$insertFilePath = "C:\IDM\<DISTRICT>_students_insert.csv"$content = get-content

1. $insertFilePath = "C:\IDM\<DISTRICT>_students_insert.csv"
2. $content = get-content -Path $insertFilePath
3.  
4. if($content -ne $null)
5. {
6. Import-Module ActiveDirectory
7.  
8. #DEFINE CURRENT DATE AND TIME
9. $currentDateTime = (Get-Date).ToString('yyyy-MM-dd@hhmm')
10. #DEFINE CURRENT DATE
11. $currentDate = (Get-Date).ToString('MMddyy')
12. #DEFINE CURRENT YEAR
13. $currentYear = (Get-Date).ToString('yyyy')
14. #DEFINE CURRENT MONTH
15. $currentMonth = (Get-Date).ToString('MM')
16.  
17. $students = Import-Csv -Path $insertFilePath
18.  
19. #CREATE EMPTY ARRAY TO STORE NEW USERS DISCOVERED
20. $i = 0
21. $array = @()
22.  
23. foreach ($student in $students)
24. {
25. #region VARIABLE DEFINITIONS
26. #DEFINE ALL THE THINGS FROM EXPORT FILE
27. $firstName = $student.idm_first_name
28. $firstInitial = $firstName.Substring(0,1)
29. $middleName = $student.idm_middle_name
30. if($middleName -ne $null -AND $middleName -ne '')
31. {
32. $middleInitial = $middleName.Substring(0,1)
33. }
34. $lastName = $student.idm_last
35. $lastInitial = $lastName.Substring(0,1)
36.  
37. $fullName = $firstName + ' ' + $lastName
38. $displayName = $firstName + ' ' + $lastName
39.  
40. $samAccountName = $student.idm_samaccountname
41. $userPrincipalName = $student.idm_upn
42. $emailAddress = $student.idm_email
43.  
44. $title = 'Student'
45.  
46. $gradeLevel = $student.idm_student_grade_level
47. $yearofGrad = $student.idm_student_graduation_year
48.  
49. $employeeID = $student.idm_employeeid
50. $employeeNumber = $student.idm_employeenumber
51. $employeeNumberLength = $employeeNumber.Length
52.  
53. $studentID = $employeeNumber.Substring(3)
54. $studentIDLast4 = -join "$studentID"[-4..-1]
55.  
56. #DEFINE HOME DRIVE LETTER AND PATH IF USED IN DISTRICT
57. $homeDrive = 'H:'
58. $homeDirectory = '\\<SERVER_FQDN>\Student Home Drives\' + $yearOfGrad + '\' + $samAccountName
59.  
60. #DEFINE THE USERS YEAR OF GRAD SECURITY GROUP
61. $group_YearofGrad = 'Student_' + $yearofGrad
62. #CREATE AN EMPTY ARRAY TO STORE THE SECURITY GROUPS TO ADD THE USER TO
63. $groupList = @()
64. #ADD THE USER TO THEIR YEAR OF GRAD SECURITY GROUP
65. $groupList += $group_YearofGrad
66.  
67. #SET A TEMPORARY PASSWORD TO SUPPORT FINE-GRAINED PASSWORD POLICIES
68. #WHICH REQUIRE GROUP MEMBERSHIP BEFORE A NON-SECURE PASSWORD CAN BE USED
69. $passwordTemporary = (ConvertTo-SecureString -AsPlainText 'IWishYouHad8DigitPasswords' -Force)
70.  
71. #DEFINE THE STATE BUILDING CODE FOR THE USER
72. $buildingCode = $student.idm_building01code
73.  
74. #DEFINE BUILDING VARIABLES BASED ON STATE BUILDING CODES
75. switch ($buildingCode)
76. {
77. '<BUILDING_CODE_1>' {
78. $buildingShortName = '<SHORTNAME>'
79. $office = '<ELEMENTARY_BUILDING_NAME>'
80. $streetAddress = '<BUILDING_ADDRESS'
81. $city = '<DISTRICT>'
82. $postalCode = '<ZIP_CODE>'
83. $officePhone = '<PHONE_NUMBER>'
84. $passwordInsecure = '<ELEM_SIMPLE_PASSWORD>'
85. $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force)
86. $ouPath_append = ',<OU_PATH_TO_ELEM_STUDENTS>'
87. }
88. '<BUILDING_CODE_2>' {
89. $buildingShortName = '<SHORTNAME>'
90. $office = '<HIGHSCHOOL_BUILDING_NAME>'
91. $streetAddress = '<BUILDING_ADDRESS'
92. $city = '<DISTRICT>'
93. $postalCode = '<ZIP_CODE>'
94. $officePhone = '<PHONE_NUMBER>'
95. $passwordInsecure = '<HIGHSCHOOL_PASSWORD_ALGORITHM>'
96. $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force)
97. $ouPath_append = ',<OU_PATH_TO_HIGHSCHOOL_STUDENTS>'
98. }
99. }
100.  
101. #DEFINE OU PATH FOR THE DISTRICT
102. $ouPath = 'OU=' + $yearOfGrad + $ouPath_append
103. $ouPath_disabled = 'OU=Disabled Users,<OU_PATH>'
104.  
105. #DEFINE THE USER DESCRIPTION
106. $description = $buildingShortName + ' - Class of ' + $yearOfGrad
107.  
108. #DEFINE DISTRICT SPECIFIC VARIABLES
109. $organization = 'Ingham Intermediate School District'
110. $state = 'MI'
111. $company = '<DISTRICT>'
112. $domainName = '<DOMAIN_SHORTNAME>'
113. $domainAddress = '<DOMAIN_ADDRESS>'
114. $department = $buildingShortName + ' - Class of ' + $yearOfGrad
115. #endregion
116.  
117. #region USER CREATION
118.  
119. $i = $i + 1
120. $array += $student
121.  
122. Write-Host "Creating user: $samAccountName" -ForegroundColor Green
123.  
124. #DEFINE ALL THE NEW USER ATTRIBUTES FOR SPLATTING
125. $newUserSplat = @{
126. Name = $fullName
127. DisplayName = $displayName
128. GivenName = $firstName
129. Surname = $lastName
130. SamAccountNAme = $samAccountName
131. UserPrincipalName = $userPrincipalName
132. EmailAddress = $emailAddress
133. AccountPassword = $passwordTemporary
134. ChangePasswordAtLogon = $false
135. CannotChangePassword = $true
136. PasswordNeverExpires = $true
137. Path = $ouPath
138. StreetAddress = $streetAddress
139. City = $city
140. State = $state
141. PostalCode = $postalCode
142. Organization = $organization
143. Company = $company
144. Office = $office
145. OfficePhone = $officePhone
146. Department = $department
147. Title = $title
148. Description = $description
149. EmployeeID = $employeeID
150. EmployeeNumber = $employeeNumber
151. HomeDirectory = $homeDirectory
152. HomeDrive = $homeDrive
153. Enabled = $true
154. }
155.  
156. #CREATE THE USER BASED ON SPLAT
157. New-ADUser @newUserSplat
158.  
159. #SET THE MIDDLE NAME AND INITIALS IF THE USER HAS THEM
160. if($middleName -ne $null -AND $middleName -ne '')
161. {
162. Set-ADUser -Identity $samAccountName -OtherName $middleName -Initials $middleInitial
163. }
164. else
165. {
166. Set-ADUser -Identity $samAccountName -Clear MiddleName,Initials
167. }
168.  
169. #ADD THE USER TO THEIR GROUPS
170. if($groupList -ne $null)
171. {
172. $groupList = $groupList | ForEach-Object {Get-ADGroup -Identity $_}
173. $groupList | ForEach-Object {Add-ADGroupMember -Identity $_ -Members $samAccountName}
174. }
175.  
176. #SET THE USERS PASSWORD
177. #IF FINE-GRAINED PASSWORD POLICIES ARE INE FFECT THEY WILL BE HONORED
178. #IF THE USER IS IN THE APPROPRIATE SECURITY GROUP BEFORE THIS COMMAND
179. Set-ADAccountPassword -Identity $samAccountName -Reset -NewPassword $passwordSecure
180.  
181. #CREATE HOME DIRECTORY
182. New-Item -Path $homeDirectory -ItemType Directory -Force
183.  
184. #APPLY PERMISSIONS TO HOME FOLDER
185. $identityReference = $domainName + '\' + $samAccountName
186. $fileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]::Modify
187. $inheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
188. $propagationFlags = [System.Security.AccessControl.PropagationFlags]::None
189. $accessControl = [System.Security.AccessControl.AccessControlType]::Allow
190. $accessRuleSplat = $identityReference, $fileSystemAccessRights, $inheritanceFlags, $propagationFlags, $accessControl
191. $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $accessRuleSplat
192. $homeDirectoryACL = Get-Acl $homeDirectory
193. $homeDirectoryACL.AddAccessRule($accessRule)
194. Set-Acl -Path $homeDirectory -AclObject $homeDirectoryACL
195. #endregion
196. }
197. $array
198. $array | Export-Csv -Path C:\IDM\<DISTRICT>_NEW_$currentDateTime.csv -NoTypeInformation
199. $i
200.  
201. $body = $array | Out-String
202.  
203.  
204. if($i -gt 0)
205. {
206. #DEFINE CURRENT DATE
207. $emailCurrentDate = (Get-Date).ToString('MM/dd/yy')
208. $emailPassword = ConvertTo-SecureString "<SMTPPASSWORD>" -AsPlainText -Force
209. $emailCred = New-Object System.Management.Automation.PSCredential ("iisd_idm",$emailPassword)
210. $emailToAddresses = @('<user1_email>','<user2_email>')
211. Send-MailMessage -SmtpServer <SMTP_SERVER> -Subject "$emailCurrentDate - $company Student Account Creation" -Body "$body" -From idm_insert@$domainAddress -To $emailToAddresses -Credential $emailCred
212. }
213. }