Hello again,
I am grateful for all of the help I have received in the short time I have been apart of this community.
Today I am hoping that I can once again get assistance from the community to review my first attempt at an automation script for work.
I am hoping to get feedback on styling, logic, and additional features that would make sense.
One idea that I am thinking to implement when I get back to work on Monday is to check if the SamAccountName is already taken and if it is adding an additional letter from their first name until the name is available.
Any feedback is greatly appreciated. Thanks again!
function New-Employee {
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[String]$FullName,
[Parameter(Mandatory)]
[ValidateSet("Company1", "Company2", "Company3", "Company4", "Company5")]
[String]$Company,
[Parameter(Mandatory)]
[String]$JobTitle,
[Parameter(Mandatory)]
[ValidateSet("City1", "City2", "City3", "City4", "City5", "City6", "City7", "City8", "City9", "City10")]
[String]$LocationCity,
[Parameter(Mandatory)]
[String]$Supervisor
)
# Format and separate user information based on name and company
$FirstName = $FullName.Split(" ")[0]
$LastName = $FullName.Split(" ")[1]
$FirstInitalLastName = "$($FirstName[0])$($LastName)"
$UserName = $FirstInitalLastName
$Password = ConvertTo-SecureString -String "P4sSw0Rd" -AsPlainText -Force
if (($Company -eq "Company1") -or ($Company -eq "Company2")) {
$EmailAddress = "$($UserName)@$($Company)llc.com"
} else {
$EmailAddress = "$($UserName)@$($Company).com"
}
# Determine correct OU based on city and company
if ($LocationCity -in ("City1", "City2", "City3", "City4", "City5", "City6")) {
$Path = "OU=Users,OU=$($Company) - $($LocationCity),OU=$($LocationCity),OU=Western State,OU=State,DC=Company,DC=local"
} elseif ($LocationCity -in ("City7", "City8", "City9", "City10")) {
$Path = "OU=Users,OU=$($Company) - $($LocationCity),OU=$($LocationCity),OU=Eastern State,OU=State,DC=Company,DC=local"
}
# Find a user with the same position to copy permissions from
$SimilarUserSearch = Get-ADUser -Filter * -SearchBase $Path -Properties Description
foreach ($SimilarUser in $SimilarUserSearch) {
if ($SimilarUser.Description -eq $JobTitle) {
$Source = Get-ADUser -Identity $SimilarUser -Properties MemberOf
$SourceGroupsList = $Source.MemberOf
}
}
$NewUserParameterSet = @{
Name = $FullName
DisplayName = $FullName
GivenName = $FirstName
Surname = $LastName
SamAccountName = $UserName
UserPrincipalName = $UserName
AccountPassword = $Password
EmailAddress = $EmailAddress
Enabled = $True
ChangePasswordAtLogon = $True
Company = $Company
Description = $JobTitle
Path = $Path
Manager = $Supervisor
}
New-ADUser @NewUserParameterSet
# Copy permissions from similar user and enable dial-in
$User = Get-ADUser -Identity $UserName
$User | Set-ADUser -Replace @{msNPAllowDialIn=$true}
foreach ($Group in $SourceGroupsList) {
$ThisGroup = $Group.split(",")[0].split("=")[1]
Add-ADGroupMember -Identity $ThisGroup -Members $User
}
Sart-AdSyncSyncCycle -PolicyType Delta
$attempts = 0
do {
try {
$MsolAccount = Get-MsolUser -UserPrincipalName $EmailAddress -ErrorAction:Stop
$attempts++
} catch {
Start-Sleep -Seconds 300
}
} while ($null -eq $MsolAccount -and $attempts -le 6)
# Enable MFA
$StrongAuthenticationRequirement = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$StrongAuthenticationRequirement.RelyingParty = "*"
$StrongAuthenticationRequirement.State = "Enabled"
Set-MsolUser -UserPrincipalName $EmailAddress -StrongAuthenticationRequirements @($StrongAuthenticationRequirement) -UsageLocation "US"
# Assign Office 365 license
$E1Licenses = Get-MsolAccountSku | where {$_.AccountSkuID -eq "contoso:STANDARDPACK"}
$E1LicensesRemaining = $E1Licenses.ActiveUnits - $E1Licenses.ConsumedUnits
if ($E1LicensesRemaining -gt 0) {
Set-MsolUserLicense -UserPrincipalName $EmailAddress -AddLicenses "contoso:STANDARDPACK" -UsageLocation "US"
} else {
Throw "No available licenses remaining, purchase another license then assign it to this account manually."
}
}