($newPassword -match '[^\w]') | |
| ) | |
| { | |
| $PassComplexCheck=$True | |
| } | |
| } While ($PassComplexCheck -eq $false) | |
| return $newPassword | |
| } | |
| # Opening with a Try so the Finally block at the bottom will always call | |
| # the Exit-Script function and clean up things as needed. | |
| Try { | |
| $Users = import-csv -Path $CSVPath | |
| Write-Output '### SUCCESSFULLY imported CSV ###' | |
| Write-Output '### Processcing $($Users.Length) Users ###' | |
| $outputcsv = [System.Collections.ArrayList] @() | |
| foreach ($User in $Users) | |
| { | |
| $Displayname = ($User.firstname + ' ' + $User.lastname) | |
| $UserFirstname = $User.firstname | |
| $UserLastname = $User.lastname | |
| $OU = $User.OU | |
| $UPN = $User.email | |
| $email = $User.email | |
| $city = $User.city | |
| $country = $User.country | |
| $company = $User.company | |
| $Username = $User.username #also known as SAM | |
| $Username = $Username.Replace(" ", "") | |
| $jobtitle = $User.jobtitle | |
| $department = $User.department | |
| $password = $(GenerateStrongPassword(20)) | |
| New-ADUser -Name $Displayname -DisplayName $Displayname -SamAccountName $Username -GivenName $UserFirstname -Surname $UserLastname -Department $department -Title $jobtitle -EmailAddress $email -City $city -Country $country -Company $company -AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) -Enabled $true -Path $OU -ChangePasswordAtLogon $true –PasswordNeverExpires $false | |
| write-output "### Successfully added $Displayname - $username ###" | |
| foreach ($group in $user.groups.split(',')) { | |
| write-output "### Adding $username to $group ###" | |
| Add-ADGroupMember -Identity $group -members $username | |
| write-output "### Added $username to $group ###" | |
| } | |
| $outputcsv.add([PSCustomObject]@{ | |
| Username=$($username) | |
| Password=$password | |
| }) | |
| } | |
| $outputcsv | Export-Csv -Path $OutputCsvPath -NoTypeInformation | |
| Write-Output '### All Done ###`n' | |
| # Clean up # | |
| Exit | |
| # We're done. # | |
| } | |
| Catch { | |
| ("Caught: {0}" -f $_) | |
| } | |
| Finally { | |
| Exit | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment