Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #New Staff User Script
- #Created May 2017
- #Function to automate creation of Staff AD and email accounts
- #Prompted for new user information: first name, last name, location, and job title
- #Based on Building and job title user will be place in proper OU and groups
- Function New_Staff {
- #Data Entered by Admin. (Entries converted to proper capitalization automatically)
- #Change this information to match your company's username policy, location and jobs
- ###Changes to these variables must also be changed in the ifelse statements###
- $Fname = Read-Host "Enter User's First Name"
- $Fname = $Fname.substring(0,1).toupper()+$Fname.substring(1).tolower()
- $Lname = Read-Host "Enter User's Last Name"
- $Lname = $Lname.substring(0,1).toupper()+$Lname.substring(1).tolower()
- $Location = Read-Host "Enter User's location (RB, HP, LM, SS, MS, HS, or BG)"
- $Location = $Location.substring(0,2).toupper()+$Location.substring(2).tolower()
- $Jobtitle = Read-Host "Enter User's Job (Teacher or Para)"
- $Jobtitle = $Jobtitle.substring(0,1).toupper()+$Jobtitle.substring(1).tolower()
- #Combined variables for further account information
- #Usernames are lastname first initial i.e. John smith = smithJ
- #Also assigns a Mailbox Database and a default OU
- $Fullname = "$Fname $Lname"
- $Username = $Lname+$fname.substring(0,1)
- $Username = $Username.substring(0,1).toupper()+$Username.substring(1).tolower()
- $Username2 = $Lname+$fname.substring(0,2)
- $Username2 = $Username2.substring(0,1).toupper()+$Username2.substring(1).tolower()
- # #Enter desired Exchange Database
- $StaffMailDB = "Staff"
- # #Define default OU
- $DefaultOU = "OU=Default_User_OU,DC=CONTOSO,DC=COM"
- # #Default password
- $Password = ConvertTo-SecureString "Choosepassword" -AsPlainText -Force
- #Checks if username exists
- #if exists it will add an additional character from the first name. i.e. if smithj is taken Jake Smith = SmithJa
- #Create home directory folder for local server storage. Will be mapped to S:
- $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"
- if (!$exists){$sAMaccountname=$username}
- else {$sAmaccountname=$username2}
- $UPN = $sAmaccountname+"@contoso.com"
- # #If desired assign a server share and home directory. Delete if not used
- $homedir = "\\server\share\"
- $userdir = "$homedir$sAMaccountname"
- Write-Host "Now creating account...."
- #Begin user creation command.
- #Sets password to require change at login
- Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
- New-Mailbox -Name $Fullname -FirstName $Fname -LastName $Lname -Alias $sAmaccountname -UserPrincipalName $UPN -Database $StaffMailDB -OrganizationalUnit $DefaultOU -Password $Password -ResetPasswordOnNextLogon $true
- #sleep command allows all tasks to finish before continuing. Prevents random errors.
- Start-Sleep -s 10
- #Else if statements to assign AD Groups, OU, Title, Department, and Company based on information collected
- #This will need to be edited based on your preferences
- #Also moves the user to the defined OU
- if (($location -eq "MS") -and ($Jobtitle -eq "Teacher")){
- Get-ADuser $sAMaccountname | Set-ADuser -Department "MS" -Title "Teacher" -Company "Your Company" -homedirectory \\server\share\$sAmaccountname -homedrive S:
- # #Fill in desired OU for these users to be moved to
- Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
- # #Fill in Group names. Copy and paste command for additional groups
- Add-ADGroupMember -Identity "MS_Teachers" -Member $sAMaccountname
- Add-ADGroupMember -Identity "MS_Users" -Member $sAMaccountname
- # #Create the directory if desired
- New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
- #Modify Permissions on homedir
- $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
- $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $Propogation=[System.Security.AccessControl.PropagationFlags]::None
- $Access=[System.Security.AccessControl.AccessControlType]::Allow
- $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
- $ACL = Get-Acl $userdir
- $ACL.AddAccessRule($AccessRule)
- $Account = new-object system.security.principal.ntaccount($UPN)
- $ACL.setowner($Account)
- $ACL.SetAccessRule($AccessRule)
- Set-Acl $userdir $ACL
- }
- elseif (($Location -eq "MS") -and ($Jobtitle -eq "Para")){ Get-ADuser $sAMaccountname | Set-ADuser -Department "MS" -Title "Paraprofessional" -Company "Your Company" -homedirectory \\Server\Share\$sAmaccountname -homedrive S:
- Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
- Add-ADGroupMember -Identity "MS_Users" -Member $sAMaccountname
- ## Create the directory
- New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
- ## Modify Permissions on homedir
- $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
- $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $Propogation=[System.Security.AccessControl.PropagationFlags]::None
- $Access=[System.Security.AccessControl.AccessControlType]::Allow
- $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
- $ACL = Get-Acl $userdir
- $ACL.AddAccessRule($AccessRule)
- $Account = new-object system.security.principal.ntaccount($UPN)
- $ACL.setowner($Account)
- $ACL.SetAccessRule($AccessRule)
- Set-Acl $userdir $ACL
- }
- elseif (($Location -eq "HS") -and ($Jobtitle -eq "Teacher")){ Get-ADuser $sAMaccountname | Set-ADuser -Department "HS" -Title "Teacher" -Company "Your Company" -homedirectory \\Server\Share\$sAmaccountname -homedrive S:
- Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
- Add-ADGroupMember -Identity "HS_Teachers" -Member $sAMaccountname
- Add-ADGroupMember -Identity "hs_Users" -Member $sAMaccountname
- ## Create the directory
- New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
- ## Modify Permissions on homedir
- $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
- $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
- $Propogation=[System.Security.AccessControl.PropagationFlags]::None
- $Access=[System.Security.AccessControl.AccessControlType]::Allow
- $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
- $ACL = Get-Acl $userdir
- $ACL.AddAccessRule($AccessRule)
- $Account = new-object system.security.principal.ntaccount($UPN)
- $ACL.setowner($Account)
- $ACL.SetAccessRule($AccessRule)
- Set-Acl $userdir $ACL
- }
- #You can essentially copy and paste the else if statements and change the paramaters as needed.
- #I removed our additional ones as it is quite repetitive.
- }
Add Comment
Please, Sign In to add comment