Hi all, this is my first PowerShell script. The purpose is to use a CSV file to speed up and improve accuracy of single and multiple user account creations for a client.
Here is the script.
# Import Modules for Active Directory and to sync to 365
Import-Module ActiveDirectory
Import-Module DirSync
# Prompt for CSV path
$csvfilepath = Read-Host -Prompt "Please enter the path to the CSV file"
# Import the file into a variable
$users = Import-Csv $csvfilepath
# Pass through the file to gather information
foreach ($user in $users){
# Define user information variables
$FNAME = $user.'First Name'
$LNAME = $user.'Last Name'
$DN = $user.'First Name' + " " + $user.'Last Name'
$UN = $user.'First Name' + "." + $user.'Last Name'
$SP = $user.'ScriptPath'
$OU = $user.'OU Path'
#Create password
$PW = $user.Password | ConvertTo-SecureString -AsPlainText -Force
# Create the AD
New-ADUser -Name $DN -GivenName $FNAME -Surname $LNAME -DisplayName $DN -UserPrincipalName $UN@domain.co.uk -SAMAccountName $UN -EmailAddress $UN@domain.co.uk -Path $OU -AccountPassword $PW -ChangePasswordAtLogon $True -Enabled $True -ScriptPath $SP -OtherAttributes @{proxyAddresses="SMTP:$UN@domain.co.uk","smtp:$UN@domain.onmicrosoft.com"}
# Output
echo "Account created $UPN in $OU"
}
# Command to sync to 365
Start-OnlineCoexistenceSync
There are a couple of things I am struggling with however.
Because the client is synced to 365 I need to populate the proxyAddresses and targetAddress attribute fields. I’ve managed to get the proxyAddresses to work but I am not sure how to add the targetAddress as well.
Another thing I need assistance with is being able to specify AD groups for the users in question. For example, User 1 needs to be a member of; All Users, Department 1 Share, Allow Removable USB Devices. And User 2; All Users, Department 1 Share
For the group memberships, add logic based on attributes such as department, division or title. You could also add a column to the CSV with True/False values for non-attribute groups (like the USB drive group you mentioned). For example, the column ‘AllowUSB’ has TRUE for User1 and FALSE for User2. Then use a switch or if/else statement to handle the logic to add to the group. The same would go for a department group: if department equals “Department 1”, add to the appropriate department group(s).
Firstly, welcome to the PowerShell world, and good job on your first attempt.
However, FYI… a quick way to get a script written for you (even with zero knowledge of PowerShell) is to use the tools provided by Microsoft before running at it from scratch.
In Windows Server 2008 R2 and higher, there is a management console called, ADAC (Active Directory Administrative Center).
You click through the steps to do X action, it writes the script for you that you can use as is or ()copy and paste into the PowerShell ISE, VSCode, or editor of your choice tweak for your use case.