PowerShell for Sysadmins by Adam Bertram

Author:Adam Bertram
Language: eng
Format: epub, azw3
Publisher: No Starch Press
Published: 2020-02-05T16:00:00+00:00

Create and assign the user a random password

Force the user to change their password at logon

Set the department attribute based on the department given

Assign the user an internal employee number

Next, add the user account to a group with the same name as the department. Finally, add the user account into an organizational unit with the same name as the department the employee is in.

Now, with these requirements laid out, let’s build the script. The finished script will be called New-Employee.ps1 and is available in the book’s resources.

You want this to be a reusable script. Ideally, anytime you have a new employee, you can use the script. This means you need to figure out a smart way to handle the inputs to the script. By looking at the requirements, you know you’ll need a first name, a last name, a department, and an employee number. Listing 11-7 provides a script outline with all parameters defined and a try/catch block to catch any terminating errors you may encounter. The #requires statement is set at the top to ensure that whenever this script is run, it checks to see that the machine has the ActiveDirectory module installed.

#requires -Module ActiveDirectory [CmdletBinding()] param ( [Parameter(Mandatory)] [string]$FirstName, [Parameter(Mandatory)] [string]$LastName, [Parameter(Mandatory)] [string]$Department, [Parameter(Mandatory)] [int]$EmployeeNumber ) try { } catch { Write-Error -Message $_.Exception.Message }

Listing 11-7: Base New-Employee.ps1 script

Now that you created the base, let’s fill out the try block.

First, you need to create an AD user according to the requirements laid out in our informal definition. You have to dynamically create a username. There are several ways to do this: some organizations prefer the username to be the first initial and the last name, some prefer first name and last name, and some do something else entirely. Let’s say your company uses first initial and last name. If that username is taken, the next character in the first name is added until a unique username is found.

Let’s handle the base case first. You’ll use the built-in Substring method on every string object to get the first initial. You’ll then concatenate the last name to the first initial. You’ll do this by using string formatting, which allows you to define placeholders for multiple expressions in a string and replace the placeholders with values at runtime, like so:

$userName = '{0}{1}' -f $FirstName.Substring(0, 1), $LastName

After you create the initial username, you need to query AD to see whether this username is already taken by using Get-ADUser.

Get-ADUser -Filter "samAccountName -eq '$userName'"

If this command returns anything, the username is taken, and you need to try the next username. This means you need to figure out a way to dynamically generate new names, always being prepared for the possibility that the new username is taken. A good way to check for various usernames is a while loop conditioned on your previous call to Get-ADUser. But you’ll need another condition to account for what happens if you run out of letters in the first name. You don’t want the

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.