Powershell – Making a Supershell for Easier User Creation and Automation – Part 2

By
Sean Kearney
on July 17, 2009 6:03 PM | | Comments (0) | TrackBacks (0)

So last time we combined Snapins to give us a Powershell that was Pumped up.   Combining multiple management functions from different applications in to Quest ActiveRoles Management Shell for Active Directory.

And now you get to see why.

What I wanted to get done was a nice simple script in Powershell that would not only create a user (or users), but do it consistently.   I wanted to just type in a First and Last Name, let the script run and Generate the Account in A/D, The Email address, most of the basics, create the User in OCS.

I wanted a One Shot deal

And hear it is.

Granted.  The syntax of this script is VERY simplistic.  There’s a reason for that.   I want ANYBODY to pick up this script and be able to take it, improve it, learn from it.

What is does is simple, Asks for a First and Last name as well as a password.

Using the new Shell environment combining Exchnage 2007 Snapin and ActiveRoles Management from Quest it will create a rule and populate as MANY default fields as possible.  It will create and assign a user’s home drive.  The user will be enabled in OCS (if you have OCS)

Here is the monster.   Use it, abuse it.   Email me at sean@energizedtech.com for comments on it or questions.

Let’s REALLY get a feel for what Powershell can do for you.

Not just Batch jobs (but that’s easy to) But simple consistency

Enjoy and abuse.  Save the File as NEWUSER.PS1 in your script

---------------------------- Start Script ---------------------------------------------------------

# New User In PowerShell
# ye110wbeard Finally shuts up and writes a script that is USEFUL and doesn't sing about it
# 7/15/2009 :)
# And it couldn't have happened if it wasn't for the Powershell Community
#
# This script in many ways is VERY simple.  I simply chose to use simple assignments instead of a fancy "CSV Import" so a Powershell
# Newbie might be able to look at it, and get a better grasp of what everything is in Active Directory when THEY want to do something similiar
#
# For Newbie Users, a line beginning with a '#' is a comment.   If you put a '#' the line will be ignored.

# Prompt User for FirstName and LastName of new user

$FirstName = read-host -Prompt "Enter User First Name: "
$LastName = read-host -Prompt "Enter User Last Name: "

# Password must be read from Console as Secure String to be applied.  If you're manipulate this to a Batch User process, you can use this one password as a default.  The Exchange New-Mailbox has the "Change Password at login" enabled by default

$TempPassword = read-host -AsSecureString -Prompt "Please Enter Temporary Password"

# SAM name will appear as Firstname.Lastname in Active Directory.   Adjust to meet your needs

$Sam=$FirstName+"."+$LastName

$max=$Sam.Length

#The SAM account cannot be greater than 20 characters.  You have to account for this.  A better functionn would stop query and say "Too big stupid" but this is my first time out

if ($max -gt 20) {$max=20}

$Sam=$Sam.Substring(0,$max)

# This is handy if your organization must have the names listed by Lastname, Firstname.  Exchange 2007 cannot do this natively (as least not that I have found)

$Name=$Lastname+", "+$FirstName
$DisplayName=$Lastname+", "+$FirstName

# User Alias Displaying as Firstname.Lastname

$Alias=$FirstName+"."+$LastName

# UPN will be your internal login ID.  Typically Alias@domain.local or Username@domain.com

$UPN=$FirstName+"."+$LastName+"@Contoso.local"

# UNC Pathname to a share where all user folders reside.  Path must exist.  Recommend adding $ to sharename to hide from User Browsing

$HomeDir='\\CONTOSOFILE\USERHOME$\'+$Alias

# Drive Letter assigned to \\CONTOSOFILE\USERHOME$\USERNAME Folder - Pick one

$HomeDrive='Z:'

# Generic inbound office line and format of User Phone Extension.  Display purposes only.   Could be prompted as well

$Phone='212-555-0000 x111'

# Your friendly neighbourhood ZIPCODE (or POSTALCODE if you're from Canada 'eh'?)

$PostalZip='90210'

# City the user works in.  If you have multiple offices, you could prompt this as well

$City='Toronto'

# Your State (no not Confusion, the one you live in) or Province for those 'Canadians' Again

$StateProv='Ontario'

# Address you work at

$Address='123 Sesame Street'

# Default web site

$Web='www.contosorocks.com'

# Company where you work at, or won't work at if your boss catches you spending too much time drooling over Powershell

$Company='Contoso Rocks Ltd'

# What location in the building?  typically floor X, Division Y, the back room behind the boxes

$Office='In the Basement with my stapler'

# A generic description for the user

$Description='New User'

# Job Description.  Carpet burner, box stacker, cable monkey

$JobTitle='New User Hired'

# What department.  Where you hiding?  Network Admins, Secretaries?

$Department='New Department Hire'

# Office Fax Number

$Fax='212-555-1234'

# The ending part of the domain @wherever.com @fabrikam.com etc etc

$ourdomain='@contoso.local'

# This first line is done within the Microsoft Exchange Management Shell from Exchange 2007.  I add it's ability to my Powershell with the command
# ADD-PSSNAPIN -name Microsoft.Exchange.Management.Powershell.Admin IF you have the Microsoft Exchange console on the computer running this script.  And you have Microsoft Exchange Server 2007 in the environment

New-Mailbox -Name $Name -Alias $Alias -OrganizationalUnit 'Contoso.local/Users' -UserPrincipalName $UPN -SamAccountName $SAM -FirstName $FirstName -Initials '' -LastName $LastName -Password $TempPassword -ResetPasswordOnNextLogon $true -Database 'CONTOSOEXCHANGE\First Storage Group\Mailbox Database'

# This command l

set-qaduser -identity $alias -homedirectory $HomeDir -homedrive $Homedrive -city $City -company $Company -department $Department -fax $Fax -office $Office -phonenumber $Phone -postalcode $PostalZip -stateorprovince $StateProv -streetaddress $Address -webpage $web -displayname $displayname -title $JobTitle

#http://www.powergui.org/thread.jspa?messageID=14099 Source post for creating OCS user with Powershell!  Thank you Powergui.ORG!
#
# Tips.  If you do have Office Communications Server or Live Comm and looking for the Variables used, Check an enabled user in Active Directory while in ADVANCED mode
# and choose the "Attribute Editor" tab.  You'll find them all down there.   If it doesn't say "Enabled" or contain a value?  Don't use it

$SIPHOMESERVER='CN=LC Services,CN=Microsoft,CN=CONTOSO-OCSSERVER,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=CONTOSO,DC=local'

$oa = @{'msRTCSIP-OptionFlags'=384; 'msRTCSIP-PrimaryHomeServer'=$SIPHOMESERVER; 'msRTCSIP-PrimaryUserAddress'=("sip:"+$alias+$ourdomain); 'msRTCSIP-UserEnabled'=$true }

Set-QADUser $Alias -oa $oa

#http://blogs.msdn.com/johan/archive/2008/10/01/powershell-editing-permissions-on-a-file-or-folder.aspx - Great reference on SETTING NTFS permissions with SET-ACL! Thumbs up!

#Make User Home Folder and Apply NTFS permissions - This was taken almost VERBATIM from the Blogpost.  I added in the $alias created from the FirstName Lastname to automatically populate a HomeFolder based upon the user name

$HomeFolderMasterDir='\\CONTOSOFILE\USERHOME$\'

new-item -path $HomeFolderMasterDir -name $Alias -type directory

$Foldername=$HomeFolderMasterDir+$Alias
$DomainUser='CONTOSO\'+$Alias

$ACL=Get-acl $Foldername
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($DomainUser,"FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $Foldername $Acl

--------------------------- End Script Here ---------------------------------------------------------

0 TrackBacks

Listed below are links to blogs that reference this entry: Powershell – Making a Supershell for Easier User Creation and Automation – Part 2.

TrackBack URL for this entry: http://www.energizedtech.com/cgi-sys/cgiwrap/jolyrogr/managed-mt/mt-tb.cgi/101

Leave a comment

Search