Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #New Student User Script
- #Created May 2017
- #Function to automate creation of Student AD and email accounts
- #Prompted for new user information: first name, last name, location, and Grade
- #Based on School user will be place in proper OU and groups (high school and middle school only)
- Function New_Student {
- #Data Entered by Admin. (Entries converted to proper capitalization automatically)
- $Fname = Read-Host "Enter User's First Name"
- $Fname = $Fname.substring(0,1).toupper()+$Fname.substring(1).tolower()
- $Lname = Read-Host "Enter User's Last Name"
- $Lname = $Lname.substring(0,1).toupper()+$Lname.substring(1).tolower()
- $Location = Read-Host "Enter User's location (MS or HS)"
- $Location = $Location.substring(0,2).toupper()+$Location.substring(2).tolower()
- $Grade = Read-Host "Enter User's grade (single Digit)"
- # #We use the students lunch number to help generate a defaul password. Change if desired
- $studentnum = Read-Host "Enter User's Lunch Pin Number"
- #Combined variables for further account information
- #Our accounts are created firstname.lastname. ie John smith = john.smith
- $Fullname = "$Fname $Lname"
- $Username = "$fname.$Lname"
- $Username2 = ("$fname.$Lname"+1)
- # #Choose Mailbox database for users
- $StudentMailDB = "Student"
- # #Provide a default OU in case of error. User will be moved in commands below
- $DefaultOU = "OU=Default_User_OU,DC=CONTOSO,DC=COM"
- # #password is capitalized initials and their lunch number
- #John smith with lunch number 123456 = JS123456
- $Upassword = $fname.substring(0,1)+$lname.substring(0,1)+$studentnum
- $Password = ConvertTo-SecureString "$Upassword" -AsPlainText -Force
- #Check if username exists
- #if it exists it will add the number 1 after their username john.smith1
- #Also assigns home directory based on school location
- $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"
- if (!$exists){$sAMaccountname=$username}
- else {$sAmaccountname=$username2}
- $UPN = $sAmaccountname+"@contoso.com"
- # #Home directory for middle school students
- $MShomedir = "\\server\Share\"
- $MSuserdir = "$MShomedir$sAMaccountname"
- # #Home directory for High school students
- $HShomedir = "\\Server\Share\"
- $HSuserdir = "$HShomedir$sAMaccountname"
- Write-Host "Now creating account...."
- #Begin user creation commands
- Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
- New-Mailbox -Name $Fullname -FirstName $Fname -LastName $Lname -Alias $sAmaccountname -UserPrincipalName $UPN -Database $StudentMailDB -OrganizationalUnit $DefaultOU -Password $Password
- #sleep command allows all tasks to finish before continuing. Prevents random errors.
- Start-Sleep -s 10
- #Else if statements to assign to AD Groups, OU, Title, Department, Company
- #sets password to never expire and not allowed to change
- #Home drive set to S:
- if ($location -eq "MS"){
- Get-ADuser $sAMaccountname | Set-ADuser -Department "$Grade" -Title "Student" -homedirectory \\Server\Share\$sAmaccountname -homedrive S: -CannotChangePassword:$true -PasswordNeverExpires $true
- # #Enter desired OU for users to be move to
- Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=Student,OU=MS,DC=CONTOSO,DC=COM"
- # #change group names as needed. Copy and paste command for additional groups
- Add-ADGroupMember -Identity "MS_Students" -Member $sAMaccountname
- Add-ADGroupMember -Identity "MS Students" -Member $sAMaccountname
- ## Create the directory
- New-Item -path $MShomedir -Name $sAMaccountname -ItemType Directory
- ## Modify Permissions on homedir
- $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
- $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $Propogation=[System.Security.AccessControl.PropagationFlags]::None
- $Access=[System.Security.AccessControl.AccessControlType]::Allow
- $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
- $ACL = Get-Acl $MSuserdir
- $ACL.AddAccessRule($AccessRule)
- $Account = new-object system.security.principal.ntaccount($UPN)
- $ACL.setowner($Account)
- $ACL.SetAccessRule($AccessRule)
- Set-Acl $MSuserdir $ACL
- }
- elseif ($Location -eq "HS"){
- Get-ADuser $sAMaccountname | Set-ADuser -Department "$Grade" -Title "Student" -homedirectory \\Server\Share\$sAmaccountname -homedrive S: -CannotChangePassword:$true -PasswordNeverExpires $true
- Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=Student,OU=MS,DC=CONTOSO,DC=COM"
- Add-ADGroupMember -Identity "HS_Students" -Member $sAMaccountname
- Add-ADGroupMember -Identity "HS Students" -Member $sAMaccountname
- ## Create the directory
- New-Item -path $HShomedir -Name $sAMaccountname -ItemType Directory
- ## Modify Permissions on homedir
- $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
- $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $Propogation=[System.Security.AccessControl.PropagationFlags]::None
- $Access=[System.Security.AccessControl.AccessControlType]::Allow
- $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
- $ACL = Get-Acl $HSuserdir
- $ACL.AddAccessRule($AccessRule)
- $Account = new-object system.security.principal.ntaccount($UPN)
- $ACL.setowner($Account)
- $ACL.SetAccessRule($AccessRule)
- Set-Acl $HSuserdir $ACL
- }
- ##Additional else if statements to add users to groups by grade -requested by our high school staff.
- if ($Grade -eq "9"){
- Add-ADGroupMember -Identity "Freshmen Students" -Member $sAMaccountname
- }
- elseif ($Grade -eq "10"){
- Add-ADGroupMember -Identity "Sophomore Students" -Member $sAMaccountname
- }
- if ($Grade -eq "11"){
- Add-ADGroupMember -Identity "junior Students" -Member $sAMaccountname
- }
- if ($Grade -eq "12"){
- Add-ADGroupMember -Identity "Senior Students" -Member $sAMaccountname
- }
- }
- ##If you do not use server directories in your company be sure to remove all settings in regard to home directory##
Add Comment
Please, Sign In to add comment