原始Script:
########################################################### #AUTHOR : Marius / Hican - http://www.hican.nl - @hicannl #DATE : 26-04-2012 #EDIT : 07-08-2014 #COMMENT : This script creates new Active Directory users,#including different kind of properties,based #on an input_create_ad_users.csv. #VERSION : 1.3 ########################################################### #CHANGELOG #Version 1.2: 15-04-2014 - Changed the code for better #- Added better Error Handling and Reporting. #- Changed input file with more logical headers. #- Added functionality for account Enabled,#PasswordNeverExpires,ProfilePath,ScriptPath,#HomeDirectory and HomeDrive #- Added the option to move every user to a different OU. #Version 1.3: 08-07-2014 #- Added functionality for ProxyAddresses #ERROR REPORTING ALL Set-StrictMode -Version latest #---------------------------------------------------------- #LOAD ASSEMBLIES AND MODULES #---------------------------------------------------------- Try { Import-Module ActiveDirectory -ErrorAction Stop } Catch { Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" Exit 1 } #---------------------------------------------------------- #STATIC VARIABLES #---------------------------------------------------------- $path = Split-Path -parent $MyInvocation.MyCommand.Definition $newpath = $path + "\import_create_ad_users.csv" $log = $path + "\create_ad_users.log" $date = Get-Date $addn = (Get-ADDomain).DistinguishedName $dnsroot = (Get-ADDomain).DNSRoot $i = 1 #---------------------------------------------------------- #START FUNCTIONS #---------------------------------------------------------- Function Start-Commands { Create-Users } Function Create-Users { "Processing started (on " + $date + "): " | Out-File $log -append "--------------------------------------------" | Out-File $log -append Import-CSV $newpath | ForEach-Object { If (($_.Implement.ToLower()) -eq "yes") { If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq "")) { Write-Host "[ERROR]`t Please provide valid GivenName,LastName and Initials. Processing skipped for line $($i)`r`n" "[ERROR]`t Please provide valid GivenName,LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append } Else { #Set the target OU $location = $_.TargetOU + ",$($addn)" #Set the Enabled and PasswordNeverExpires properties If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False } If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False } #A check for the country,because those were full names and need #to be land codes in order for AD to accept them. I used Netherlands #as example If($_.Country -eq "Netherlands") { $_.Country = "NL" } Else { $_.Country = "EN" } #Replace dots / points (.) in names,because AD will error when a #name ends with a dot (and it looks cleaner as well) $replace = $_.Lastname.Replace(".","") If($replace.length -lt 4) { $lastname = $replace } Else { $lastname = $replace.substring(0,4) } #Create sAMAccountName according to this 'naming convention': #<FirstLetterInitials><FirstFourLettersLastName> for example #htehp $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower() Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } Catch { } If(!$exists) { #Set all variables according to the table names in the Excel #sheet / import CSV. The names can differ in every project,but #if the names change,make sure to change it below as well. $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force Try { Write-Host "[INFO]`t Creating user : $($sam)" "[INFO]`t Creating user : $($sam)" | Out-File $log -append New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials ` -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) ` -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail ` -StreetAddress $_.StreetAddress -City $_.City -State $_.State ` -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) ` -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID ` -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager ` -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory ` -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires Write-Host "[INFO]`t Created new user : $($sam)" "[INFO]`t Created new user : $($sam)" | Out-File $log -append $dn = (Get-ADUser $sam).DistinguishedName #Set an ExtensionAttribute If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null) { $ext = [ADSI]"LDAP://$dn" $ext.Put("extensionAttribute1",$_.ExtensionAttribute1) Try { $ext.SetInfo() } Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" } } #Set ProxyAdresses Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop } Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" } #Move the user to the OU ($location) you set above. If you don't #want to move the user(s) and just create them in the global Users #OU,comment the string below If ([adsi]::Exists("LDAP://$($location)")) { Move-ADObject -Identity $dn -TargetPath $location Write-Host "[INFO]`t User $sam moved to target OU : $($location)" "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append } Else { Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append } #Rename the object to a good looking name (otherwise you see #the 'ugly' shortened sAMAccountNames as a name in AD. This #can't be set right away (as sAMAccountName) due to the 20 #character restriction $newdn = (Get-ADUser $sam).DistinguishedName Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName) Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append } Catch { Write-Host "[ERROR]`t Oops,something went wrong: $($_.Exception.Message)`r`n" } } Else { Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n" "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append } } } Else { Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n" "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append } $i++ } "--------------------------------------------" + "`r`n" | Out-File $log -append } Write-Host "STARTED SCRIPT`r`n" Start-Commands Write-Host "STOPPED SCRIPT"
修改后Script:
########################################################### #AUTHOR : Marius / Hican - http://www.hican.nl - @hicannl #DATE : 26-04-2012 #EDIT : 07-08-2014 #COMMENT : This script creates new Active Directory users,#HomeDirectory and HomeDrive #- Added the option to move every user to a different OU. #Version 1.3: 08-07-2014 #- Added functionality for ProxyAddresses #ERROR REPORTING ALL Set-StrictMode -Version latest #---------------------------------------------------------- #LOAD ASSEMBLIES AND MODULES #---------------------------------------------------------- Try { Import-Module ActiveDirectory -ErrorAction Stop } Catch { Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" Exit 1 } #---------------------------------------------------------- #STATIC VARIABLES #---------------------------------------------------------- $path = Split-Path -parent $MyInvocation.MyCommand.Definition $newpath = $path + "\create_ad_users.csv" $log = $path + "\create_ad_users.log" $date = Get-Date $addn = (Get-ADDomain).DistinguishedName $dnsroot = (Get-ADDomain).DNSRoot $i = 1 #---------------------------------------------------------- #START FUNCTIONS #---------------------------------------------------------- function add-adgroup { Param ([String]$group2,[String]$username) Try { $exists = Get-adgroup -Identity $group2 } Catch { Write-Host "[ERROR]`t Group not found: $($group2)" } If($exists) { Add-ADGroupMember -identity $group2 -Member $username Write-Host "[INFO]`t Added User $username into Group: $($group2)" "[INFO]`t Added User $username into Group: $($group2)" | Out-File $log -append } } Function Start-Commands { Create-Users } Function Create-Users { "Processing started (on " + $date + "): " | Out-File $log -append "--------------------------------------------" | Out-File $log -append Import-CSV $newpath | ForEach-Object { If ($_.UserName -eq "") { Write-Host "[ERROR]`t Please provide valid UserName Processing skipped for line $($i)`r`n" "[ERROR]`t Please provide valid UserName. Processing skipped for line $($i)`r`n" | Out-File $log -append } Else { # Set the target OU $OU = "" if ($_.TYPE.ToLower() -eq "user"){ $OU = "OU=Users" }Elseif ($_.TYPE.ToLower() -eq "service"){ $OU = "OU=Service Accounts" } if ($_.components.toupper()) { $components = $OU + ",OU="+ $_.components.toupper() + ",OU=WIN_DM" }else { $components = $OU + ",OU=WIN_DM" } $location = $components + ",$($addn)" Write-Host $location -ForegroundColor Yellow # Create sAMAccountName according to this 'naming convention': # <FirstLetterInitials><FirstFourLettersLastName> for example # htehp $sam = $_.UserName.ToLower() Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } Catch { } If(!$exists) { # Set all variables according to the table names in the Excel # sheet / import CSV. The names can differ in every project,but # if the names change,make sure to change it below as well. $setpass = ConvertTo-SecureString -AsPlainText "P@ssw0rd1234" -force Try { Write-Host "[INFO]`t Creating user : $($sam)" "[INFO]`t Creating user : $($sam)" | Out-File $log -append New-ADUser $sam ` -DisplayName $sam ` -Description "Owner:DCO" ` -UserPrincipalName ($sam + "@" + $dnsroot) ` -AccountPassword $setpass ` -ChangePasswordAtlogon $True ` -Enabled $True #-PasswordNeverExpires $True Write-Host "[INFO]`t Created new user : $($sam)" "[INFO]`t Created new user : $($sam)" | Out-File $log -append $dn = (Get-ADUser $sam).DistinguishedName } Catch { Write-Host "[ERROR]`t Oops 1,something went wrong: $($_.Exception.Message)`r`n" } Try { Move-ADObject -Identity $dn -TargetPath $location Write-Host "[INFO]`t User $sam moved to target OU : $($location)" "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append } Catch { Write-Host "[ERROR]`t Oops 2,something went wrong: $($_.Exception.Message)`r`n" } Try { #add group member $sag = "service account groups" if ($_.TYPE.ToLower() -eq "service"){ add-adgroup $sag $sam } $group = $_.group.ToLower() if (!($group -eq "")) { add-adgroup $group $sam } } Catch { Write-Host "[ERROR]`t Oops 3,something went wrong: $($_.Exception.Message)`r`n" } } Else { Write-Host "[SKIP]`t User $($sam) already exists or returned an error!`r`n" "[SKIP]`t User $($sam) already exists or returned an error!" | Out-File $log -append } } $i++ } "--------------------------------------------" + "`r`n" | Out-File $log -append } Write-Host "STARTED SCRIPT`r`n" Start-Commands Write-Host "STOPPED SCRIPT"