Interactive PowerShell 4.0 Script Automates Active Directory User and Mailbox Creation.

Posted on January 14, 2015 by jbernec

In line with the objective of streamlining and automating new employee/user creation process for help desk/level 1 support, I wrote the following PowerShell script to help precisely define the steps in the process, further reduce the chance for human error and cut down time to finish the task.

The interactive PowerShell script accepts user input for three (3) required string parameters, the first name, last name and department. The department is selected from a GUI drop down list box. The script checks to see if the user already exists.If so, the script stops and sends a message to the console. The Active Directory account is created in a specific organizational unit based on the department selection, the account is mailbox enabled and email notification is sent to the team.

This script is an update to an earlier script. It’s designed to create one user at a time for an environment that only sets up one or two new users maybe once a week. It can be easily edited to accept multiple user values from a text file.

Requirements for the script to work are as follows:

a) RSAT for Windows 8.1 or Windows 7 (Remote Server Administration Tools).
b) Active Directory module ( Auto loaded in Win 8.1 and Win 10).
c) Delegate user creation tasks to a help desk Active Directory security group.

The script could be run remotely after uploading to a shared directory accessible to specific users or AD security group as indicated in the following screen shot:

user00

user01

 

function New-Employee {

[CmdletBinding()]
Param (
$adforest = ((Get-ADDomain).forest | Out-String),
[Parameter(Mandatory=$True,Position=0)][ValidateNotNullOrEmpty()][string]$GivenName,
[string]$firstName1 = $GivenName.trim(" ",".",","),
[string]$firstname = (Get-Culture).TextInfo.ToTitleCase($firstname1),
[Parameter(Mandatory=$True)] [ValidateNotNullOrEmpty()][string]$Surname,
[string]$lastname1 = $Surname.trim(" ",".",","),
[string]$lastname = (Get-Culture).TextInfo.ToTitleCase($lastname1),
$path = ("\\labtarget\Scripts\Departments.txt"),
$userPrincipalName = "$firstname" + "$lastname" + "@" + $adforest,
$name = "$firstName" +" " + "$lastName",
$sam = "$firstname" + "$lastname",
$alias = "$firstname" + "$lastname",
$initialpassword = 'test1234',
$FromEmailAddress = "alerts@labnet.net",
$ToEmailAddress = "infrastructure@labnet.net",
$smtpserver = "exch00.labnet.net",
$connectionuri = "http://exch00/powershell"

)

$path = ("\\labtarget\Scripts\Departmentsdropdown.txt")
$departmentlist = Get-Content -Path $path

[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")

$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Select a Department"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"

$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$x=$objListBox.SelectedItem;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})

$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$objListBox.SelectedItem;$objForm.Close()})
$objForm.Controls.Add($OKButton)

$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click({$objForm.Close()})
$objForm.Controls.Add($CancelButton)

$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please select a department:"
$objForm.Controls.Add($objLabel)

$objListBox = New-Object System.Windows.Forms.ListBox
$objListBox.Location = New-Object System.Drawing.Size(10,40)
$objListBox.Size = New-Object System.Drawing.Size(260,20)
$objListBox.Height = 80

forEach($department in $departmentlist){
[void]$objListBox.Items.Add($department)
}

$objForm.Controls.Add($objListBox)

$objForm.Topmost = $True

$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()

$department1=$objListBox.SelectedItem.ToString()
$department =$department1.trim()
$department=$department.replace("`n", "")
$department=$department.replace("`r", "")

$initialgroups = 'OfficeUsers','HeadOffice'
$aduser=Get-ADUser -Filter "Name -like '*$name*'"
$whoami = whoami /upn

try{

if( $aduser -eq $null){

Switch ( $department)
{
HR {$OU = "OU=HR_OU,OU=Users-all,DC=labnet,dc=net"
$hrgroups ='HRStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $hrgroups
}

IT {$OU = "OU=IT_OU,OU=Users-all,DC=labnet,dc=net"
$itgroups ='ITStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $itgroups
}

Marketing {$OU = "OU=Marketing_OU,OU=Users-all,DC=labnet,dc=net"
$marketinggroups ='MarketingStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $marketinggroups
}
Production {$OU = "OU=Production_OU,OU=Users-all,DC=labnet,dc=net"
$productiongroups ='ProductionStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $productiongroups
}
Accounting {$OU = "OU=Accounting_OU,OU=Users-all,DC=labnet,dc=net"
$accountinggroups ='AccountingStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
}

Default {#$department = $null
$OU="CN=Users,DC=labnet,DC=net"
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true

}
}

Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $initialgroups
Write-Host -Object " Active Directory user $name has been created. Please wait while we enable a mailbox for this user. Thank you."

while( $a -ne 5){
if ($aduser -eq $null){
$a++
}
}

$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $connectionuri
Import-PSSession -Session $s -AllowClobber | Out-Null
Enable-Mailbox -identity $name -Alias $alias | Out-Null
Send-MailMessage -From $FromEmailAddress -to $ToEmailAddress -Subject "New User Created Notification" -Body " New User $name and mailbox have been created in the $OU Organizational Unit by $whoami. !!" -SmtpServer $smtpserver
Write-Host "Active Directory User $name and their Mailbox have been created successfully in the $OU Organizational Unit by $whoami. !!"
Remove-PSSession -Session $s

}else {
Write-Host -Object "The user $name already exists !!"

}

} catch {
Get-Date | Out-File \\labtarget\Scripts\errorlog.txt -Append -Force
$_ | Out-File \\labtarget\Scripts\errorlog.txt -Append
Write-Host -Object "Please check the Logs for errors."
}
}
New-Employee

PS: It might be necessary to assign “Send-As” permission to the help desk support users to enable them run the Send-MailMessage cmdlet using a different ‘from’ address :

Add-ADPermission -Identity "CN=Alerts,OU=IT_OU,OU=Users-All,DC=LabNet,DC=net" -ExtendedRights Send-As -User kriskay

This entry was posted in Active Directory, PowerShell, Scripts, WIndows 8.1, Windows Server 2012 R2 and tagged , , , . Bookmark the permalink.

2 Responses to Interactive PowerShell 4.0 Script Automates Active Directory User and Mailbox Creation.

  1. R H says:
    December 19, 2016 at 8:19 am

    Ty for this script and its ideas. It works super fine and is easy to costumize – work further with.
    A single comment could be that the Departmentsdropdown.txt is a plain text list where each line holds the name of a new ou. In the switch case pattern you can use “quots around long names” with spaces inside, just like normal strings.

    Best regards
    R H

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s