Resources
PowerShell New-ADUser Variables
Prerequisites
- Logged into a DC or
- Have rset intsalled
Storing User Input Into Variables with PowerShell
36: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6744866?start=0
- Open PowerShell ISE
- Server Manager > Tools > Windows PowerShell ISE
- PowerShell > Script drop down (upper right corner next to ‘Script’ to show the editor
- # Store users name and password into variables
- $firstname = Read-Host -Prompt “Enter the user’s first name”
- $lastname = Read-Host -Prompt “Enter the user’s last name”
- $firstname = Read-Host -Prompt “Enter $firstname $lastname’s password”
- # Display the results
- echo “$firstname $lastname’s password is $password.”
- Run the script by clicking the green ‘Play’ button as shown below
EASY!
Creating Active Directory User Accounts with PowerShell Part 1
37: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7045012?start=0
Import the ActiveDirectory module.
- If not on a Domain Controller or do not have rsat installed, your script will fail.
# Import required modules Import-Module ActiveDirectory
Find the path and store it in a variable
- ServerManager > Tools > Active Directory Users and Computers
- View > Advanced Features
- Rclick the OU you wish to use > Properties
- Click the ‘Attribute Editor’ tab
- Double click ‘distinguishedName’ to access the value and copy it.
# Specify where to store the user account $OUpath = "OU=Domain Users,OU=thomasroberts.name,DC=thomasroberts,DC=name"
Convert the password into a secure string
# Convert the password to a secure string $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
Create the User Account
# Create the user account New-ADUser -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -UserPrincipalName "$firstname.$lastname" -Path $OUpath -AccountPassword $securePassword -ChangePasswordAtLogon $True -Enabled $True
Full Script to create a user
# Import Modules Import-Module ActiveDirectory # Store users name and password into variables $firstname = Read-Host -Prompt "Enter the user's first name" $lastname = Read-Host -Prompt "Enter the user's last name" $password = Read-Host -Prompt "Enter $firstname $lastname's password" # Display the results echo "$firstname $lastname's password is $password." # Specify where to store the user account $OUpath = "OU=Domain Users,OU=thomasroberts.name,DC=thomasroberts,DC=name" # Convert the password to a secure string $securePassword = ConvertTo-SecureString $password -AsPlainText -Force # Create the user account New-ADUser -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -UserPrincipalName "$firstname.$lastname" -Path $OUpath -AccountPassword $securePassword -ChangePasswordAtLogon $True -Enabled $True
Creating Active Directory User Accounts with PowerShell Part 2
38: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7044978?start=0
Add a While loop to add multiple users
$exit=""
while ($exit -ne 'q'){
...
$exit = Read-Host -Prompt "Enter more users? Enter 'q' to quit."
}
Saving a PowerShell Script
- Save to your desktop or where ever
- Locate the script and Rclick ‘Run with PowerShell”
- Execution Policy Change
- The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topc at http://blah.blah. Do you want to change the execution policy?
- [Y} Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”):
Creating Users Accounts from a CSV Spreadsheet with Powershell
39: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7069922?start=0
# Import Modules Import-Module ActiveDirectory # Get file path and read $filepath = Read-Host -Prompt "Please enter the CSV file path" $users = ImportCsv $filepath $securePassword = ConvertTo-SecureString "TempP@ssw0rd" -AsPlainText -Force # Loop through the users ForEach ($user in $users) # First line = column names # Note: if 'First Name' is stored at 'FirstName', no quotes required! $fname = $user.'First Name' $lname = $user.'Last Name' $jtitle = $user.'Job Title' $officephone = $user.'Office Phone' $emailaddress = $user.'Email Address' $description = $user.Description $OUpath = $user.'Organizational Unit' # Create the user account New-ADUser -Name "$fname $lname" -GivenName $fname -Surname $lname -UserPrincipalName "$fname.$lname" -Path $OUpath -AccountPassword $securePassword -ChangePasswordAtLogon $True -Enabled $True -OfficePhone $officephone -Description $description -EmailAddress $emailaddress # Display the results echo "User $fname $lame has been created." }
Expanding our Script for Users with Duplicate Names
# Import Modules
Import-Module ActiveDirectory
# Get file path and read
$filepath = Read-Host -Prompt "Please enter the CSV file path"
$users = ImportCsv $filepath
$securePassword = ConvertTo-SecureString "TempP@ssw0rd" -AsPlainText -Force
# Loop through the users
ForEach ($user in $users)
# Do this for each user
$acctNumber=verifyUsername($user.'First Name'+" "+$user.'Last Name')
$username=($user.'First Name'[0]+" "+$user.'Last Name' + $acctNumber
New-ADUser `
-Name ($user.'First Name'+" "+$user.'Last Name' + " " + $acctNumber) `
-GivenName $user.'First Name' `
-Surname $user.'Last Name' `
-UserPrincipalName $username `
-SamAccountName $username `
-AccountPassword (ConvertTO-SecureString "P@$$w0rd123") `
-Description $user.Description `
-EmailAddress $user."Email Address" `
-Title $user."Job Title" `
-OfficePhone $user."Office Phone" `
-Path $user."Organizational Unit" `
-ChangePasswordAtLogon 1 `
-Enabled ([System.Convert]::ToBoolian($user.Enabled))
}
function verifyUsername ($username) {
$i=1
if (usernameTaken($username) -eq $True) {
while (usernameTaken($username))
$i++
}
} else {
return ""
}
return $i
}
function usernameTaken ($username) {
$test1 = Get-ADUser -Filter { userPrinicpalName -eq $username }
$test2 = Get-ADUser -Filter { SamAccountName -eq $username }
If ($test1 -eq $Null -and $test2 -eq $Null){
return $False
} else {
return $True
}
}
# Import Modules
Import-Module ActiveDirectory
# Get file path and read
$filepath = Read-Host -Prompt "Please enter the CSV file path"
$users = ImportCsv $filepath
$securePassword = ConvertTo-SecureString "TempP@ssw0rd" -AsPlainText -Force
# Loop through the users
ForEach ($user in $users)
# Do this for each user
$acctNumber=verifyUsername($user.'First Name'+" "+$user.'Last Name')
$username=($user.'First Name'[0]+" "+$user.'Last Name' + $acctNumber
New-ADUser `
-Name ($user.'First Name'+" "+$user.'Last Name' + " " + $acctNumber) `
-GivenName $user.'First Name' `
-Surname $user.'Last Name' `
-UserPrincipalName $username `
-SamAccountName $username `
-AccountPassword (ConvertTO-SecureString "P@$$w0rd123") `
-Description $user.Description `
-EmailAddress $user."Email Address" `
-Title $user."Job Title" `
-OfficePhone $user."Office Phone" `
-Path $user."Organizational Unit" `
-ChangePasswordAtLogon 1 `
-Enabled ([System.Convert]::ToBoolian($user.Enabled))
}
function verifyUsername ($username) {
$i=1
if (usernameTaken($username) -eq $True) {
while (usernameTaken($username))
$i++
}
} else {
return ""
}
return $i
}
function usernameTaken ($username) {
$test1 = Get-ADUser -Filter { userPrinicpalName -eq $username }
$test2 = Get-ADUser -Filter { SamAccountName -eq $username }
If ($test1 -eq $Null -and $test2 -eq $Null){
return $False
} else {
return $True
}
}