Create AD Users by Powershell

前端之家收集整理的这篇文章主要介绍了Create AD Users by Powershell前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

原始Script:

###########################################################
#AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl 
#DATE    : 26-04-2012 
#EDIT    : 07-08-2014
#COMMENT : This script creates new Active Directory users,#including different kind of properties,based
#on an input_create_ad_users.csv.
#VERSION : 1.3
###########################################################

#CHANGELOG
#Version 1.2: 15-04-2014 - Changed the code for better
#- Added better Error Handling and Reporting.
#- Changed input file with more logical headers.
#- Added functionality for account Enabled,#PasswordNeverExpires,ProfilePath,ScriptPath,#HomeDirectory and HomeDrive
#- Added the option to move every user to a different OU.
#Version 1.3: 08-07-2014
#- Added functionality for ProxyAddresses

#ERROR REPORTING ALL
Set-StrictMode -Version latest

#----------------------------------------------------------
#LOAD ASSEMBLIES AND MODULES
#----------------------------------------------------------
Try
{
  Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
  Exit 1
}

#----------------------------------------------------------
#STATIC VARIABLES
#----------------------------------------------------------
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath  = $path + "\import_create_ad_users.csv"
$log      = $path + "\create_ad_users.log"
$date     = Get-Date
$addn     = (Get-ADDomain).DistinguishedName
$dnsroot  = (Get-ADDomain).DNSRoot
$i        = 1

#----------------------------------------------------------
#START FUNCTIONS
#----------------------------------------------------------
Function Start-Commands
{
  Create-Users
}

Function Create-Users
{
  "Processing started (on " + $date + "): " | Out-File $log -append
  "--------------------------------------------" | Out-File $log -append
  Import-CSV $newpath | ForEach-Object {
    If (($_.Implement.ToLower()) -eq "yes")
    {
      If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
      {
        Write-Host "[ERROR]`t Please provide valid GivenName,LastName and Initials. Processing skipped for line $($i)`r`n"
        "[ERROR]`t Please provide valid GivenName,LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
      }
      Else
      {
        #Set the target OU
        $location = $_.TargetOU + ",$($addn)"

        #Set the Enabled and PasswordNeverExpires properties
        If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
        If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }

        #A check for the country,because those were full names and need 
        #to be land codes in order for AD to accept them. I used Netherlands 
        #as example
        If($_.Country -eq "Netherlands")
        {
          $_.Country = "NL"
        }
        Else
        {
          $_.Country = "EN"
        }
        #Replace dots / points (.) in names,because AD will error when a 
        #name ends with a dot (and it looks cleaner as well)
        $replace = $_.Lastname.Replace(".","")
        If($replace.length -lt 4)
        {
          $lastname = $replace
        }
        Else
        {
          $lastname = $replace.substring(0,4)
        }
        #Create sAMAccountName according to this 'naming convention':
        #<FirstLetterInitials><FirstFourLettersLastName> for example
        #htehp
        $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
        Catch { }
        If(!$exists)
        {
          #Set all variables according to the table names in the Excel 
          #sheet / import CSV. The names can differ in every project,but 
          #if the names change,make sure to change it below as well.
          $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force

          Try
          {
            Write-Host "[INFO]`t Creating user : $($sam)"
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append
            New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
            -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
            -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail `
            -StreetAddress $_.StreetAddress -City $_.City -State $_.State `
            -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
            -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
            -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager `
            -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory `
            -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires
            Write-Host "[INFO]`t Created new user : $($sam)"
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append

            $dn = (Get-ADUser $sam).DistinguishedName
            #Set an ExtensionAttribute
            If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
            {
              $ext = [ADSI]"LDAP://$dn"
              $ext.Put("extensionAttribute1",$_.ExtensionAttribute1)
              Try   { $ext.SetInfo() }
              Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
            }

            #Set ProxyAdresses
            Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop }
            Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" }

            #Move the user to the OU ($location) you set above. If you don't
            #want to move the user(s) and just create them in the global Users
            #OU,comment the string below
            If ([adsi]::Exists("LDAP://$($location)"))
            {
              Move-ADObject -Identity $dn -TargetPath $location
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
            }
            Else
            {
              Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
              "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
            }

            #Rename the object to a good looking name (otherwise you see
            #the 'ugly' shortened sAMAccountNames as a name in AD. This
            #can't be set right away (as sAMAccountName) due to the 20
            #character restriction
            $newdn = (Get-ADUser $sam).DistinguishedName
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName)
            Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
            "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
          }
          Catch
          {
            Write-Host "[ERROR]`t Oops,something went wrong: $($_.Exception.Message)`r`n"
          }
        }
        Else
        {
          Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
          "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
        }
      }
    }
    Else
    {
      Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
      "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
    }
    $i++
  }
  "--------------------------------------------" + "`r`n" | Out-File $log -append
}

Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"

修改后Script:

###########################################################
#AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl 
#DATE    : 26-04-2012 
#EDIT    : 07-08-2014
#COMMENT : This script creates new Active Directory users,#HomeDirectory and HomeDrive
#- Added the option to move every user to a different OU.
#Version 1.3: 08-07-2014
#- Added functionality for ProxyAddresses

#ERROR REPORTING ALL
Set-StrictMode -Version latest

#----------------------------------------------------------
#LOAD ASSEMBLIES AND MODULES
#----------------------------------------------------------
Try
{
  Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
  Exit 1
}

#----------------------------------------------------------
#STATIC VARIABLES
#----------------------------------------------------------
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath  = $path + "\create_ad_users.csv"
$log      = $path + "\create_ad_users.log"
$date     = Get-Date
$addn     = (Get-ADDomain).DistinguishedName
$dnsroot  = (Get-ADDomain).DNSRoot
$i        = 1

#----------------------------------------------------------
#START FUNCTIONS
#----------------------------------------------------------

function add-adgroup
{

    Param ([String]$group2,[String]$username)

                Try   { $exists = Get-adgroup -Identity $group2 }
                Catch { Write-Host "[ERROR]`t Group not found: $($group2)" }
                If($exists)
                {
                    Add-ADGroupMember -identity $group2 -Member $username
                    Write-Host "[INFO]`t Added User $username into Group: $($group2)"
                    "[INFO]`t Added User $username into Group: $($group2)" | Out-File $log -append
                }
}

Function Start-Commands
{
  Create-Users
}

Function Create-Users
{
  "Processing started (on " + $date + "): " | Out-File $log -append
  "--------------------------------------------" | Out-File $log -append
  Import-CSV $newpath | ForEach-Object {

      If ($_.UserName -eq "")
      {
        Write-Host "[ERROR]`t Please provide valid UserName Processing skipped for line $($i)`r`n"
        "[ERROR]`t Please provide valid UserName. Processing skipped for line $($i)`r`n" | Out-File $log -append
      }
      Else
      {
        # Set the target OU
        $OU = ""

        if ($_.TYPE.ToLower() -eq "user"){
            $OU = "OU=Users"
        }Elseif ($_.TYPE.ToLower() -eq "service"){
            $OU = "OU=Service Accounts"
        }

        if ($_.components.toupper()) {

        $components = $OU + ",OU="+ $_.components.toupper() + ",OU=WIN_DM"

        }else {

        $components = $OU +  ",OU=WIN_DM"

        }

        $location = $components + ",$($addn)"

        Write-Host $location -ForegroundColor Yellow

        # Create sAMAccountName according to this 'naming convention':
        # <FirstLetterInitials><FirstFourLettersLastName> for example
        # htehp
        $sam = $_.UserName.ToLower()
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
        Catch { }
        If(!$exists)
        {
          # Set all variables according to the table names in the Excel 
          # sheet / import CSV. The names can differ in every project,but 
          # if the names change,make sure to change it below as well.
          $setpass = ConvertTo-SecureString -AsPlainText "P@ssw0rd1234" -force

          Try
          {
            Write-Host "[INFO]`t Creating user : $($sam)"
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append
            New-ADUser $sam `
            -DisplayName $sam `
            -Description "Owner:DCO" `
            -UserPrincipalName ($sam + "@" + $dnsroot) `
            -AccountPassword $setpass `
            -ChangePasswordAtlogon $True `
            -Enabled $True #-PasswordNeverExpires $True
            Write-Host "[INFO]`t Created new user : $($sam)"
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append

            $dn = (Get-ADUser $sam).DistinguishedName
          }
          Catch
          {
            Write-Host "[ERROR]`t Oops 1,something went wrong: $($_.Exception.Message)`r`n"
          }

          Try
          {
              Move-ADObject -Identity $dn -TargetPath $location
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
          }
          Catch
          {
            Write-Host "[ERROR]`t Oops 2,something went wrong: $($_.Exception.Message)`r`n"
          }       

          Try
          {
                #add group member
                $sag = "service account groups"

                if ($_.TYPE.ToLower() -eq "service"){
                    add-adgroup $sag $sam
                }

                $group = $_.group.ToLower()
                if (!($group -eq ""))
                {
                    add-adgroup $group $sam
                }

          }
          Catch
          {
            Write-Host "[ERROR]`t Oops 3,something went wrong: $($_.Exception.Message)`r`n"
          }
        }
        Else
        {
          Write-Host "[SKIP]`t User $($sam) already exists or returned an error!`r`n"
          "[SKIP]`t User $($sam) already exists or returned an error!" | Out-File $log -append
        }
      }

    $i++
  }
  "--------------------------------------------" + "`r`n" | Out-File $log -append
}

Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"

猜你在找的Windows相关文章