Create AD Users by Powershell
########################################################### #AUTHOR: Marius / Hican - http://www.hican.nl - @hicannl#DATE : 26-04-2012
#EDIT : 07-08-2014
#COMMENT : This script creates new Active Directory users,
#including different kind of properties, based
#on an input_create_ad_users.csv.
#VERSION : 1.3
###########################################################
#CHANGELOG
#Version 1.2: 15-04-2014 - Changed the code for better
#- Added better Error Handling and Reporting.
#- Changed input file with more logical headers.
#- Added functionality for account Enabled,
#PasswordNeverExpires, ProfilePath, ScriptPath,
#HomeDirectory and HomeDrive
#- Added the option to move every user to a different OU.
#Version 1.3: 08-07-2014
#- Added functionality for ProxyAddresses
#ERROR REPORTING ALL
Set-StrictMode -Version latest
#----------------------------------------------------------
#LOAD ASSEMBLIES AND MODULES
#----------------------------------------------------------
Try
{
Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
Write-Host "`t ActiveDirectory Module couldn't be loaded. Script will stop!"
Exit 1
}
#----------------------------------------------------------
#STATIC VARIABLES
#----------------------------------------------------------
$path = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath= $path + "\import_create_ad_users.csv"
$log = $path + "\create_ad_users.log"
$date = Get-Date
$addn = (Get-ADDomain).DistinguishedName
$dnsroot= (Get-ADDomain).DNSRoot
$i = 1
#----------------------------------------------------------
#START FUNCTIONS
#----------------------------------------------------------
Function Start-Commands
{
Create-Users
}
Function Create-Users
{
"Processing started (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
Import-CSV $newpath | ForEach-Object {
If (($_.Implement.ToLower()) -eq "yes")
{
If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
{
Write-Host "`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n"
"`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
}
Else
{
#Set the target OU
$location = $_.TargetOU + ",$($addn)"
#Set the Enabled and PasswordNeverExpires properties
If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
#A check for the country, because those were full names and need
#to be land codes in order for AD to accept them. I used Netherlands
#as example
If($_.Country -eq "Netherlands")
{
$_.Country = "NL"
}
Else
{
$_.Country = "EN"
}
#Replace dots / points (.) in names, because AD will error when a
#name ends with a dot (and it looks cleaner as well)
$replace = $_.Lastname.Replace(".","")
If($replace.length -lt 4)
{
$lastname = $replace
}
Else
{
$lastname = $replace.substring(0,4)
}
#Create sAMAccountName according to this 'naming convention':
# for example
#htehp
$sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
Catch { }
If(!$exists)
{
#Set all variables according to the table names in the Excel
#sheet / import CSV. The names can differ in every project, but
#if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
Try
{
Write-Host "`t Creating user : $($sam)"
"`t Creating user : $($sam)" | Out-File $log -append
New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
-Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
-Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail `
-StreetAddress $_.StreetAddress -City $_.City -State $_.State `
-PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
-Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
-Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager `
-profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory `
-homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires
Write-Host "`t Created new user : $($sam)"
"`t Created new user : $($sam)" | Out-File $log -append
$dn = (Get-ADUser $sam).DistinguishedName
#Set an ExtensionAttribute
If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
{
$ext = "LDAP://$dn"
$ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
Try { $ext.SetInfo() }
Catch { Write-Host "`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
}
#Set ProxyAdresses
Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop }
Catch { Write-Host "`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" }
#Move the user to the OU ($location) you set above. If you don't
#want to move the user(s) and just create them in the global Users
#OU, comment the string below
If (::Exists("LDAP://$($location)"))
{
Move-ADObject -Identity $dn -TargetPath $location
Write-Host "`t User $sam moved to target OU : $($location)"
"`t User $sam moved to target OU : $($location)" | Out-File $log -append
}
Else
{
Write-Host "`t Targeted OU couldn't be found. Newly created user wasn't moved!"
"`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
}
#Rename the object to a good looking name (otherwise you see
#the 'ugly' shortened sAMAccountNames as a name in AD. This
#can't be set right away (as sAMAccountName) due to the 20
#character restriction
$newdn = (Get-ADUser $sam).DistinguishedName
Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName)
Write-Host "`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
"`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
}
Catch
{
Write-Host "`t Oops, something went wrong: $($_.Exception.Message)`r`n"
}
}
Else
{
Write-Host "`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
"`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
}
}
}
Else
{
Write-Host "`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
"`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
}
$i++
}
"--------------------------------------------" + "`r`n" | Out-File $log -append
}
Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"
页:
[1]