Creating users
-
The current process in the organization is to take a template (literally just a user with a special name, settings and group memberships) and copy that to create a user. I'm thinking there has to be a better way. Is anyone out there using something that works as well or better?
-
-
I was hoping to get away from heaving 'dead' user accounts that serve no other purpose than being a template. Surely there is a better way?
-
You can try creating users by importing them from a csv file.
-
"WHEN A MAAAAN LOVES A WOMAN..."
-
You could probably waste a bunch of time creating an .hta with dropdowns and all kinds of things.
Or you could get HR to fill out a .csv with required fields and import that to create a user.
Easiest to keep things how they are. There's no harm in a user template in AD. It's fast and simple.
-
I've done it by PowerShell before. However, I have found that it's not very good at adding permissions to objects, such as files and folders. Otherwise, it creates the user with the correct username, template password, email, and prints out an onboarding sheet for the new employee. It asks you the basic questions and takes care of the rest for you.
-
Ansible and Salt have good methods for this if you wanted to go that route.
-
@Tim_G said in Creating users:
You could probably waste a bunch of time creating an .hta with dropdowns and all kinds of things.
Or you could get HR to fill out a .csv with required fields and import that to create a user.
Easiest to keep things how they are. There's no harm in a user template in AD. It's fast and simple.
And it sucks to have a whole bunch of template users. It's not efficient, in my view.
https://media.makeameme.org/created/i-was-getting-4qbs0x.jpg -
Try this out. It pops up with a command prompt to ask you a few questions to get started. Once the questions are answered, it takes care of most everything else. When it is done, it should spit out a piece of paper for you to give to the new employee with the information that they need.
I sterilized it so that you could use it in your company.
#Imports the AD & NTFS Modules (Module 1.02) Import-Module activedirectory Import-Module MSOnline #Sets Variables (Module 1.03) $fn #First Name $ln #Last Name $title $dep #Department $loc #Location $man #Manager $un #Username $officePhone $streetAdd $city $ZIP $fi #First Name Initial, will be used to figure out Username #Getting information (Module 1.04) Write-Host "I need some information from you first. Answer the following questions to get started." $fn = read-host "First Name?" $ln = Read-Host "Last Name?" $title = Read-Host "Title?" $dep = Read-Host "Department?" $man = Read-Host "Manager (Username)?" $loc = Read-Host "<location>?" #Finding out the Username (Module 1.05) $fi = $fn.Substring(0,1) $un = -join ($ln, $fi) #Sets Location information (Module 1.06) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.07) $officePhone = "(999) 999-9999"; $streetAdd = "123 Anywhere Drive"; $city = "YourTown"; $ZIP = "12345"; } Else { #If the user is in Loc2 (Module 1.08) $officePhone = "(987) 654-3210"; $streetAdd = "987 Nothere Blvd"; $city = "Somewhere Else"; $ZIP = "98765"; } #Sets Password (Module 1.09) $passwd = (Read-Host -AsSecureString "Account Password") $password = ConvertFrom-SecureString -SecureString $passwd $userParams = @{ #(Module 1.10) 'Name' = $un; 'Enabled' = $true; 'AccountPassword' = $passwd; 'UserPrincipalName' = -join ($un, "@mycompany.com"); 'SamAccountName' = $un; 'ChangePasswordAtLogon' = $false; 'GivenName' = $fn; 'Surname' = $ln; 'DisplayName' = -join ($fn, " ", $ln); 'Description' = $title; 'OfficePhone' = $officePhone; 'StreetAddress' = $streetAdd; 'City' = $city; 'State' = "Texas"; 'PostalCode' = $ZIP; 'Title' = $title; 'Department' = $dep; 'Company' = 'MyCompany'; 'Manager' = $man; } #Creates the user in AD (Module 1.11) New-ADUser @userParams #Wait for the account to be created before doing anything else (Module 1.12) Start-Sleep -Seconds 10 #Makes the user's network drive, scan folder, and sets the permissions to their folders and files (Module 1.13) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.14) New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un\" #Creates users scan folder } Else { #If the user is in Loc2 (Module 1.15) New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un" #Creates users scan folder } #Adds the user to the correct Security Group for permissions and other network drives if ($dep -eq "Accounting"){ #(Module 1.16) Add-ADGroupMember -Identity 'Accounting' -Members $un #(Module 1.17) } #Adds the user to the Accounting Group Elseif ($dep -eq "Customer Service") { #(Module 1.18) Add-ADGroupMember -Identity 'Customer Service' -Members $un #(Module 1.19) } #Adds the user to the Customer Service Group Elseif ($dep -eq "Executives") { #(Module 1.20) Add-ADGroupMember -Identity 'Executives' -Members $un #(Module 1.21) } #Adds the user to the Executives Group Elseif ($dep -eq "HR") { #(Module 1.22) Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.23) } #Adds the user to the Human Resources Group Elseif ($dep -eq "Human Resources") { #(Module 1.24) Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.25) } #Adds the user to the Human Resources Group Elseif ($dep -eq "IT") { #(Module 1.26) Add-ADGroupMember -Identity 'Domain Admins' -Members $un #(Module 1.27) } #Adds the user to the Domain Admins Group for IT Elseif ($dep -eq "Maintenance") { #(Module 1.28) Add-ADGroupMember -Identity 'MaintGroup' -Members $un #(Module 1.29) } #Adds the user to the Maintenance Group Elseif ($dep -eq "Production") { #(Module 1.30) Add-ADGroupMember -Identity 'Production' -Members $un #(Module 1.31) } #Adds the user to the Production GroupHR Elseif ($dep -eq "QA") { #(Module 1.32) Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.33) } #Adds the user to the QA Group Elseif ($dep -eq "Quality Assurance") { #(Module 1.34) Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.35) } #Adds the user to the QA Group Elseif ($dep -eq "Shipping") { #(Module 1.36) Add-ADGroupMember -Identity 'SHIP' -Members $un #(Module 1.37) } #Adds the user to the Shipping Group Else { #(Module 1.38) Add-ADGroupMember -Identity 'Domain Users' -Members $un #(Module 1.39) } #Dumps the user to the Domain Users Group $manfn = Get-ADUser $man -Properties Name | select Name #Gets the manager's name (Module 1.40) #Creates a report of the User's information $report = "Hello $fn $ln, From the IT Department, welcome to <MyCompany>. We are here to help you connect to the resources that you need for your job. If you need assistance with technology, please feel free to contact us at either the help page, which is set as your home page in Internet Explorer, email us at helpdesk@<MyCompany>.com, or call us at extension 4357. Below you will find your information so that you can login to the network and get started: Your username is domain\$un Your password is Your email address is $fn$ln@<MyCompany>.com Your phone number is $officePhone Ext. It is suggested that you change your password to something that you can remember but difficult enough that somebody else cannot figure out. The requirement is only 6 characters, but we do advise on making it longer, throw some numbers and special characters in there as well to make it stronger. Best advice would be to use a pass-PHRASE instead of a pass-WORD. Your computer should already be setup with your email loaded and your network drives. At <MyCompany>, we use Microsoft Outlook as the email client. Depending on what department you are in will depend on what drives you have available. Generally, everybody will have an F: drive and a G: drive. The F: drive is your network folder. Place in there the documents that you feel you cannot do your job without. In the F: drive will be a scan folder. When you go to the Xerox to scan in documents, then you will find them in your scan folder. The G: drive is a company-wide shared folder. As for your department drives, it would be best to talk with $($manfn.name), your supervisor/manager, about the nature and uses of these drives. The use of the equipment and resources provided are a privilege to you for use and should not be taken advantage of. There are measures set in place that allows us to manage the network. Do not assume that there is any personal privacy on this network. The only privacy that you can assume is for the nature of your work. All information (including emails, documents, spreadsheets, pictures, etc.) contained on the equipment provided and on the network is the sole property of Standard Meat Company. If you have problems with your equipment or network resources, please feel free to ask. We do not mind helping, but we cannot help if we do not know, so please ask! Sincerely, Your IT Department" if ($loc -eq "Loc1") { #(Module 1.43) Write-Output $report | Out-Printer } Else { #(Module 1.44) Write-Output $report | Out-Printer \\server\'Xerox WorkCentre 4260' } #Waiting for AD & Azure to Synchronize, which synchronizes every 30 minutes (Module 1.45) Write-host "Waiting..." Start-Sleep -Seconds 1800 #Connect to O365 and licenses the user Connect-MsolService #(Module 1.46) Set-MsolUserLicense -UserPrincipalName (-join($un,'@<MyCompany>.com')) -AddLicenses #(Module 1.47) #Connects to the Exchange box, creates the users email account, then disconnects from the Exchange box $mail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -AllowRedirection -Authentication Basic -Credential $cred #(Module 1.48-Part 1) Import-PSSession $mail -WarningAction SilentlyContinue | Out-Null #(Module 1.48-Part 2) enable-Mailbox -Identity $un -Alias $un -DisplayName (-join($fn,$ln)) #Creates the users mailbox (Module 1.49) IF ($dep -eq "Executives") { #(Module 1.50) Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 19.5GB -ProhibitSendReceiveQuota 20GB -IssueWarningQuota 19GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.51) } #If they are an executive, then they get 20 GB of mailbox space elseif ($dep -eq "IT") { #(Module 1.52) Set-Mailbox (-join($un,'@<MyCompany>.com')) #(Module 1.53) } #IT gets the full mailbox, of course else { #(Module 1.54) Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 9.5GB -ProhibitSendReceiveQuota 10GB -IssueWarningQuota 9GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.55) } #Otherwise, everybody else gets 10 GB of mailbox space Remove-PSSession -Session $mail #Disconnects from the Exchange box (Module 1.56) -
@NerdyDad said in Creating users:
Try this out. It pops up with a command prompt to ask you a few questions to get started. Once the questions are answered, it takes care of most everything else. When it is done, it should spit out a piece of paper for you to give to the new employee with the information that they need.
I sterilized it so that you could use it in your company.
#Imports the AD & NTFS Modules (Module 1.02) Import-Module activedirectory Import-Module MSOnline #Sets Variables (Module 1.03) $fn #First Name $ln #Last Name $title $dep #Department $loc #Location $man #Manager $un #Username $officePhone $streetAdd $city $ZIP $fi #First Name Initial, will be used to figure out Username #Getting information (Module 1.04) Write-Host "I need some information from you first. Answer the following questions to get started." $fn = read-host "First Name?" $ln = Read-Host "Last Name?" $title = Read-Host "Title?" $dep = Read-Host "Department?" $man = Read-Host "Manager (Username)?" $loc = Read-Host "<location>?" #Finding out the Username (Module 1.05) $fi = $fn.Substring(0,1) $un = -join ($ln, $fi) #Sets Location information (Module 1.06) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.07) $officePhone = "(999) 999-9999"; $streetAdd = "123 Anywhere Drive"; $city = "YourTown"; $ZIP = "12345"; } Else { #If the user is in Loc2 (Module 1.08) $officePhone = "(987) 654-3210"; $streetAdd = "987 Nothere Blvd"; $city = "Somewhere Else"; $ZIP = "98765"; } #Sets Password (Module 1.09) $passwd = (Read-Host -AsSecureString "Account Password") $password = ConvertFrom-SecureString -SecureString $passwd $userParams = @{ #(Module 1.10) 'Name' = $un; 'Enabled' = $true; 'AccountPassword' = $passwd; 'UserPrincipalName' = -join ($un, "@mycompany.com"); 'SamAccountName' = $un; 'ChangePasswordAtLogon' = $false; 'GivenName' = $fn; 'Surname' = $ln; 'DisplayName' = -join ($fn, " ", $ln); 'Description' = $title; 'OfficePhone' = $officePhone; 'StreetAddress' = $streetAdd; 'City' = $city; 'State' = "Texas"; 'PostalCode' = $ZIP; 'Title' = $title; 'Department' = $dep; 'Company' = 'MyCompany'; 'Manager' = $man; } #Creates the user in AD (Module 1.11) New-ADUser @userParams #Wait for the account to be created before doing anything else (Module 1.12) Start-Sleep -Seconds 10 #Makes the user's network drive, scan folder, and sets the permissions to their folders and files (Module 1.13) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.14) New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un\" #Creates users scan folder } Else { #If the user is in Loc2 (Module 1.15) New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un" #Creates users scan folder } #Adds the user to the correct Security Group for permissions and other network drives if ($dep -eq "Accounting"){ #(Module 1.16) Add-ADGroupMember -Identity 'Accounting' -Members $un #(Module 1.17) } #Adds the user to the Accounting Group Elseif ($dep -eq "Customer Service") { #(Module 1.18) Add-ADGroupMember -Identity 'Customer Service' -Members $un #(Module 1.19) } #Adds the user to the Customer Service Group Elseif ($dep -eq "Executives") { #(Module 1.20) Add-ADGroupMember -Identity 'Executives' -Members $un #(Module 1.21) } #Adds the user to the Executives Group Elseif ($dep -eq "HR") { #(Module 1.22) Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.23) } #Adds the user to the Human Resources Group Elseif ($dep -eq "Human Resources") { #(Module 1.24) Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.25) } #Adds the user to the Human Resources Group Elseif ($dep -eq "IT") { #(Module 1.26) Add-ADGroupMember -Identity 'Domain Admins' -Members $un #(Module 1.27) } #Adds the user to the Domain Admins Group for IT Elseif ($dep -eq "Maintenance") { #(Module 1.28) Add-ADGroupMember -Identity 'MaintGroup' -Members $un #(Module 1.29) } #Adds the user to the Maintenance Group Elseif ($dep -eq "Production") { #(Module 1.30) Add-ADGroupMember -Identity 'Production' -Members $un #(Module 1.31) } #Adds the user to the Production GroupHR Elseif ($dep -eq "QA") { #(Module 1.32) Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.33) } #Adds the user to the QA Group Elseif ($dep -eq "Quality Assurance") { #(Module 1.34) Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.35) } #Adds the user to the QA Group Elseif ($dep -eq "Shipping") { #(Module 1.36) Add-ADGroupMember -Identity 'SHIP' -Members $un #(Module 1.37) } #Adds the user to the Shipping Group Else { #(Module 1.38) Add-ADGroupMember -Identity 'Domain Users' -Members $un #(Module 1.39) } #Dumps the user to the Domain Users Group $manfn = Get-ADUser $man -Properties Name | select Name #Gets the manager's name (Module 1.40) #Creates a report of the User's information $report = "Hello $fn $ln, From the IT Department, welcome to <MyCompany>. We are here to help you connect to the resources that you need for your job. If you need assistance with technology, please feel free to contact us at either the help page, which is set as your home page in Internet Explorer, email us at helpdesk@<MyCompany>.com, or call us at extension 4357. Below you will find your information so that you can login to the network and get started: Your username is domain\$un Your password is Your email address is $fn$ln@<MyCompany>.com Your phone number is $officePhone Ext. It is suggested that you change your password to something that you can remember but difficult enough that somebody else cannot figure out. The requirement is only 6 characters, but we do advise on making it longer, throw some numbers and special characters in there as well to make it stronger. Best advice would be to use a pass-PHRASE instead of a pass-WORD. Your computer should already be setup with your email loaded and your network drives. At <MyCompany>, we use Microsoft Outlook as the email client. Depending on what department you are in will depend on what drives you have available. Generally, everybody will have an F: drive and a G: drive. The F: drive is your network folder. Place in there the documents that you feel you cannot do your job without. In the F: drive will be a scan folder. When you go to the Xerox to scan in documents, then you will find them in your scan folder. The G: drive is a company-wide shared folder. As for your department drives, it would be best to talk with $($manfn.name), your supervisor/manager, about the nature and uses of these drives. The use of the equipment and resources provided are a privilege to you for use and should not be taken advantage of. There are measures set in place that allows us to manage the network. Do not assume that there is any personal privacy on this network. The only privacy that you can assume is for the nature of your work. All information (including emails, documents, spreadsheets, pictures, etc.) contained on the equipment provided and on the network is the sole property of Standard Meat Company. If you have problems with your equipment or network resources, please feel free to ask. We do not mind helping, but we cannot help if we do not know, so please ask! Sincerely, Your IT Department" if ($loc -eq "Loc1") { #(Module 1.43) Write-Output $report | Out-Printer } Else { #(Module 1.44) Write-Output $report | Out-Printer \\server\'Xerox WorkCentre 4260' } #Waiting for AD & Azure to Synchronize, which synchronizes every 30 minutes (Module 1.45) Write-host "Waiting..." Start-Sleep -Seconds 1800 #Connect to O365 and licenses the user Connect-MsolService #(Module 1.46) Set-MsolUserLicense -UserPrincipalName (-join($un,'@<MyCompany>.com')) -AddLicenses #(Module 1.47) #Connects to the Exchange box, creates the users email account, then disconnects from the Exchange box $mail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -AllowRedirection -Authentication Basic -Credential $cred #(Module 1.48-Part 1) Import-PSSession $mail -WarningAction SilentlyContinue | Out-Null #(Module 1.48-Part 2) enable-Mailbox -Identity $un -Alias $un -DisplayName (-join($fn,$ln)) #Creates the users mailbox (Module 1.49) IF ($dep -eq "Executives") { #(Module 1.50) Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 19.5GB -ProhibitSendReceiveQuota 20GB -IssueWarningQuota 19GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.51) } #If they are an executive, then they get 20 GB of mailbox space elseif ($dep -eq "IT") { #(Module 1.52) Set-Mailbox (-join($un,'@<MyCompany>.com')) #(Module 1.53) } #IT gets the full mailbox, of course else { #(Module 1.54) Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 9.5GB -ProhibitSendReceiveQuota 10GB -IssueWarningQuota 9GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.55) } #Otherwise, everybody else gets 10 GB of mailbox space Remove-PSSession -Session $mail #Disconnects from the Exchange box (Module 1.56)This looks amazing and I can't wait to get it edited and try it out.
-
@Grey you aren't the only one
-
Here is another copy of the same code, but for a local exchange box instead of O365.
#Imports the AD Import-Module activedirectory #Sets Variables $fn #First Name $ln #Last Name $title $dep #Department $loc #Location $man #Manager $un #Username $officePhone $streetAdd $city $ZIP $fi #First Name Initial, will be used to figure out Username #Getting information $fn = read-host "First Name?" $ln = Read-Host "Last Name?" $title = Read-Host "Title?" $dep = Read-Host "Department?" $man = Read-Host "Manager (Username)?" $loc = Read-Host "Loc1 or Loc2?" #Finding out the Username $fi = $fn.Substring(0,1) $un = -join ($ln, $fi) #Sets Location information (Module 1.06) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.07) $officePhone = "(999) 999-9999"; $streetAdd = "123 Anywhere Drive"; $city = "YourTown"; $ZIP = "12345"; } Else { #If the user is in Loc2 (Module 1.08) $officePhone = "(987) 654-3210"; $streetAdd = "987 Nothere Blvd"; $city = "Somewhere Else"; $ZIP = "98765"; } #Sets Password $passwd = (Read-Host -AsSecureString "Account Password") $password = ConvertFrom-SecureString -SecureString $passwd $userParams = @{ 'Name' = $un; 'Enabled' = $true; 'AccountPassword' = $passwd; 'UserPrincipalName' = -join ($un, "@smc.com"); 'SamAccountName' = $un; 'ChangePasswordAtLogon' = $false; 'GivenName' = $fn; 'Surname' = $ln; 'DisplayName' = -join ($fn," ",$ln); 'Description' = $title; 'OfficePhone' = $officePhone; 'StreetAddress' = $streetAdd; 'City' = $city; 'State' = "Texas"; 'PostalCode' = $ZIP; 'Title' = $title; 'Department' = $dep; 'Company' = 'Standard Meat Company'; 'Manager' = $man; } #Creates the user in AD New-ADUser @userParams #Wait for the account to be created before doing anything else Start-Sleep -Seconds 10 #Makes the user's network drive, scan folder, and sets the permissions to their folders and files if ($loc -eq "Loc1") { #If the user is in Loc1 New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un\" #Creates users scan folder } Else { #If the user is in Loc2 New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un" #Creates users scan folder } #Adds the user to the correct Security Group for permissions and other network drives if ($dep -eq "Accounting"){ Add-ADGroupMember -Identity 'Accounting' -Members $un } #Adds the user to the Accounting Group Elseif ($dep -eq "Customer Service") { Add-ADGroupMember -Identity 'Customer Service' -Members $un } #Adds the user to the Customer Service Group Elseif ($dep -eq "HR") { Add-ADGroupMember -Identity 'Human Resources' -Members $un } #Adds the user to the Human Resources Group Elseif ($dep -eq "Human Resources") { Add-ADGroupMember -Identity 'Human Resources' -Members $un } #Adds the user to the Human Resources Group Elseif ($dep -eq "IT") { Add-ADGroupMember -Identity 'Domain Admins' -Members $un } #Adds the user to the Domain Admins Group for IT Elseif ($dep -eq "Maintenance") { Add-ADGroupMember -Identity 'MaintGroup' -Members $un } #Adds the user to the Maintenance Group Elseif ($dep -eq "Production") { Add-ADGroupMember -Identity 'Production' -Members $un } #Adds the user to the Production Group Elseif ($dep -eq "QA") { Add-ADGroupMember -Identity 'QA Group' -Members $un } #Adds the user to the QA Group Elseif ($dep -eq "Quality Assurance") { Add-ADGroupMember -Identity 'QA Group' -Members $un } #Adds the user to the QA Group Elseif ($dep -eq "Shipping") { Add-ADGroupMember -Identity 'SHIP' -Members $un } #Adds the user to the Shipping Group Else { Add-ADGroupMember -Identity 'Domain Users' -Members $un } #Dumps the user to the Domain Users Group #Connects to the Exchange box, creates the users email account, then disconnects from the Exchange box $mail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<exchange>/powershell -name <exchange> -Authentication Kerberos -Credential $cred Import-PSSession $mail -WarningAction SilentlyContinue | Out-Null enable-Mailbox -Identity $un -Alias $un -DisplayName (-join($fn,$ln)) #Creates the users mailbox Remove-PSSession -Session $mail #Disconnects from the Exchange box $manfn = Get-ADUser $man -Properties GivenName | select GivenName #Gets the managers first name $manln = Get-ADUser $man -Properties SurName | select SurName #Gets the managers last name #Create a report of the User's information $report = "Hello $fn $ln, From the IT Department, welcome to <MyCompany>. We are here to help you connect to the resources that you need for your job. If you need assistance with technology, please feel free to contact us at either the help page, which is set as your home page in Internet Explorer, email us at [email protected], or call us at extension 4357. Below you will find your information so that you can login to the network and get started: Your username is smc\$un Your password is Your email address is $fn$ln@<MyCompany>.com Your phone number is $officePhone Ext. It is suggested that you change your password to something that you can remember but difficult enough that somebody else cannot figure out. The requirement is only 6 characters, but we do advise on making it longer, throw some numbers and special characters in there as well to make it stronger. Best advice would be to use a pass-PHRASE instead of a pass-WORD. Your computer should already be setup with your email loaded and your network drives. At Standard Meat, we use Microsoft Outlook as the email client. Depending on what department you are in will depend on what drives you have available. Generally, everybody will have an F: drive and a G: drive. The F: drive is your network folder. Place in there the documents that you feel you cannot do your job without. In the F: drive will be a scan folder. When you go to the Xerox to scan in documents, then you will find them in your scan folder. The G: drive is a company-wide shared folder. As for your department drives, it would be best to talk with $($manfn.name), your supervisor/manager about the nature and uses of these drives. The use of the equipment and resources provided are a privilege to you for use and should not be taken advantage of. There are measures set in place that allows us to manage the network. Do not assume that there is any personal privacy on this network. The only privacy that you can assume is for the nature of your work. All information (including emails, documents, spreadsheets, pictures, etc.) contained on the equipment provided and on the network is the sole property of Standard Meat Company. If you have problems with your equipment or network resources, please feel free to ask. We do not mind helping, but we cannot help if we do not know, so please ask! Sincerely, Your IT Department" if ($loc -eq "Loc1") { Write-Output $report | Out-Printer \\server\Printer } Else { Write-Output $report | Out-Printer \\server\Printer } -
@NerdyDad said in Creating users:
Here is another copy of the same code, but for a local exchange box instead of O365.
#Imports the AD Import-Module activedirectory #Sets Variables $fn #First Name $ln #Last Name $title $dep #Department $loc #Location $man #Manager $un #Username $officePhone $streetAdd $city $ZIP $fi #First Name Initial, will be used to figure out Username #Getting information $fn = read-host "First Name?" $ln = Read-Host "Last Name?" $title = Read-Host "Title?" $dep = Read-Host "Department?" $man = Read-Host "Manager (Username)?" $loc = Read-Host "Loc1 or Loc2?" #Finding out the Username $fi = $fn.Substring(0,1) $un = -join ($ln, $fi) #Sets Location information (Module 1.06) if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.07) $officePhone = "(999) 999-9999"; $streetAdd = "123 Anywhere Drive"; $city = "YourTown"; $ZIP = "12345"; } Else { #If the user is in Loc2 (Module 1.08) $officePhone = "(987) 654-3210"; $streetAdd = "987 Nothere Blvd"; $city = "Somewhere Else"; $ZIP = "98765"; } #Sets Password $passwd = (Read-Host -AsSecureString "Account Password") $password = ConvertFrom-SecureString -SecureString $passwd $userParams = @{ 'Name' = $un; 'Enabled' = $true; 'AccountPassword' = $passwd; 'UserPrincipalName' = -join ($un, "@smc.com"); 'SamAccountName' = $un; 'ChangePasswordAtLogon' = $false; 'GivenName' = $fn; 'Surname' = $ln; 'DisplayName' = -join ($fn," ",$ln); 'Description' = $title; 'OfficePhone' = $officePhone; 'StreetAddress' = $streetAdd; 'City' = $city; 'State' = "Texas"; 'PostalCode' = $ZIP; 'Title' = $title; 'Department' = $dep; 'Company' = 'Standard Meat Company'; 'Manager' = $man; } #Creates the user in AD New-ADUser @userParams #Wait for the account to be created before doing anything else Start-Sleep -Seconds 10 #Makes the user's network drive, scan folder, and sets the permissions to their folders and files if ($loc -eq "Loc1") { #If the user is in Loc1 New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un\" #Creates users scan folder } Else { #If the user is in Loc2 New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive New-Item -Name scans -ItemType directory -Path "\\server\folder\$un" #Creates users scan folder } #Adds the user to the correct Security Group for permissions and other network drives if ($dep -eq "Accounting"){ Add-ADGroupMember -Identity 'Accounting' -Members $un } #Adds the user to the Accounting Group Elseif ($dep -eq "Customer Service") { Add-ADGroupMember -Identity 'Customer Service' -Members $un } #Adds the user to the Customer Service Group Elseif ($dep -eq "HR") { Add-ADGroupMember -Identity 'Human Resources' -Members $un } #Adds the user to the Human Resources Group Elseif ($dep -eq "Human Resources") { Add-ADGroupMember -Identity 'Human Resources' -Members $un } #Adds the user to the Human Resources Group Elseif ($dep -eq "IT") { Add-ADGroupMember -Identity 'Domain Admins' -Members $un } #Adds the user to the Domain Admins Group for IT Elseif ($dep -eq "Maintenance") { Add-ADGroupMember -Identity 'MaintGroup' -Members $un } #Adds the user to the Maintenance Group Elseif ($dep -eq "Production") { Add-ADGroupMember -Identity 'Production' -Members $un } #Adds the user to the Production Group Elseif ($dep -eq "QA") { Add-ADGroupMember -Identity 'QA Group' -Members $un } #Adds the user to the QA Group Elseif ($dep -eq "Quality Assurance") { Add-ADGroupMember -Identity 'QA Group' -Members $un } #Adds the user to the QA Group Elseif ($dep -eq "Shipping") { Add-ADGroupMember -Identity 'SHIP' -Members $un } #Adds the user to the Shipping Group Else { Add-ADGroupMember -Identity 'Domain Users' -Members $un } #Dumps the user to the Domain Users Group #Connects to the Exchange box, creates the users email account, then disconnects from the Exchange box $mail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<exchange>/powershell -name <exchange> -Authentication Kerberos -Credential $cred Import-PSSession $mail -WarningAction SilentlyContinue | Out-Null enable-Mailbox -Identity $un -Alias $un -DisplayName (-join($fn,$ln)) #Creates the users mailbox Remove-PSSession -Session $mail #Disconnects from the Exchange box $manfn = Get-ADUser $man -Properties GivenName | select GivenName #Gets the managers first name $manln = Get-ADUser $man -Properties SurName | select SurName #Gets the managers last name #Create a report of the User's information $report = "Hello $fn $ln, From the IT Department, welcome to <MyCompany>. We are here to help you connect to the resources that you need for your job. If you need assistance with technology, please feel free to contact us at either the help page, which is set as your home page in Internet Explorer, email us at [email protected], or call us at extension 4357. Below you will find your information so that you can login to the network and get started: Your username is smc\$un Your password is Your email address is $fn$ln@<MyCompany>.com Your phone number is $officePhone Ext. It is suggested that you change your password to something that you can remember but difficult enough that somebody else cannot figure out. The requirement is only 6 characters, but we do advise on making it longer, throw some numbers and special characters in there as well to make it stronger. Best advice would be to use a pass-PHRASE instead of a pass-WORD. Your computer should already be setup with your email loaded and your network drives. At Standard Meat, we use Microsoft Outlook as the email client. Depending on what department you are in will depend on what drives you have available. Generally, everybody will have an F: drive and a G: drive. The F: drive is your network folder. Place in there the documents that you feel you cannot do your job without. In the F: drive will be a scan folder. When you go to the Xerox to scan in documents, then you will find them in your scan folder. The G: drive is a company-wide shared folder. As for your department drives, it would be best to talk with $($manfn.name), your supervisor/manager about the nature and uses of these drives. The use of the equipment and resources provided are a privilege to you for use and should not be taken advantage of. There are measures set in place that allows us to manage the network. Do not assume that there is any personal privacy on this network. The only privacy that you can assume is for the nature of your work. All information (including emails, documents, spreadsheets, pictures, etc.) contained on the equipment provided and on the network is the sole property of Standard Meat Company. If you have problems with your equipment or network resources, please feel free to ask. We do not mind helping, but we cannot help if we do not know, so please ask! Sincerely, Your IT Department" if ($loc -eq "Loc1") { Write-Output $report | Out-Printer \\server\Printer } Else { Write-Output $report | Out-Printer \\server\Printer }You just won the Internet for me today
-
@NerdyDad
Thank you for the sharing your scripts. -
@black3dynamite said in Creating users:
@NerdyDad
Thank you for the sharing your scripts.Not a problem. I am looking to expand my PS skills. If anybody has any requests, I'd do my best to get something out for you.
-
@NerdyDad MIND.....BLOWN!
-
I have 2 users starting next week, might have to use your script @NerdyDad
I usually just use the Copy User function in ADUC then fill out the name, make adjustments to group membership.
That looks essentially like the Copy User option from ADUC, but in PS, and it makes folders and such too.
I wonder though, are users able to answer these questions about themselves? -
@momurda said in Creating users:
I have 2 users starting next week, might have to use your script @NerdyDad
I usually just use the Copy User function in ADUC then fill out the name, make adjustments to group membership.
That looks essentially like the Copy User option from ADUC, but in PS, and it makes folders and such too.
I wonder though, are users able to answer these questions about themselves?Unfortunately not because the user running the script has to be a domain admin in order to create the new user, add to groups create mailboxes, etc.
-
Full disclosure: It can create folders within network shares. I had to go through the drive (ex c$) in order to create the proper folder. However, I have not yet been able to add permissions to the folders via the script. I've always had to go back and add permissions later on. There is an NTFS add-on module that a third-party individual has written and put out there, but I was never able to get it to working properly.
