Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cls
- # this script requires two additional modules to operate.
- # AD module is included with microsoft server2008r2 by default
- # carbon module can be downloaded from: get-carbon.org
- #
- #
- #script created by: Miha Jelenc, jelenc(.)miha(at)gmail(.)com
- #
- import-module activedirectory
- #location of your log files, it you don't need them, just comment out the lines below
- #
- $log_location = read-host "where would you like the log file located? (in the form of drive:\folder\subfolder\) "
- $results = $log_location + "log.txt"
- if(!(test-path $log_location)){
- new-item $log_location -type directory
- new-item $results -type file
- }
- #create a new organizational unit in which other organizational units (ou's) will be created - this is optional,
- #you can use the rest of the script to insert ou's directly into your something.somewhere.com domain
- #instead of $organizational_unit_name put tha name of ou you want to add to active directory
- #instead of "ou=vaje,dc=sandbox,dc=local" put the desired path for your ou
- #protection from deletion parameter is optional
- #
- $topou = read-host "write the name of parent organizational unit"
- $group = get-adorganizationalunit -filter {name -eq $topou}
- if ($group -eq $null) {
- write-output "creating ou account:" $topou | out-file $results -append
- new-adorganizationalunit -name $topou -path "ou=vaje,dc=sandbox,dc=local" -protectedfromaccidentaldeletion $false
- }
- else {write-output "this organizational unit allready exists: " $topou}
- #insert the path to your csv file with the user data and ou data. Csv file must be formated like the below lines in order for this script to work:
- #organizationalunit,surname,name,username,email,password
- #ouname,doe,john,doej99,doej99@somewhere.com,123456
- #you can add or remove some fields, only ou,username and password are required for the script to work
- #first line contains the column names, second line and onwards contains actual user information
- #
- $yourcsv = read-host "enter the path to your .csv file" | import-csv
- $unique = $yourcsv | sort-Object -property Organizationalunit -unique
- # next you will be propmted to enter the path to you shared folder location. the path should be in "drive:\directory\subdirectory" format
- #
- $folder = read-host "path to your shared folders' location"
- $rootpath = read-host "local path to users' network drives"
- #the if loop checks if the folder allready exists otherwise it creates a new folder in the specified path
- #
- Write-host "working..."
- if(!(test-path $folder)){
- new-item $folder -type directory | out-file $results -append
- }
- #the below for loop will create ou's based on your .csv, create shared folders for each ou and create ad security groups inside ou's
- #
- foreach ($_organizationalunit in $unique) {
- $adou= $_organizationalunit.OrganizationalUnit
- $group = get-adorganizationalunit -filter { name -eq $adou}
- #if loop tests for existence of each organizational unit in .csv, if the name isn't found in active directory a new organizational unit is created
- #
- if ($group -eq $null) {
- write-output "creating ou account:" $adou | out-file $results -append
- new-adorganizationalunit -name $adou -path "ou=$topou,ou=Vaje,dc=sandbox,dc=local" -protectedfromaccidentaldeletion $false
- }
- #if loop checks for existence of shared folder for each organizational group and creates one if it doesn't exist
- #
- $newfolder = join-path -path $folder -childpath $adou
- if(!(test-path $newfolder)){
- new-item $newfolder -type directory | out-file $results -append
- write-output "creating new group folder:" $adou | out-file $results -append
- }
- #a new security group inside the organizational unit for easier sharing of folder and user rights managment
- #
- $security = get-adgroup -filter { name -eq $adou}
- if ($security -eq $null) {
- new-adgroup -samaccountname $adou -name $adou -path "ou=$adou,ou=$topou,ou=Vaje,dc=sandbox,dc=local" -groupscope global
- write-output "new security group created" $adou | out-file $results -append
- }
- $sharegroup = "SANDBOX\" + $adou
- #newly created folder is shared with following permissions: administrators have full rights and users within the organizational unit have change access
- #
- $smbshare = Get-WmiObject win32_share | where {$_.name -eq $adou}
- if ($smbshare -eq $null){
- new-smbshare -name $adou -path $newfolder -changeaccess $sharegroup -fullaccess "builtin\administrators" | out-file $results -append
- }
- else {
- write-output $adou "allready exist" | out-file $results -append
- }
- }
- #populate the newly created organizational units with users
- #
- foreach ($_organizationalunit in $yourcsv) {
- #collect information from csv file
- #
- $adou= $_organizationalunit.OrganizationalUnit
- $user= $_organizationalunit.username
- $lastname = $_organizationalunit.surname
- $name = $_organizationalunit.name
- $email = $_organizationalunit.email
- $pass =$_organizationalunit.password
- #convert password to secure string
- #
- $password = convertto-securestring $pass -asplaintext -force
- #this will later on make sure the user is created in the correct adou
- #
- $organization = get-adorganizationalunit -filter {name -eq $adou}
- $adusercontainer = $organization.distinguishedname
- $aduser = get-aduser -filter {samaccountname -eq $user}
- $display = $name + " " + $lastname
- #replace $domain with your domain name
- #
- $homegroup = "sandbox\" + $adou
- #create necessary variables for succesfull user creation
- #
- $path = join-path -path $rootpath -childpath $adou
- $subpath = join-path -path $path -childpath $user
- $samba = "sandbox\" + $user
- #create user if he or she doesn't allready exist
- #
- #if loop checks if the user directory allready exists
- #
- if(!(test-path $subpath)){
- new-item $subpath -type directory
- write-output "user folder created: "$subpath | out-file $results -append
- }
- else {
- write-output "this user folder allready exists: " $subpath | out-file $results -append
- }
- #if loop checks if the user exists
- #
- if ($aduser -eq $null) {
- #replace $servername with the network location of user folders and $domain with your domain logon
- #
- $net_drive = "\\ADSM1\" + $user
- write-output "creating user account:" $user | out-file $results -append
- new-aduser -samaccountname $user -name $display -path $adusercontainer -UserPrincipalName $email -givenname $name -surname $lastname -displayname $display -accountpassword $password -emailaddress $email -homedirectory $net_drive -homedrive "h:" -enabled $true
- add-adgroupmember -identity $adou -member $user
- }
- else {
- write-output "this user allready exists: " $user | out-file $results -append
- }
- # $smbuser = Get-WmiObject win32_share | where {$_.name -eq $user}
- # if ($smbuser -eq $null) {
- # new-smbshare -name $user -path $subpath -changeaccess $samba -fullaccess "builtin\administrators" | out-file $results -append
- # }
- # else {
- # write-output $user "folder is allready shared" | out-file $results -append
- # }
- }
- Write-host "...completed successfully"
- Write-host "results can be found here:" $results
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement