Archive for the ‘Windows Server’ Category

Last year I attended a Server 2012 course with a few of my work colleagues and there was a tiny section on creating Active Directory accounts with PowerShell. This was demonstrated using the Active Directory PowerShell Module and the New-ADUser command with a csv. The basic premise was that you had a csv file with all the account details which the script read, creating the AD accounts.

This is great for a scenario where you have to create a lot of AD account all at once, but what about the on-going process of creatingnew AD accounts as users start with an organisation?

We had quite an arduous manual process to follow so I’ve expanded on that demo in the training lab to produce a script that suits our requirements and automates everything. The script does the following:

  1. Checks for the presence of the Active Directory module and imports it if required.
  2. Sets the Organisation Unit for the AD account to be created in.
  3.  Sets the variables that are needed to create the account such as username, first name, last name, password etc. There is a built in check to make sure that the username isn’t already in use. The script also sets     variables for a few attributes that we are using for exchange mailbox and billing purposes.
  4. Creates the AD account.
  5. Adds specified AD groups to the account.
  6. Prompts if additional services are required like an Exchange mailbox or Lync account.
  7. Creates the users home directory and then sets permissions. We have fairly specific home directory paths and share names so you will most likely need to play with this and alter to your requirements.

The part of the script that actually creates the account is quite small

New-ADUser -Name $dplname -SamAccountName $samname -DisplayName $dplname `
-givenname $givname -surname $surname -userprincipalname $upname -emailaddress $email `
-Path $targetou -Enabled $true -ChangePasswordAtLogon $true -Department $department `
-OtherAttributes @{‘departmentNumber’=”$departmentnumber”} -HomeDrive “M” -HomeDirectory $homedir `
-Description $description -Office $office -ScriptPath $loginscript -AccountPassword $password `

I have used some snippets of code from Source Forge and few other sites, credit to those that posted these sections, in particular, the PowerShell script to set share permissions on a folder.

The script has been saved as a word document to allow it to be uploaded. Just copy the text into a text file and rename it to a the ps1 file format.

USE THIS SCRIPT AT YOUR OWN RISK, this script should be altered as needed and fully tested in your lab environment before any use in a production environment.