Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $insertFilePath = "C:\IDM\<DISTRICT>_students_insert.csv"
- $content = get-content -Path $insertFilePath
- if($content -ne $null)
- {
- Import-Module ActiveDirectory
- #DEFINE CURRENT DATE AND TIME
- $currentDateTime = (Get-Date).ToString('yyyy-MM-dd@hhmm')
- #DEFINE CURRENT DATE
- $currentDate = (Get-Date).ToString('MMddyy')
- #DEFINE CURRENT YEAR
- $currentYear = (Get-Date).ToString('yyyy')
- #DEFINE CURRENT MONTH
- $currentMonth = (Get-Date).ToString('MM')
- $students = Import-Csv -Path $insertFilePath
- #CREATE EMPTY ARRAY TO STORE NEW USERS DISCOVERED
- $i = 0
- $array = @()
- foreach ($student in $students)
- {
- #region VARIABLE DEFINITIONS
- #DEFINE ALL THE THINGS FROM EXPORT FILE
- $firstName = $student.idm_first_name
- $firstInitial = $firstName.Substring(0,1)
- $middleName = $student.idm_middle_name
- if($middleName -ne $null -AND $middleName -ne '')
- {
- $middleInitial = $middleName.Substring(0,1)
- }
- $lastName = $student.idm_last
- $lastInitial = $lastName.Substring(0,1)
- $fullName = $firstName + ' ' + $lastName
- $displayName = $firstName + ' ' + $lastName
- $samAccountName = $student.idm_samaccountname
- $userPrincipalName = $student.idm_upn
- $emailAddress = $student.idm_email
- $title = 'Student'
- $gradeLevel = $student.idm_student_grade_level
- $yearofGrad = $student.idm_student_graduation_year
- $employeeID = $student.idm_employeeid
- $employeeNumber = $student.idm_employeenumber
- $employeeNumberLength = $employeeNumber.Length
- $studentID = $employeeNumber.Substring(3)
- $studentIDLast4 = -join "$studentID"[-4..-1]
- #DEFINE HOME DRIVE LETTER AND PATH IF USED IN DISTRICT
- $homeDrive = 'H:'
- $homeDirectory = '\\<SERVER_FQDN>\Student Home Drives\' + $yearOfGrad + '\' + $samAccountName
- #DEFINE THE USERS YEAR OF GRAD SECURITY GROUP
- $group_YearofGrad = 'Student_' + $yearofGrad
- #CREATE AN EMPTY ARRAY TO STORE THE SECURITY GROUPS TO ADD THE USER TO
- $groupList = @()
- #ADD THE USER TO THEIR YEAR OF GRAD SECURITY GROUP
- $groupList += $group_YearofGrad
- #SET A TEMPORARY PASSWORD TO SUPPORT FINE-GRAINED PASSWORD POLICIES
- #WHICH REQUIRE GROUP MEMBERSHIP BEFORE A NON-SECURE PASSWORD CAN BE USED
- $passwordTemporary = (ConvertTo-SecureString -AsPlainText 'IWishYouHad8DigitPasswords' -Force)
- #DEFINE THE STATE BUILDING CODE FOR THE USER
- $buildingCode = $student.idm_building01code
- #DEFINE BUILDING VARIABLES BASED ON STATE BUILDING CODES
- switch ($buildingCode)
- {
- '<BUILDING_CODE_1>' {
- $buildingShortName = '<SHORTNAME>'
- $office = '<ELEMENTARY_BUILDING_NAME>'
- $streetAddress = '<BUILDING_ADDRESS'
- $city = '<DISTRICT>'
- $postalCode = '<ZIP_CODE>'
- $officePhone = '<PHONE_NUMBER>'
- $passwordInsecure = '<ELEM_SIMPLE_PASSWORD>'
- $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force)
- $ouPath_append = ',<OU_PATH_TO_ELEM_STUDENTS>'
- }
- '<BUILDING_CODE_2>' {
- $buildingShortName = '<SHORTNAME>'
- $office = '<HIGHSCHOOL_BUILDING_NAME>'
- $streetAddress = '<BUILDING_ADDRESS'
- $city = '<DISTRICT>'
- $postalCode = '<ZIP_CODE>'
- $officePhone = '<PHONE_NUMBER>'
- $passwordInsecure = '<HIGHSCHOOL_PASSWORD_ALGORITHM>'
- $passwordSecure = (ConvertTo-SecureString -AsPlainText $passwordInsecure -Force)
- $ouPath_append = ',<OU_PATH_TO_HIGHSCHOOL_STUDENTS>'
- }
- }
- #DEFINE OU PATH FOR THE DISTRICT
- $ouPath = 'OU=' + $yearOfGrad + $ouPath_append
- $ouPath_disabled = 'OU=Disabled Users,<OU_PATH>'
- #DEFINE THE USER DESCRIPTION
- $description = $buildingShortName + ' - Class of ' + $yearOfGrad
- #DEFINE DISTRICT SPECIFIC VARIABLES
- $organization = 'Ingham Intermediate School District'
- $state = 'MI'
- $company = '<DISTRICT>'
- $domainName = '<DOMAIN_SHORTNAME>'
- $domainAddress = '<DOMAIN_ADDRESS>'
- $department = $buildingShortName + ' - Class of ' + $yearOfGrad
- #endregion
- #region USER CREATION
- $i = $i + 1
- $array += $student
- Write-Host "Creating user: $samAccountName" -ForegroundColor Green
- #DEFINE ALL THE NEW USER ATTRIBUTES FOR SPLATTING
- $newUserSplat = @{
- Name = $fullName
- DisplayName = $displayName
- GivenName = $firstName
- Surname = $lastName
- SamAccountNAme = $samAccountName
- UserPrincipalName = $userPrincipalName
- EmailAddress = $emailAddress
- AccountPassword = $passwordTemporary
- ChangePasswordAtLogon = $false
- CannotChangePassword = $true
- PasswordNeverExpires = $true
- Path = $ouPath
- StreetAddress = $streetAddress
- City = $city
- State = $state
- PostalCode = $postalCode
- Organization = $organization
- Company = $company
- Office = $office
- OfficePhone = $officePhone
- Department = $department
- Title = $title
- Description = $description
- EmployeeID = $employeeID
- EmployeeNumber = $employeeNumber
- HomeDirectory = $homeDirectory
- HomeDrive = $homeDrive
- Enabled = $true
- }
- #CREATE THE USER BASED ON SPLAT
- New-ADUser @newUserSplat
- #SET THE MIDDLE NAME AND INITIALS IF THE USER HAS THEM
- if($middleName -ne $null -AND $middleName -ne '')
- {
- Set-ADUser -Identity $samAccountName -OtherName $middleName -Initials $middleInitial
- }
- else
- {
- Set-ADUser -Identity $samAccountName -Clear MiddleName,Initials
- }
- #ADD THE USER TO THEIR GROUPS
- if($groupList -ne $null)
- {
- $groupList = $groupList | ForEach-Object {Get-ADGroup -Identity $_}
- $groupList | ForEach-Object {Add-ADGroupMember -Identity $_ -Members $samAccountName}
- }
- #SET THE USERS PASSWORD
- #IF FINE-GRAINED PASSWORD POLICIES ARE INE FFECT THEY WILL BE HONORED
- #IF THE USER IS IN THE APPROPRIATE SECURITY GROUP BEFORE THIS COMMAND
- Set-ADAccountPassword -Identity $samAccountName -Reset -NewPassword $passwordSecure
- #CREATE HOME DIRECTORY
- New-Item -Path $homeDirectory -ItemType Directory -Force
- #APPLY PERMISSIONS TO HOME FOLDER
- $identityReference = $domainName + '\' + $samAccountName
- $fileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]::Modify
- $inheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $propagationFlags = [System.Security.AccessControl.PropagationFlags]::None
- $accessControl = [System.Security.AccessControl.AccessControlType]::Allow
- $accessRuleSplat = $identityReference, $fileSystemAccessRights, $inheritanceFlags, $propagationFlags, $accessControl
- $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $accessRuleSplat
- $homeDirectoryACL = Get-Acl $homeDirectory
- $homeDirectoryACL.AddAccessRule($accessRule)
- Set-Acl -Path $homeDirectory -AclObject $homeDirectoryACL
- #endregion
- }
- $array
- $array | Export-Csv -Path C:\IDM\<DISTRICT>_NEW_$currentDateTime.csv -NoTypeInformation
- $i
- $body = $array | Out-String
- if($i -gt 0)
- {
- #DEFINE CURRENT DATE
- $emailCurrentDate = (Get-Date).ToString('MM/dd/yy')
- $emailPassword = ConvertTo-SecureString "<SMTPPASSWORD>" -AsPlainText -Force
- $emailCred = New-Object System.Management.Automation.PSCredential ("iisd_idm",$emailPassword)
- $emailToAddresses = @('<user1_email>','<user2_email>')
- Send-MailMessage -SmtpServer <SMTP_SERVER> -Subject "$emailCurrentDate - $company Student Account Creation" -Body "$body" -From idm_insert@$domainAddress -To $emailToAddresses -Credential $emailCred
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement