In line with the objective of streamlining and automating new employee/user creation process for help desk/level 1 support, I wrote the following PowerShell script to help precisely define the steps in the process, further reduce the chance for human error and cut down time to finish the task.
The interactive PowerShell script accepts user input for three (3) required string parameters, the first name, last name and department. The department is selected from a GUI drop down list box. The script checks to see if the user already exists.If so, the script stops and sends a message to the console. The Active Directory account is created in a specific organizational unit based on the department selection, the account is mailbox enabled and email notification is sent to the team.
This script is an update to an earlier script. It’s designed to create one user at a time for an environment that only sets up one or two new users maybe once a week. It can be easily edited to accept multiple user values from a text file.
Requirements for the script to work are as follows:
a) RSAT for Windows 8.1 or Windows 7 (Remote Server Administration Tools).
b) Active Directory module ( Auto loaded in Win 8.1 and Win 10).
c) Delegate user creation tasks to a help desk Active Directory security group.
The script could be run remotely after uploading to a shared directory accessible to specific users or AD security group as indicated in the following screen shot:
function New-Employee {
[CmdletBinding()]
Param (
$adforest = ((Get-ADDomain).forest | Out-String),
[Parameter(Mandatory=$True,Position=0)][ValidateNotNullOrEmpty()][string]$GivenName,
[string]$firstName1 = $GivenName.trim(" ",".",","),
[string]$firstname = (Get-Culture).TextInfo.ToTitleCase($firstname1),
[Parameter(Mandatory=$True)] [ValidateNotNullOrEmpty()][string]$Surname,
[string]$lastname1 = $Surname.trim(" ",".",","),
[string]$lastname = (Get-Culture).TextInfo.ToTitleCase($lastname1),
$path = ("\\labtarget\Scripts\Departments.txt"),
$userPrincipalName = "$firstname" + "$lastname" + "@" + $adforest,
$name = "$firstName" +" " + "$lastName",
$sam = "$firstname" + "$lastname",
$alias = "$firstname" + "$lastname",
$initialpassword = 'test1234',
$FromEmailAddress = "alerts@labnet.net",
$ToEmailAddress = "infrastructure@labnet.net",
$smtpserver = "exch00.labnet.net",
$connectionuri = "http://exch00/powershell"
)
$path = ("\\labtarget\Scripts\Departmentsdropdown.txt")
$departmentlist = Get-Content -Path $path
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Select a Department"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$x=$objListBox.SelectedItem;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$objListBox.SelectedItem;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click({$objForm.Close()})
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please select a department:"
$objForm.Controls.Add($objLabel)
$objListBox = New-Object System.Windows.Forms.ListBox
$objListBox.Location = New-Object System.Drawing.Size(10,40)
$objListBox.Size = New-Object System.Drawing.Size(260,20)
$objListBox.Height = 80
forEach($department in $departmentlist){
[void]$objListBox.Items.Add($department)
}
$objForm.Controls.Add($objListBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()
$department1=$objListBox.SelectedItem.ToString()
$department =$department1.trim()
$department=$department.replace("`n", "")
$department=$department.replace("`r", "")
$initialgroups = 'OfficeUsers','HeadOffice'
$aduser=Get-ADUser -Filter "Name -like '*$name*'"
$whoami = whoami /upn
try{
if( $aduser -eq $null){
Switch ( $department)
{
HR {$OU = "OU=HR_OU,OU=Users-all,DC=labnet,dc=net"
$hrgroups ='HRStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $hrgroups
}
IT {$OU = "OU=IT_OU,OU=Users-all,DC=labnet,dc=net"
$itgroups ='ITStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $itgroups
}
Marketing {$OU = "OU=Marketing_OU,OU=Users-all,DC=labnet,dc=net"
$marketinggroups ='MarketingStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $marketinggroups
}
Production {$OU = "OU=Production_OU,OU=Users-all,DC=labnet,dc=net"
$productiongroups ='ProductionStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $productiongroups
}
Accounting {$OU = "OU=Accounting_OU,OU=Users-all,DC=labnet,dc=net"
$accountinggroups ='AccountingStaff'
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
}
Default {#$department = $null
$OU="CN=Users,DC=labnet,DC=net"
New-ADUser -AccountPassword (convertto-securestring $initialpassword -asplaintext -force) -GivenName $firstname -SurName $lastname -UserPrincipalName $userprincipalname -Name $name -Enabled $true -Path $OU -Department $department -SamAccountName $Sam -ChangePasswordAtLogon $true
}
}
Add-ADPrincipalGroupMembership -Identity $sam -MemberOf $initialgroups
Write-Host -Object " Active Directory user $name has been created. Please wait while we enable a mailbox for this user. Thank you."
while( $a -ne 5){
if ($aduser -eq $null){
$a++
}
}
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $connectionuri
Import-PSSession -Session $s -AllowClobber | Out-Null
Enable-Mailbox -identity $name -Alias $alias | Out-Null
Send-MailMessage -From $FromEmailAddress -to $ToEmailAddress -Subject "New User Created Notification" -Body " New User $name and mailbox have been created in the $OU Organizational Unit by $whoami. !!" -SmtpServer $smtpserver
Write-Host "Active Directory User $name and their Mailbox have been created successfully in the $OU Organizational Unit by $whoami. !!"
Remove-PSSession -Session $s
}else {
Write-Host -Object "The user $name already exists !!"
}
} catch {
Get-Date | Out-File \\labtarget\Scripts\errorlog.txt -Append -Force
$_ | Out-File \\labtarget\Scripts\errorlog.txt -Append
Write-Host -Object "Please check the Logs for errors."
}
}
New-Employee
PS: It might be necessary to assign “Send-As” permission to the help desk support users to enable them run the Send-MailMessage
cmdlet using a different ‘from’ address :
Add-ADPermission -Identity "CN=Alerts,OU=IT_OU,OU=Users-All,DC=LabNet,DC=net" -ExtendedRights Send-As -User kriskay
Ty for this script and its ideas. It works super fine and is easy to costumize – work further with.
A single comment could be that the Departmentsdropdown.txt is a plain text list where each line holds the name of a new ou. In the switch case pattern you can use “quots around long names” with spaces inside, just like normal strings.
Best regards
R H
Thank you for stopping by RH. I really appreciate the comment and observations. Thanks again.