« Posts under Powershell

PowerShell: Creating & configuring a Active Directory user

July 4, 2011 / posted in Powershell, Programming, System Administration / No Comments

This is a very bare bones PowerShell script for creating new users in Active Directory environment.

It can save huge amounts of time if you’re creating large numbers of new users as you can pipe values into the function like:

$firstNames = @("John","Jane")
$lastNames = @("Smith","Doe")

for ($i = 0; $i -lt $firstNames.Count; $i++) {
        Add-ADUser -FirstName $firstNames[$i] -LastName $lastNames[$i]
}

This basic skeleton can be changed to:

  • Have a different Login naming convention
  • Add more default groups
  • Add checks to change login names if it already exists

This will work with PowerShell version 1 and upwards.

If you have any questions, ask away in the comments section!

function Add-ADUser ($FirstName, $LastName) {

	$logon = $lastName + $firstName.subString(0,1)

	$domain = "DC=domainName,DC=com"

	# Bind to Users a particular OU
	$ou = [ADSI]"LDAP://OU=Users,$domain"

	# Create new user in AD
	$newUser = $ou.Create("user","CN=$lastName $firstName")

	# Bind common Mememberships
	$allUsers = [ADSI]"LDAP://CN=AllUsers,OU=Recipients,$domain"

	$groups = @($allUsers)

	# Modify new users details
	$newUser.put("sAMAccountName",$logon)
	$newUser.put("givenName",$firstName)
	$newUser.put("sn",$lastName)
	$newUser.put("DisplayName","$lastName $firstName")
	$newUser.put("userPrincipalName", $logon + "@domain.com")
	$newUser.put("profilePath","\\domainController\profiles\$logon")
	$newUser.SetInfo()

	$newUser.put("userAccountControl","512")
	$newUser.SetInfo()

	$newUser.psbase.Invoke("SetPassword","Password1")
	$newUser.psbase.CommitChanges()

	# Add user to required memberships

	foreach ($group in $groups) {
		$members = $group.member
		$group.member = $members + $newUser.distinguishedName
		$group.setInfo()
	}

        # Optional code for creating a Exchange Mailbox for the newly created user
	Enable-Mailbox -Identity "domain\$logon" `
		-Database "exchangeServer\Storage Group\Mailbox Database"
}

Powershell: Auditing Active Directory group

July 1, 2011 / posted in Powershell, Programming, System Administration / No Comments

This is a bare bones Powershell script that is used for outputting the members of a Active Directory group, as well as the Managed By user.

You can pipe this to get a print out of multiple groups by doing:

“Group1″,”Group2″,”Group3″ | ForEach-Object { Audit-ADGroup -Group $_ }

This basic skeleton can be changed to work with:

  • A different LDAP / OU Structure
  • Output the groups in a more meaningful way
  • Add check to see if group exists

Add a comment if you have any questions or suggestions as to how you would improve this!

function Audit-ADGroup {
        param (
                [Parameter(mandatory=$true,Position=0)][ValidateNotNullOrEmpty()]
                [String]$Group
        )

        $grp = [ADSI]"LDAP://CN=$Group,OU=SomeOU,DC=SomeDomain,DC=com"

        [String]$managedBy = $grp.ManagedBy
        Write-Host "$Group " + $managedBy.Split(",")[0].Replace("CN=",""))

        $members = New-Object System.Collections.ArrayList

        foreach ($g in $grp.member) {
                $members.Add($g.Split(",")[0].Replace("CN=",""))
        }

        $members.Sort()

        $members | ForEach-Object {
                Write-Host $_
        }
}