param ( [Parameter(Mandatory=$false)] $logPath = "C:\Code\CreateUser.txt

1. param (
2. [Parameter(Mandatory=$false)]
3. $logPath = "C:\Code\CreateUser.txt",
4. [Parameter(Mandatory=$false)]
5. $csvPath = "C:\Code\ExampleUsers.csv",
6. [Parameter(Mandatory=$false)]
7. $homeRoot = "\\$env:computerName\home",
8. [Parameter(Mandatory=$false)]
9. $usvRoot = "\\$env:computerName\usv",
10. [Parameter(Mandatory=$false)]
11. $profileRoot = "\\$env:computerName\profile"
12. )
13.  
14. #region FunctionDeclaration
15. Function Write-Log
16. {
17. [CmdletBinding()]
18. Param(
19. [Parameter(Mandatory=$True)]
20. [String]$LogFile,
21.  
22. [Parameter(Mandatory=$False)]
23. [switch]$HiddenLogFile,
24.  
25. [Parameter(Mandatory=$False)]
26. [switch]$HiddenLogPath,
27.  
28. [Parameter(Mandatory=$False)]
29. [switch]$ClearLog,
30.  
31. [Parameter(Mandatory=$False)]
32. [ValidateRange(0,2)]
33. [Int]$CritLevel,
34.  
35. [Parameter(Mandatory=$False)]
36. [switch]$Start,
37.  
38. [Parameter(Mandatory=$False)]
39. [switch]$Stop,
40.  
41. [Parameter(Mandatory=$False)]
42. [switch]$NewLine,
43.  
44. [Parameter(Mandatory=$False)]
45. [String]$LogMessage
46.  
47. )
48.  
49. $Date = Get-Date -Format yyyy-MM-dd
50. $Time = Get-Date -Format HH:mm
51. $LogPath = Split-Path -Path $LogFile
52.  
53. #Ordner ueberpruefen und ggf. anlegen
54. if (!(Test-Path $LogPath))
55. {
56. if ($HiddenLogPath -eq $True)
57. {
58. New-Item $LogPath -type directory | %{$_.Attributes = "hidden"}
59. }
60. else
61. {
62. New-Item $LogPath -type directory | Out-Null
63. }
64. }
65.  
66. #Logfile ueberpruefen und ggf. anlegen
67. if (!(Test-Path $LogFile))
68. {
69. if ($HiddenLogFile -eq $True)
70. {
71. New-Item -Path $LogPath -Name (Split-Path -Path $LogFile -Leaf) -ItemType File | %{$_.Attributes = "hidden"}
72. }
73. else
74. {
75. New-Item -Path $LogPath -Name (Split-Path -Path $LogFile -Leaf) -ItemType File | Out-Null
76. }
77. }
78.  
79. #Start Log
80. If ($Start -eq $True)
81. {
82. If ($ClearLog -eq $True)
83. {
84. Clear-Content -Path $LogFile
85. }
86. Add-Content -Path $LogFile -Value "==================================================================================================="
87. Add-Content -Path $LogFile -Value "Started processing at [$([DateTime]::Now)]"
88. Add-Content -Path $LogFile -Value "==================================================================================================="
89. Add-Content -Path $LogFile -Value ""
90. }
91.  
92. # Set critlevel prefix
93. switch ($CritLevel)
94. {
95. 0 {$Prefix = "[$([DateTime]::Now)] Info: "}
96. 1 {$Prefix = "[$([DateTime]::Now)] Warning: "}
97. 2 {$Prefix = "[$([DateTime]::Now)] Error: "}
98. default {$Prefix = "[$([DateTime]::Now)] Info: "}
99. }
100.  
101. #LogMessage
102. If ($LogMessage -ne "")
103. {
104. If ($env:USERNAME -eq "rollem") {Write-Host ($Prefix + $LogMessage)}
105. Add-Content -Path $LogFile -Value ($Prefix + $LogMessage)
106. }
107.  
108. #NewLine
109. If ($NewLine -eq $True)
110. {
111. Add-Content -Path $LogFile -Value ""
112. }
113.  
114. #Stop Log
115. If ($Stop -eq $True)
116. {
117. Add-Content -Path $LogFile -Value ""
118. Add-Content -Path $LogFile -Value "==================================================================================================="
119. Add-Content -Path $LogFile -Value "Finished processing at [$([DateTime]::Now)]"
120. Add-Content -Path $LogFile -Value "==================================================================================================="
121. Add-Content -Path $LogFile -Value ""
122. }
123. }
124.  
125. function Add-NewACE
126. {
127. # Fügt einem Objekt eine gewünschte ACE hinzu
128. param (
129. [System.IO.DirectoryInfo]$DirectoryItem,
130. [String]$User,
131. [System.Security.AccessControl.FileSystemRights]$AccessRule
132. )
133.  
134. $aclObj = Get-Acl $DirectoryItem
135. $userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($User,$AccessRule, “ContainerInherit, ObjectInherit”, “None”, “Allow”)
136. $aclObj.AddAccessRule($userpermissions) | Out-Null
137. Set-Acl $DirectoryItem $aclObj
138. }
139.  
140. function Create-BFWUser {
141. param (
142. [Parameter(Mandatory)]
143. [String]$GivenName,
144. [Parameter(Mandatory)]
145. [String]$SurName,
146. [Parameter(Mandatory)]
147. [ValidateScript({Get-ADOrganizationalUnit $_})]
148. [String]$OrganizationalUnit,
149. [Parameter(Mandatory)]
150. [String]$Department,
151. [Parameter(Mandatory)]
152. [String]$UserName
153. )
154.  
155. try
156. {
157. New-ADUser -Name "$surName, $givenName" -DisplayName "$surName, $givenName" -SamAccountName $userName -Department $department `
158. -AccountPassword $password -Path $organizationalUnit -Surname $surName -GivenName $givenName -Enabled $true -ChangePasswordAtLogon $true `
159. -Type InetOrgPerson -UserPrincipalName "$UserName@$env:USERDNSDOMAIN"
160. }
161. catch [Microsoft.ActiveDirectory.Management.ADInvalidOperationException]
162. {
163. throw "User already exists"
164. }
165. }
166.  
167. function Add-BFWUserFolder {
168. [CmdletBinding(DefaultParameterSetName="Default")]
169. param (
170. [Parameter(Mandatory)]
171. [String]$RootFolder,
172.  
173. [Parameter(Mandatory)]
174. [String]$UserName,
175.  
176. [Parameter(Mandatory)]
177. [ValidateSet("Profile","HomeDrive","USV")]
178. [String]$ItemType,
179.  
180. [Parameter(Mandatory=$false)]
181. [Int]$ProfileVersion = "6"
182. )
183.  
184. try {
185. if ($ItemType -eq "Profile") {
186. $homeFolder = Join-Path -Path $RootFolder -ChildPath "$userName.V$ProfileVersion"
187. $homeObj = New-Item $homeFolder -ItemType Directory -ErrorAction Stop
188. }
189. else {
190. $homeFolder = Join-Path -Path $RootFolder -ChildPath $userName
191. $homeObj = New-Item $homeFolder -ItemType Directory -ErrorAction Stop
192. }
193.  
194. Add-NewACE -DirectoryItem $homeObj -User $userName -AccessRule FullControl
195. $acl = Get-Acl -Path $homeFolder
196. $acl.SetOwner($(New-Object System.Security.Principal.NTAccount("Builtin", "Administrators")))
197. Set-Acl -Path $homeFolder -AclObject $acl -ErrorAction Stop
198.  
199. switch ($ItemType)
200. {
201. 'Profile' {
202. $homeFolder = ($homeFolder -split "\.")[0]
203. Get-ADUser $UserName | Set-ADUser -ProfilePath $homeFolder -ErrorAction Stop
204. }
205. 'HomeDrive' {
206. Get-ADUser $UserName | Set-ADUser -HomeDirectory $homeFolder -HomeDrive "H" -ErrorAction Stop
207. }
208. 'USV' {
209.  
210. }
211. Default {}
212. }
213. }
214. catch [System.Management.Automation.ActionPreferenceStopException] {
215. throw "Generic Error"
216. }
217. }
218.  
219. function Load-DataFromCsv {
220. param (
221. [Parameter(Mandatory)]
222. [ValidateScript({Test-Path $_})]
223. [String]$FilePath
224. )
225. $objArr = Import-Csv $FilePath -Delimiter ";"
226. return $objArr
227. }
228. #endregion
229.  
230. #region StartLog
231. Write-Log -LogFile $logPath -Start
232. #endregion
233.  
234. #region DataLoader
235. Write-Log -LogFile $logPath -LogMessage "Loading Data from $csvPath"
236. $userArr = Load-DataFromCsv -FilePath $csvPath
237. #endregion
238.  
239. #region ScriptRun
240.  
241. foreach ($userObj in $userArr) {
242. $givenName = $userObj.Vorname
243. $surName = $userObj.Nachname
244. $organizationalUnit = $userObj.Pfad
245. $department = $userObj.Abteilung
246. $userName = $userObj.BenutzerName
247. $password = ConvertTo-SecureString -AsPlainText -Force $userObj.Passwort
248.  
249. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Creating user $userName"
250.  
251. try {
252. Create-BFWUser -givenName $givenName -surName $surName -organizationalUnit $organizationalUnit -department $department -userName $userName
253. }
254. catch {
255. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage $error[0].FullyQualifiedErrorId
256. }
257.  
258. try {
259. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Creating home folder under $homeRoot for user $userName"
260. Add-BFWUserFolder -RootFolder $homeRoot -UserName $userName -ItemType HomeDrive
261. }
262. catch {
263. Write-Log -LogFile $logPath -CritLevel 2 -LogMessage $error[0].FullyQualifiedErrorId
264. }
265.  
266. try {
267. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Creating profile folder under $profileRoot for user $userName"
268. Add-BFWUserFolder -RootFolder $profileRoot -UserName $userName -ItemType Profile
269. }
270. catch {
271. Write-Log -LogFile $logPath -CritLevel 2 -LogMessage $error[0].FullyQualifiedErrorId
272. }
273. try {
274. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Creating USV folder under $usvRoot for user $userName"
275. Add-BFWUserFolder -RootFolder $usvRoot -UserName $userName -ItemType USV
276. }
277. catch {
278. Write-Log -LogFile $logPath -CritLevel 2 -LogMessage $error[0].FullyQualifiedErrorId
279. }
280.  
281. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Checking for Department Group existence"
282. try {
283. Get-ADGroup -Identity $department | Out-Null
284. Write-Log -LogFile $logPath -CritLevel 0 -LogMessage "Adding user $userName to group $department"
285. $groupAction = Add-ADGroupMember -Identity $department -Members $userName -PassThru
286. }
287. catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException]{
288. Write-Log -LogFile $logPath -CritLevel 2 -LogMessage "Group $department does not exist"
289. }
290. }
291.  
292. #endregion
293.  
294. #region EndLog
295. Write-Log -LogFile $logPath -Stop
296. #endregion