API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2018
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.80 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .Synopsis
  3. Process to create administrative accounts. Need to supply the name.name of their standard user account. Please see the ServiceNow KB article for up to date information on administrative accounts for an explanation of .02-.05 to ensure you're using the correct number (hint: 03 for systems/network access, 02 for desktop support).
  4. .DESCRIPTION
  5. Process to create administrative accounts. Checks for the existence of the deprecated .admin account, if true it copies access over to the .0# account. If false, it copies standard user account access and checks for common role groups that aren't necessary. Adds user to FGPP group to force the stronger password requirements. Dumps newly created account into the correct OU under <#*redacted*#>
  6. .EXAMPLE
  7. New-DUAdminAccount -NameDotName Bruce.Wayne -Level 03
  8. .EXAMPLE
  9. New-DUAdminAccount -NameDotName Thor.Odinson,Tony.Stark,Peter.Parker -Level 03
  10. .EXAMPLE
  11. New-DUAdminAccount Han.Solo,Ben.Kenobi -Level 02
  12. #>
  13. function New-DUAdminAccount{
  14. [CmdletBinding()]
  15. Param
  16. (
  17. # Param1 help description
  18. [Parameter(Mandatory=$true,
  19. Position=0)]
  20. [string[]]
  21. $NameDotName,
  22.  
  23. # Param2 help description
  24. [Parameter(Mandatory=$true,
  25. ValueFromRemainingArguments=$false,
  26. Position=1)]
  27. [ValidateSet("02", "03", "04", "05")]
  28. [String]
  29. $Level,
  30.  
  31. # Param3 help description
  32. [Parameter(ParameterSetName='Another Parameter Set')]
  33. [String]
  34. $TemplateUser
  35. )
  36.  
  37. #$User = [string]$NameDotName
  38.  
  39. foreach ($User in $NameDotName){
  40. $singleUser = get-aduser $user -Properties *
  41. $firstName = $singleUser.givenname
  42. $lastName = $singleUser.surname
  43. $displayName = $singleUser.DisplayName + ' ' + $Level
  44. $nameDName = $singleUser.SamAccountName + '.' + $Level
  45. $userPrincipalName = $nameDName + '@du.edu'
  46. $description = "$displayName Account"
  47. $standardUserEmail = $singleUser.mail
  48. $UTSAzureExemptUsers = <#*redacted*#>
  49. #declaring $truncNameDotName
  50. $truncNameDotName=@()
  51. $amount = '17'
  52. #finding the length of the namedotname, if it's greater than 17 then...
  53. if ( $nameDotName.length -gt 17){
  54. #add new entry to $truncNameDotName that performs the substring method which takes everything from character 0 up to the $amount(i.e. 17) and removes the rest
  55. $truncNameDotName = $nameDotName.substring(0,$amount)
  56. $truncNameDotName = $truncNameDotName + "." + $Level
  57. }
  58. else{$truncNameDotName = $nameDName}
  59.  
  60. #creates random password for each user
  61. $randomObj = New-Object System.Random
  62. $Password=""
  63. #For those curious, the (33,126) represents the acceptable(a-z,A-Z,#,special characters) characters on the ASCI table. For example, 27 is backspace!!!
  64. 1..15 |
  65. ForEach { $Password = $Password + [char]$randomObj.next(33,126) }
  66. #Converts password to securestring type which we have to do because new-aduser requires it
  67. $securePW = ConvertTo-SecureString $Password -AsPlainText -Force
  68.  
  69. #create the user
  70. New-ADUser -Name $displayName -GivenName $firstName -DisplayName $nameDName -Surname $lastName -SamAccountName $truncNameDotName -Description $description -Path $UTSAzureExemptUsers -AccountPassword $securePW -UserPrincipalName $userPrincipalName -Enabled $true -Confirm:$false
  71.  
  72. Start-Sleep -Seconds 10
  73.  
  74. #Group Membership
  75.  
  76. Set-ADUser -Identity $truncNameDotName -Add @{extensionAttribute10 = $standardUserEmail}
  77.  
  78. if(!$TemplateUser){
  79. #Perform actions exclusive to 02
  80. if($Level -eq '02'){
  81. Add-ADGroupMember -Members $truncNameDotName -Identity <#*redacted*#>
  82. #replaces primary group with <#*redacted*#>
  83. $primaryGroupToken = Get-ADGroup <#*redacted*#> -Properties primarygrouptoken |select primarygrouptoken -ExpandProperty primarygrouptoken
  84. Set-ADUser -Identity $truncNameDotName -replace @{PrimaryGroupID="$primaryGroupToken"}
  85. Remove-ADGroupMember -Identity "Domain Users" -Members $truncNameDotName -Confirm:$false
  86. }
  87. }
  88. else{
  89. Get-ADUser $TemplateUser -Properties memberof |
  90. Select-Object memberof -ExpandProperty memberof |
  91. foreach ({Add-ADGroupMember -Members $truncNameDotName -Identity $_})
  92.  
  93. #filters out needless role groups
  94. $roleGroups = Get-ADGroup -Filter <#*redacted*#> | select name
  95. foreach($group in $roleGroups.name){Remove-ADGroupMember -Identity $group -Members $truncNameDotName -Confirm:$false}
  96. }
  97. #Adds FGGP target group
  98. Add-ADGroupMember -Members $truncNameDotName -Identity <#*redacted*#>
  99. }
  100.  
  101. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!