Bulk AD User creation Powershell Script
As a follow up, I want to post of one of my most recent scripts. This script is used to do bulk AD user creation.
My company has been growing rapidly and it takes up a lot of my time when creating and setting up new employee accounts and mailboxes. I recently spent some time writing a script to automate this process. This script takes a CSV file that has been filled out by HR with the new employee's name and other information. It imports that information into Active Directory and creates a user profile.
Our hiring managers often include in the service ticket the name of an employee who would have the same rights/permissions/and memberships as the new employee. So to simplify things, I put in my CSV file a column that is the "User to Copy". This tells the script to copy that user's profile/OU/memberof details and apply them to the new user.
Once created, the script then starts a remote session into our On-prem Exchange Server, sets up a mailbox and links it to the newly created user. This script saves me at least 10 to 15 minutes per user.
I need to take some time to fine tune this script. For starters, I need to take some time to learn how to parse the info in the CSV file so that I don't need as many columns with duplicate information. Second, The script requires that credentials be entered for each user. The script terminates the remote session after creating and linking each mailbox. I'm sure its an easy fix and probably has to do with where the terminate remote session command is placed in the script. A security measure I want to impliment would be to come up with a better way to generate first time passwords.
Anyways, here is the script and a screenshot of the CSV file I use.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | # Import active directory module for running AD cmdlets Import-Module activedirectory #Store the data from ADUsers.csv in the $ADUsers variable $ADUsers = Import-csv '\\server\AlexG\bulk_users1.csv' #Loop through each row containing user details in the CSV file foreach ($User in $ADUsers) { #Read user data from each field in each row and assign the data to a variable as below $Usertocopy = $User.usertocopy $Name = $User.name $Username = $User.username $Password = $User.password $Firstname = $User.firstname $Lastname = $User.lastname $path = (Get-AdUser $Usertocopy).distinguishedName.Split(',',2)[1] $email = $User.email $streetaddress = $User.streetaddress $city = $User.city $zipcode = $User.zipcode $state = $User.state $jobtitle = $User.jobtitle $department = $User.department $Password = $User.Password #Check to see if the user already exists in AD if (Get-ADUser -F {SamAccountName -eq $Username}) { #If user does exist, give a warning Write-Warning "A user account with username $Username already exist in Active Directory." } else { #User does not exist then proceed to create the new user account #Account will be created in the OU provided by the $OU variable read from the CSV file New-ADUser -name $Name -SamAccountName $Username -UserPrincipalName "$Username@AlexG.com" -GivenName $Firstname -Surname $Lastname -Enabled $True -DisplayName $name -Path $Path -l $city -Office $city -State $state -StreetAddress $streetaddress -EmailAddress $email -Title $jobtitle -Department $department -AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True #the script sleeps for a few seconds allowing for the account to be created. The script moved to fast without this and would throw an error saying that the user was not present to do the next step Start-Sleep -Seconds 5 #get the properties of the user we wont to copy and the new user and assigne them to variables $MemberofCopy = Get-ADUser $Usertocopy -prop MemberOf $MemberofNewUser = Get-ADUser $Username -prop MemberOf #apply the properties on the user we want to copy to the new user. $MemberofCopy.MemberOf | Where{$MemberofNewUser.MemberOf -notcontains $_} | Add-ADGroupMember -Members $MemberofNewUser Start-Sleep -Seconds 3 #prompts for credentials $Usercredential = Get-Credential #starts a remote session into the Exchange server $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://MAILSERVER.AlexG.local/Powershell -Authentication Kerberos -Credential $Usercredntial Import-PSSession $Session -DisableNameChecking -AllowClobber #enables a mailbox for the new user and then closes out the session Enable-Mailbox -Identity $Username -Database "ExchangeDB01" Remove-PSSession -session $Session } } |
Comments
Post a Comment