createusers

1. ###########################################################
2. # AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl
3. # DATE    : 26-04-2012
4. # EDIT    : 17-04-2014
5. # COMMENT : This script creates new Active Directory users,
6. #           including different kind of properties, based
7. #           on an input_create_ad_users.csv.
8. # VERSION : 1.2
9. ###########################################################
10.  
11. # CHANGELOG
12. # Version 1.2: 15-04-2014 - Changed the code for better
13. # - Added better Error Handling and Reporting.
14. # - Changed input file with more logical headers.
15. # - Added functionality for account Enabled,
16. #   PasswordNeverExpires, ProfilePath, ScriptPath,
17. #   HomeDirectory and HomeDrive
18. # - Added the option to move every user to a different OU.
19.  
20. # ERROR REPORTING ALL
21. Set-StrictMode -Version latest
22.  
23. #----------------------------------------------------------
24. # LOAD ASSEMBLIES AND MODULES
25. #----------------------------------------------------------
26. Try
27. {
28.   Import-Module ActiveDirectory -ErrorAction Stop
29. }
30. Catch
31. {
32.   Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
33.   Exit 1
34. }
35.  
36. #----------------------------------------------------------
37. #STATIC VARIABLES
38. #----------------------------------------------------------
39. $path     = Split-Path -parent $MyInvocation.MyCommand.Definition
40. $newpath  = $path + "\import_create_ad_users.csv"
41. $log      = $path + "\create_ad_users.log"
42. $date     = Get-Date
43. $addn     = (Get-ADDomain).DistinguishedName
44. $dnsroot  = (Get-ADDomain).DNSRoot
45. $i        = 1
46.  
47. #----------------------------------------------------------
48. #START FUNCTIONS
49. #----------------------------------------------------------
50. Function Start-Commands
51. {
52.   Create-Users
53. }
54.  
55. Function Create-Users
56. {
57.   "Processing started (on " + $date + "): " | Out-File $log -append
58.   "--------------------------------------------" | Out-File $log -append
59.   Import-CSV $newpath | ForEach-Object {
60.     If (($_.Implement.ToLower()) -eq "yes")
61.     {
62.       If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
63.       {
64.         Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n"
65.         "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
66.       }
67.       Else
68.       {
69.         # Set the target OU
70.         $location = $_.TargetOU + ",$($addn)"
71.  
72.         # Set the Enabled and PasswordNeverExpires properties
73.         If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
74.         If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
75.  
76.         # A check for the country, because those were full names and need
77.         # to be land codes in order for AD to accept them. I used Netherlands
78.         # as example
79.         If($_.Country -eq "Netherlands")
80.         {
81.           $_.Country = "NL"
82.         }
83.         Else
84.         {
85.           $_.Country = "CA"
86.         }
87.         # Replace dots / points (.) in names, because AD will error when a
88.         # name ends with a dot (and it looks cleaner as well)
89.         $replace = $_.Lastname.Replace(".","")
90.         If($replace.length -lt 4)
91.         {
92.           $lastname = $replace
93.         }
94.         Else
95.         {
96.           $lastname = $replace.substring(0,4)
97.         }
98.         $replace2_at = $_.GivenName.Replace(".","")
99.         If($replace2_at.length -lt 4)
100.         {
101.           $firstname_at = $replace2_at
102.         }
103.         Else
104.         {
105.           $firstname_at = $replace2_at.substring(0,4)
106.         }
107.         # Create sAMAccountName according to this 'naming convention':
108.         # <FirstLetterInitials><FirstFourLettersLastName> for example
109.         # htehp
110.         $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
111.         $FourDigitFirstAndLast_at = $firstname_at+$lastname
112.         Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
113.         Catch { }
114.         If(!$exists)
115.         {
116.           # Set all variables according to the table names in the Excel
117.           # sheet / import CSV. The names can differ in every project, but
118.           # if the names change, make sure to change it below as well.
119.           $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
120.  
121.           Try
122.           {
123.             Write-Host "[INFO]`t Creating user : $($sam)"
124.             "[INFO]`t Creating user : $($sam)" | Out-File $log -append
125.             New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
126.             -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
127.             -Office $_.OfficeName -Description $_.Description -EmailAddress "$FourDigitFirstAndLast_at@gartech.com" `
128.             -StreetAddress $_.StreetAddress -City $_.City -State $_.State `
129.             -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
130.             -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
131.             -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager `
132.             -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory + $FourDigitFirstAndLast_at `
133.             -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires
134.             Write-Host "[INFO]`t Created new user : $($sam)"
135.             "[INFO]`t Created new user : $($sam)" | Out-File $log -append
136.      
137.             $dn = (Get-ADUser $sam).DistinguishedName
138.             # Set an ExtensionAttribute
139.             If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
140.             {
141.               $ext = [ADSI]"LDAP://$dn"
142.               $ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
143.               Try   { $ext.SetInfo() }
144.               Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
145.             }
146.        
147.             # Move the user to the OU ($location) you set above. If you don't
148.             # want to move the user(s) and just create them in the global Users
149.             # OU, comment the string below
150.             If ([adsi]::Exists("LDAP://$($location)"))
151.             {
152.               Move-ADObject -Identity $dn -TargetPath $location
153.               Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
154.               "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
155.             }
156.             Else
157.             {
158.               Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
159.               "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
160.             }
161.        
162.             # Rename the object to a good looking name (otherwise you see
163.             # the 'ugly' shortened sAMAccountNames as a name in AD. This
164.             # can't be set right away (as sAMAccountName) due to the 20
165.             # character restriction
166.             $newdn = (Get-ADUser $sam).DistinguishedName
167.             Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName)
168.             Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
169.             "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
170.           }
171.           Catch
172.           {
173.             Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
174.           }
175.         }
176.         Else
177.         {
178.           Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
179.           "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
180.         }
181.       }
182.     }
183.     Else
184.     {
185.       Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
186.       "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
187.     }
188.     $i++
189.   }
190.   "--------------------------------------------" + "`r`n" | Out-File $log -append
191. }
192.  
193. Write-Host "STARTED SCRIPT`r`n"
194. Start-Commands
195. Write-Host "STOPPED SCRIPT"