API tools faq
paste
Guest User

Untitled

a guest
Mar 23rd, 2018
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.88 KB | None | 0 0
raw download clone embed print report
  1. #New Student User Script
  2. #Created May 2017
  3.  
  4. #Function to automate creation of Student AD and email accounts
  5. #Prompted for new user information: first name, last name, location, and Grade
  6. #Based on School user will be place in proper OU and groups (high school and middle school only)
  7.  
  8. Function New_Student {
  9.  
  10.  
  11.  
  12. #Data Entered by Admin. (Entries converted to proper capitalization automatically)
  13.  
  14.  
  15.  
  16.  
  17. $Fname = Read-Host "Enter User's First Name"
  18.  
  19. $Fname = $Fname.substring(0,1).toupper()+$Fname.substring(1).tolower()
  20.  
  21. $Lname = Read-Host "Enter User's Last Name"
  22.  
  23. $Lname = $Lname.substring(0,1).toupper()+$Lname.substring(1).tolower()
  24.  
  25. $Location = Read-Host "Enter User's location (MS or HS)"
  26.  
  27. $Location = $Location.substring(0,2).toupper()+$Location.substring(2).tolower()
  28.  
  29. $Grade = Read-Host "Enter User's grade (single Digit)"
  30.  
  31. # #We use the students lunch number to help generate a defaul password. Change if desired
  32. $studentnum = Read-Host "Enter User's Lunch Pin Number"
  33.  
  34.  
  35.  
  36.  
  37. #Combined variables for further account information
  38. #Our accounts are created firstname.lastname. ie John smith = john.smith
  39.  
  40. $Fullname = "$Fname $Lname"
  41.  
  42. $Username = "$fname.$Lname"
  43.  
  44. $Username2 = ("$fname.$Lname"+1)
  45.  
  46. # #Choose Mailbox database for users
  47. $StudentMailDB = "Student"
  48.  
  49. # #Provide a default OU in case of error. User will be moved in commands below
  50. $DefaultOU = "OU=Default_User_OU,DC=CONTOSO,DC=COM"
  51.  
  52. # #password is capitalized initials and their lunch number
  53. #John smith with lunch number 123456 = JS123456
  54. $Upassword = $fname.substring(0,1)+$lname.substring(0,1)+$studentnum
  55.  
  56. $Password = ConvertTo-SecureString "$Upassword" -AsPlainText -Force
  57.  
  58.  
  59. #Check if username exists
  60. #if it exists it will add the number 1 after their username john.smith1
  61. #Also assigns home directory based on school location
  62.  
  63. $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"
  64.  
  65.  
  66. if (!$exists){$sAMaccountname=$username}
  67.  
  68. else {$sAmaccountname=$username2}
  69.  
  70. $UPN = $sAmaccountname+"@contoso.com"
  71.  
  72.  
  73. # #Home directory for middle school students
  74. $MShomedir = "\\server\Share\"
  75.  
  76. $MSuserdir = "$MShomedir$sAMaccountname"
  77.  
  78. # #Home directory for High school students
  79. $HShomedir = "\\Server\Share\"
  80.  
  81. $HSuserdir = "$HShomedir$sAMaccountname"
  82.  
  83.  
  84.  
  85. Write-Host "Now creating account...."
  86.  
  87. #Begin user creation commands
  88.  
  89. Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
  90.  
  91. New-Mailbox -Name $Fullname -FirstName $Fname -LastName $Lname -Alias $sAmaccountname -UserPrincipalName $UPN -Database $StudentMailDB -OrganizationalUnit $DefaultOU -Password $Password
  92.  
  93. #sleep command allows all tasks to finish before continuing. Prevents random errors.
  94.  
  95. Start-Sleep -s 10
  96.  
  97.  
  98. #Else if statements to assign to AD Groups, OU, Title, Department, Company
  99. #sets password to never expire and not allowed to change
  100. #Home drive set to S:
  101.  
  102. if ($location -eq "MS"){
  103.  
  104. Get-ADuser $sAMaccountname | Set-ADuser -Department "$Grade" -Title "Student" -homedirectory \\Server\Share\$sAmaccountname -homedrive S: -CannotChangePassword:$true -PasswordNeverExpires $true
  105.  
  106. # #Enter desired OU for users to be move to
  107. Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=Student,OU=MS,DC=CONTOSO,DC=COM"
  108.  
  109. # #change group names as needed. Copy and paste command for additional groups
  110. Add-ADGroupMember -Identity "MS_Students" -Member $sAMaccountname
  111.  
  112. Add-ADGroupMember -Identity "MS Students" -Member $sAMaccountname
  113.  
  114.  
  115. ## Create the directory
  116. New-Item -path $MShomedir -Name $sAMaccountname -ItemType Directory
  117.  
  118.  
  119. ## Modify Permissions on homedir
  120. $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
  121. $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
  122. $Propogation=[System.Security.AccessControl.PropagationFlags]::None
  123. $Access=[System.Security.AccessControl.AccessControlType]::Allow
  124. $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
  125. $ACL = Get-Acl $MSuserdir
  126. $ACL.AddAccessRule($AccessRule)
  127. $Account = new-object system.security.principal.ntaccount($UPN)
  128. $ACL.setowner($Account)
  129. $ACL.SetAccessRule($AccessRule)
  130. Set-Acl $MSuserdir $ACL
  131.  
  132.  
  133. }
  134.  
  135. elseif ($Location -eq "HS"){
  136.  
  137. Get-ADuser $sAMaccountname | Set-ADuser -Department "$Grade" -Title "Student" -homedirectory \\Server\Share\$sAmaccountname -homedrive S: -CannotChangePassword:$true -PasswordNeverExpires $true
  138.  
  139. Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=Student,OU=MS,DC=CONTOSO,DC=COM"
  140.  
  141. Add-ADGroupMember -Identity "HS_Students" -Member $sAMaccountname
  142.  
  143. Add-ADGroupMember -Identity "HS Students" -Member $sAMaccountname
  144.  
  145.  
  146.  
  147.  
  148. ## Create the directory
  149. New-Item -path $HShomedir -Name $sAMaccountname -ItemType Directory
  150.  
  151.  
  152. ## Modify Permissions on homedir
  153. $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
  154. $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
  155. $Propogation=[System.Security.AccessControl.PropagationFlags]::None
  156. $Access=[System.Security.AccessControl.AccessControlType]::Allow
  157. $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
  158. $ACL = Get-Acl $HSuserdir
  159. $ACL.AddAccessRule($AccessRule)
  160. $Account = new-object system.security.principal.ntaccount($UPN)
  161. $ACL.setowner($Account)
  162. $ACL.SetAccessRule($AccessRule)
  163. Set-Acl $HSuserdir $ACL
  164.  
  165. }
  166.  
  167. ##Additional else if statements to add users to groups by grade -requested by our high school staff.
  168.  
  169. if ($Grade -eq "9"){
  170.  
  171. Add-ADGroupMember -Identity "Freshmen Students" -Member $sAMaccountname
  172.  
  173.  
  174. }
  175.  
  176. elseif ($Grade -eq "10"){
  177.  
  178. Add-ADGroupMember -Identity "Sophomore Students" -Member $sAMaccountname
  179.  
  180.  
  181. }
  182.  
  183. if ($Grade -eq "11"){
  184.  
  185. Add-ADGroupMember -Identity "junior Students" -Member $sAMaccountname
  186.  
  187.  
  188. }
  189.  
  190. if ($Grade -eq "12"){
  191.  
  192. Add-ADGroupMember -Identity "Senior Students" -Member $sAMaccountname
  193.  
  194.  
  195. }
  196.  
  197.  
  198. }
  199.  
  200. ##If you do not use server directories in your company be sure to remove all settings in regard to home directory##
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!