create_ad_users.ps1

1. ###########################################################
2. # AUTHOR : Marius / Hican - http://www.hican.nl - @hicannl
3. # DATE : 26-04-2012
4. # EDIT : 07-08-2014
5. # COMMENT : This script creates new Active Directory users,
6. # including different kind of properties, based
7. # on an input_create_ad_users.csv.
8. # VERSION : 1.3
9. ###########################################################
10.  
11. # CHANGELOG
12. # Version 1.2: 15-04-2014 - Changed the code for better
13. # - Added better Error Handling and Reporting.
14. # - Changed input file with more logical headers.
15. # - Added functionality for account Enabled,
16. # PasswordNeverExpires, ProfilePath, ScriptPath,
17. # HomeDirectory and HomeDrive
18. # - Added the option to move every user to a different OU.
19. # Version 1.3: 08-07-2014
20. # - Added functionality for ProxyAddresses
21.  
22. # ERROR REPORTING ALL
23. Set-StrictMode -Version latest
24.  
25. #----------------------------------------------------------
26. # LOAD ASSEMBLIES AND MODULES
27. #----------------------------------------------------------
28. Try
29. {
30. Import-Module ActiveDirectory -ErrorAction Stop
31. }
32. Catch
33. {
34. Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
35. Exit 1
36. }
37.  
38. #----------------------------------------------------------
39. #STATIC VARIABLES
40. #----------------------------------------------------------
41. $path = Split-Path -parent $MyInvocation.MyCommand.Definition
42. $newpath = $path + "\import_create_ad_users.csv"
43. $log = $path + "\create_ad_users.log"
44. $date = Get-Date
45. $addn = (Get-ADDomain).DistinguishedName
46. $dnsroot = (Get-ADDomain).DNSRoot
47. $i = 1
48.  
49. #----------------------------------------------------------
50. #START FUNCTIONS
51. #----------------------------------------------------------
52. Function Start-Commands
53. {
54. Create-Users
55. }
56.  
57. Function Create-Users
58. {
59. "Processing started (on " + $date + "): " | Out-File $log -append
60. "--------------------------------------------" | Out-File $log -append
61. Import-CSV $newpath | ForEach-Object {
62. If (($_.Implement.ToLower()) -eq "yes")
63. {
64. If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
65. {
66. Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n"
67. "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
68. }
69. Else
70. {
71. # Set the target OU
72. $location = $_.TargetOU + ",$($addn)"
73.  
74. # Set the Enabled and PasswordNeverExpires properties
75. If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
76. If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
77.  
78. # A check for the country, because those were full names and need
79. # to be land codes in order for AD to accept them. I used Netherlands
80. # as example
81. If($_.Country -eq "Netherlands")
82. {
83. $_.Country = "NL"
84. }
85. Else
86. {
87. $_.Country = "EN"
88. }
89. # Replace dots / points (.) in names, because AD will error when a
90. # name ends with a dot (and it looks cleaner as well)
91. $replace = $_.Lastname.Replace(".","")
92. If($replace.length -lt 4)
93. {
94. $lastname = $replace
95. }
96. Else
97. {
98. $lastname = $replace.substring(0,4)
99. }
100. # Create sAMAccountName according to this 'naming convention':
101. # <FirstLetterInitials><FirstFourLettersLastName> for example
102. # htehp
103. $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
104. Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
105. Catch { }
106. If(!$exists)
107. {
108. # Set all variables according to the table names in the Excel
109. # sheet / import CSV. The names can differ in every project, but
110. # if the names change, make sure to change it below as well.
111. $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
112.  
113. Try
114. {
115. Write-Host "[INFO]`t Creating user : $($sam)"
116. "[INFO]`t Creating user : $($sam)" | Out-File $log -append
117. New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
118. -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
119. -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail `
120. -StreetAddress $_.StreetAddress -City $_.City -State $_.State `
121. -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
122. -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
123. -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager `
124. -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory `
125. -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires
126. Write-Host "[INFO]`t Created new user : $($sam)"
127. "[INFO]`t Created new user : $($sam)" | Out-File $log -append
128.  
129. $dn = (Get-ADUser $sam).DistinguishedName
130. # Set an ExtensionAttribute
131. If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
132. {
133. $ext = [ADSI]"LDAP://$dn"
134. $ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
135. Try { $ext.SetInfo() }
136. Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
137. }
138.  
139. # Set ProxyAdresses
140. Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop }
141. Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" }
142.  
143. # Move the user to the OU ($location) you set above. If you don't
144. # want to move the user(s) and just create them in the global Users
145. # OU, comment the string below
146. If ([adsi]::Exists("LDAP://$($location)"))
147. {
148. Move-ADObject -Identity $dn -TargetPath $location
149. Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
150. "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
151. }
152. Else
153. {
154. Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
155. "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
156. }
157.  
158. # Rename the object to a good looking name (otherwise you see
159. # the 'ugly' shortened sAMAccountNames as a name in AD. This
160. # can't be set right away (as sAMAccountName) due to the 20
161. # character restriction
162. $newdn = (Get-ADUser $sam).DistinguishedName
163. Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName)
164. Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
165. "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
166. }
167. Catch
168. {
169. Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
170. }
171. }
172. Else
173. {
174. Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
175. "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
176. }
177. }
178. }
179. Else
180. {
181. Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
182. "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
183. }
184. $i++
185. }
186. "--------------------------------------------" + "`r`n" | Out-File $log -append
187. }
188.  
189. Write-Host "STARTED SCRIPT`r`n"
190. Start-Commands
191. Write-Host "STOPPED SCRIPT"