API tools faq
paste
Guest User

Untitled

a guest
Mar 23rd, 2018
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.98 KB | None | 0 0
raw download clone embed print report
  1. #New Staff User Script
  2. #Created May 2017
  3.  
  4. #Function to automate creation of Staff AD and email accounts
  5. #Prompted for new user information: first name, last name, location, and job title
  6. #Based on Building and job title user will be place in proper OU and groups
  7.  
  8. Function New_Staff {
  9.  
  10.  
  11.  
  12. #Data Entered by Admin. (Entries converted to proper capitalization automatically)
  13. #Change this information to match your company's username policy, location and jobs
  14.  
  15. ###Changes to these variables must also be changed in the ifelse statements###
  16.  
  17.  
  18.  
  19. $Fname = Read-Host "Enter User's First Name"
  20.  
  21. $Fname = $Fname.substring(0,1).toupper()+$Fname.substring(1).tolower()
  22.  
  23. $Lname = Read-Host "Enter User's Last Name"
  24.  
  25. $Lname = $Lname.substring(0,1).toupper()+$Lname.substring(1).tolower()
  26.  
  27. $Location = Read-Host "Enter User's location (RB, HP, LM, SS, MS, HS, or BG)"
  28.  
  29. $Location = $Location.substring(0,2).toupper()+$Location.substring(2).tolower()
  30.  
  31. $Jobtitle = Read-Host "Enter User's Job (Teacher or Para)"
  32.  
  33. $Jobtitle = $Jobtitle.substring(0,1).toupper()+$Jobtitle.substring(1).tolower()
  34.  
  35.  
  36. #Combined variables for further account information
  37. #Usernames are lastname first initial i.e. John smith = smithJ
  38. #Also assigns a Mailbox Database and a default OU
  39.  
  40. $Fullname = "$Fname $Lname"
  41.  
  42. $Username = $Lname+$fname.substring(0,1)
  43.  
  44. $Username = $Username.substring(0,1).toupper()+$Username.substring(1).tolower()
  45.  
  46. $Username2 = $Lname+$fname.substring(0,2)
  47.  
  48. $Username2 = $Username2.substring(0,1).toupper()+$Username2.substring(1).tolower()
  49.  
  50. # #Enter desired Exchange Database
  51. $StaffMailDB = "Staff"
  52.  
  53. # #Define default OU
  54. $DefaultOU = "OU=Default_User_OU,DC=CONTOSO,DC=COM"
  55.  
  56. # #Default password
  57. $Password = ConvertTo-SecureString "Choosepassword" -AsPlainText -Force
  58.  
  59.  
  60. #Checks if username exists
  61. #if exists it will add an additional character from the first name. i.e. if smithj is taken Jake Smith = SmithJa
  62. #Create home directory folder for local server storage. Will be mapped to S:
  63.  
  64. $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"
  65.  
  66.  
  67. if (!$exists){$sAMaccountname=$username}
  68.  
  69. else {$sAmaccountname=$username2}
  70.  
  71. $UPN = $sAmaccountname+"@contoso.com"
  72.  
  73. # #If desired assign a server share and home directory. Delete if not used
  74. $homedir = "\\server\share\"
  75.  
  76. $userdir = "$homedir$sAMaccountname"
  77.  
  78.  
  79.  
  80. Write-Host "Now creating account...."
  81.  
  82. #Begin user creation command.
  83. #Sets password to require change at login
  84.  
  85. Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
  86.  
  87. New-Mailbox -Name $Fullname -FirstName $Fname -LastName $Lname -Alias $sAmaccountname -UserPrincipalName $UPN -Database $StaffMailDB -OrganizationalUnit $DefaultOU -Password $Password -ResetPasswordOnNextLogon $true
  88.  
  89. #sleep command allows all tasks to finish before continuing. Prevents random errors.
  90.  
  91. Start-Sleep -s 10
  92.  
  93.  
  94.  
  95. #Else if statements to assign AD Groups, OU, Title, Department, and Company based on information collected
  96. #This will need to be edited based on your preferences
  97. #Also moves the user to the defined OU
  98.  
  99. if (($location -eq "MS") -and ($Jobtitle -eq "Teacher")){
  100.  
  101. Get-ADuser $sAMaccountname | Set-ADuser -Department "MS" -Title "Teacher" -Company "Your Company" -homedirectory \\server\share\$sAmaccountname -homedrive S:
  102.  
  103. # #Fill in desired OU for these users to be moved to
  104. Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
  105.  
  106. # #Fill in Group names. Copy and paste command for additional groups
  107. Add-ADGroupMember -Identity "MS_Teachers" -Member $sAMaccountname
  108.  
  109. Add-ADGroupMember -Identity "MS_Users" -Member $sAMaccountname
  110.  
  111. # #Create the directory if desired
  112. New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
  113.  
  114.  
  115. #Modify Permissions on homedir
  116. $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
  117. $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
  118. $Propogation=[System.Security.AccessControl.PropagationFlags]::None
  119. $Access=[System.Security.AccessControl.AccessControlType]::Allow
  120. $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
  121. $ACL = Get-Acl $userdir
  122. $ACL.AddAccessRule($AccessRule)
  123. $Account = new-object system.security.principal.ntaccount($UPN)
  124. $ACL.setowner($Account)
  125. $ACL.SetAccessRule($AccessRule)
  126. Set-Acl $userdir $ACL
  127.  
  128.  
  129. }
  130.  
  131. elseif (($Location -eq "MS") -and ($Jobtitle -eq "Para")){ Get-ADuser $sAMaccountname | Set-ADuser -Department "MS" -Title "Paraprofessional" -Company "Your Company" -homedirectory \\Server\Share\$sAmaccountname -homedrive S:
  132.  
  133. Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
  134.  
  135. Add-ADGroupMember -Identity "MS_Users" -Member $sAMaccountname
  136.  
  137. ## Create the directory
  138. New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
  139.  
  140.  
  141. ## Modify Permissions on homedir
  142. $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
  143. $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
  144. $Propogation=[System.Security.AccessControl.PropagationFlags]::None
  145. $Access=[System.Security.AccessControl.AccessControlType]::Allow
  146. $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
  147. $ACL = Get-Acl $userdir
  148. $ACL.AddAccessRule($AccessRule)
  149. $Account = new-object system.security.principal.ntaccount($UPN)
  150. $ACL.setowner($Account)
  151. $ACL.SetAccessRule($AccessRule)
  152. Set-Acl $userdir $ACL
  153.  
  154. }
  155.  
  156. elseif (($Location -eq "HS") -and ($Jobtitle -eq "Teacher")){ Get-ADuser $sAMaccountname | Set-ADuser -Department "HS" -Title "Teacher" -Company "Your Company" -homedirectory \\Server\Share\$sAmaccountname -homedrive S:
  157.  
  158. Get-ADuser $sAMaccountname | Move-ADObject -TargetPath "OU=Users,OU=staff,OU=MS,DC=CONTOSO,DC=COM"
  159.  
  160. Add-ADGroupMember -Identity "HS_Teachers" -Member $sAMaccountname
  161.  
  162. Add-ADGroupMember -Identity "hs_Users" -Member $sAMaccountname
  163.  
  164. ## Create the directory
  165. New-Item -path $homedir -Name $sAMaccountname -ItemType Directory
  166.  
  167.  
  168. ## Modify Permissions on homedir
  169. $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
  170. $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
  171. $Propogation=[System.Security.AccessControl.PropagationFlags]::None
  172. $Access=[System.Security.AccessControl.AccessControlType]::Allow
  173. $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($UPN,$Rights,$Inherit,$Propogation,$Access)
  174. $ACL = Get-Acl $userdir
  175. $ACL.AddAccessRule($AccessRule)
  176. $Account = new-object system.security.principal.ntaccount($UPN)
  177. $ACL.setowner($Account)
  178. $ACL.SetAccessRule($AccessRule)
  179. Set-Acl $userdir $ACL
  180.  
  181. }
  182.  
  183. #You can essentially copy and paste the else if statements and change the paramaters as needed.
  184. #I removed our additional ones as it is quite repetitive.
  185.  
  186.  
  187.  
  188.  
  189. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!