Staff Creation Tool
I created the below PowerShell script to create new users who have joined the organisation. It does a number of things such as creating the AD user account, Exchange mailbox, and Lync account.mode con: lines=70 $a = (Get-Host).UI.RawUI $a.WindowTitle = " Staff Creation Tool" $a.BackgroundColor = "darkcyan" $a.ForegroundColor = "white" (get-host).privatedata.errorforegroundcolor="yellow" (get-host).privatedata.errorbackgroundcolor="darkcyan" Clear-Host Import-Module -DisableNameChecking activedirectory Set-ExecutionPolicy unrestricted -force $nl = [Environment]::NewLine Write-Host "Welcome to the Staff Creation Tool - Author Nick Beare $nl This tool can be used to: $nl * Create a staff member's AD user account. $nl * Add the user the 'iSheriff Users' and 'All Staff - Dickson' AD groups. $nl * Set their AD user account expiration date. $nl * Assign their home folder path (H drive) and create the folder. $nl * Move their AD user account to the correct OU. $nl * Create their Exchange mailbox and configure Unified Messaging. $nl * Create their Lync account." $nl Start-Transcript -Path "\\SERVER_NAME\g_drive\BHP\CIO\SDT\Service Desk\Tools\Scripts\Staff_Creation_Tool_Log.txt" -Append $nl $CT = Read-Host "Please enter the HelpMaster Reference number for the staff member you would like to create eg CT123456" $CT = [string]::join("", $CT) $nl $userid2 = Read-Host "Please enter the user ID (eg pbearen of the staff member you would like to create" $userid = $userid2.ToLower() # check if user already exists in AD, if they do exit. $dup = Get-ADUser -LDAPFilter "(sAMAccountName=$userid)" If ($dup -eq $Null) { $nl $firstname = Read-Host "Please enter the staff member's firstname" $nl $lastname = Read-Host "Please enter the staff member's surname" $displayname = $firstname + " " + $lastname $nl $ext = Read-Host "Please enter the staff member's four digit extension number eg 7730. Leave the field blank and press return if you don't know the extension yet" $nl $ext2 = '6268' + " " + $ext $OU0 = Read-Host "Is the staff member a contractor or BHP employee? Enter either 'contractor' or 'BHP'" $OU1 = $OU0.tolower() if ($OU1 -eq "BHP") { $OU = "OU=Users,OU=BHP,DC=BHPagency,DC=corporate" $nl $expiration_date = Read-Host "If required, please enter the account expiration date of the new BHP staff member in DD/MM/YYYY format. To set no expiry date simply leave this field blank and press return" $nl $password1 = Read-Host -AsSecureString "Please enter a password for the new BHP staff member's AD user account" $nl $password2 = Read-Host -AsSecureString "Please confirm the password" $password3 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password1)) $password4 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password2)) if ($password3 -ne $password4) { $nl Write-Host "The user passwords you have entered do not match. Program terminating. Goodbye." $nl break } else { $nl Write-Host "The Staff Creation Tool is about to create BHP staff member $userid - $firstname $lastname. Press any key to continue OR click the cross on the top right hand corner of this window to exit." $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") $encryptedpassword=convertto-securestring $password3 -asplaintext -force $principal = $userid + "@BHPagency.corporate" $home2 = "\\SERVER_NAME\users$\" + $userid $nl write-host "Creating AD user account and setting H drive path..." New-aduser -GivenName $firstname -name $userid -Surname $lastname -OfficePhone $ext2 -DisplayName $displayname -SamAccountName $userid -accountPassword $encryptedpassword -passwordneverexpires $false -path $OU -Enabled $True -Description $CT -UserPrincipalName $principal -HomeDirectory $home2 -changepasswordatlogon $true -HomeDrive "H:" set-adaccountexpiration -identity $userid -datetime $expiration_date TIMEOUT /T 5 /NOBREAK new-item -path \\SERVER_NAME\users$\ -type directory -name $userid 2>&1 | Out-Null $Acl = Get-Acl -path $home2 $Ar = New-Object system.security.accesscontrol.filesystemaccessrule($userid,"FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl -Path $home2 -AclObject $Acl $nl Add-ADGroupMember -Identity 'All Staff - Dickson' -members $userid Add-ADGroupMember -Identity 'iSheriff Users' -members $userid # Create the user's mailbox Write-Host "Creating the user's mailbox, please wait and do not exit..." Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin TIMEOUT /T 30 /NOBREAK # Manually set the mail storage group here enable-Mailbox -identity $userid -database 'Exchange_Server\CT Storage Group 3\Mail Store 3' 2>&1 | Out-Null $nl Write-Host "Disabling Outlook Web App (OWA) and configuring Unified Messaging if an extension was provided, please wait and do not exit..." TIMEOUT /T 30 /NOBREAK Set-CASMailbox -Identity $userid -OWAEnabled:$false Enable-UMMailbox -Identity $userid -extensions $ext -UMMailboxPolicy 'BHP UM Mailbox Policy' # Add the user to Lync $lync = get-childitem env:username | Select-Object -ExpandProperty value $nl Write-Host "Adding user to Lync, please wait and enter you domain admin password when prompted..." $session = new-pssession -connectionuri "https://lyncpool.BHPagency.corporate/ocspowershell" -credential $lync import-pssession $session Enable-CsUser -Identity $userid -RegistrarPool "lyncpool.BHPagency.corporate" -SipAddressType SamAccountName -SipDomain BHPagency.corporate 2>&1 | Out-Null TIMEOUT /T 20 /NOBREAK $lineURI = ("tel:$ext;phone-context=dialstring") $serverURI = ("sip:$userid@CUPS-CT-01.BHPagency.corporate") Set-csuser -Identity $userid -enterprisevoiceenabled $false -RemoteCallControlTelephonyEnabled $true -lineuri $lineURI -LineServerUri $serverURI Grant-csclientpolicy -identity $userid -policyname "BHPClientPolicy" $nl write-host "The Staff Creation Tool has finished running. Goodbye." $nl } $nl } ElseIf ($OU1 -eq "contractor") { $OU = "OU=Contractors,OU=Users,OU=BHP,DC=BHPagency,DC=corporate" $nl $password1 = Read-Host -AsSecureString "Please enter a password for the new BHP staff member's AD user account" $nl $password2 = Read-Host -AsSecureString "Please confirm the password" $password3 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password1)) $password4 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password2)) if ($password3 -ne $password4) { $nl Write-Host "The user passwords you have entered do not match. Program terminating. Goodbye." $nl break } else { $nl $expiration_date = Read-Host "Please enter the account expiration date of the new contractor in DD/MM/YYYY format"} while ($expiration_date -eq [string]::Empty) { $nl write-host "You have not entered an expiration date for a contractor." $expiration_date = Read-Host "Please enter the account expiration date of the new contractor in DD/MM/YYYY format" } $nl Write-Host "The Staff Creation Tool is about to create $userid - $firstname $lastname. Press any key to continue OR click the cross on the top right hand corner of this window to exit." $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") $encryptedpassword=convertto-securestring $password3 -asplaintext -force $principal = $userid + "@BHPagency.corporate" $home2 = "\\SERVER_NAME\users$\" + $userid $nl write-host "Creating AD user account..." New-ADUser -GivenName $firstname -name $userid -Surname $lastname -OfficePhone $ext2 -DisplayName $displayname -SamAccountName $userid -accountPassword $encryptedpassword -passwordneverexpires $false -path $OU -Enabled $True -Description $CT -UserPrincipalName $principal -HomeDirectory $home2 -changepasswordatlogon $true -HomeDrive "H:" set-adaccountexpiration -identity $userid -datetime $expiration_date TIMEOUT /T 5 /NOBREAK new-item -path \\SERVER_NAME\users$\ -type directory -name $userid 2>&1 | Out-Null $Acl = Get-Acl -path $home2 $Ar = New-Object system.security.accesscontrol.filesystemaccessrule($userid,"FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl -Path $home2 -AclObject $Acl $nl Add-ADGroupMember -Identity 'All Staff - Dickson' -members $userid Add-ADGroupMember -Identity 'iSheriff Users' -members $userid # Create the user's mailbox Write-Host "Creating the user's mailbox, please wait and do not exit..." Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin TIMEOUT /T 30 /NOBREAK enable-Mailbox -identity $userid -database 'Exchange_Server\CT Storage Group 3\Mail Store 3' 2>&1 | Out-Null $nl Write-Host "Disabling Outlook Web App (OWA) and configuring Unified Messaging if an extension was provided, please wait and do not exit..." TIMEOUT /T 30 /NOBREAK Set-CASMailbox -Identity $userid -OWAEnabled:$false Enable-UMMailbox -Identity $userid -extensions $ext -UMMailboxPolicy 'BHP UM Mailbox Policy' # Add the user to Lync $lync = get-childitem env:username | Select-Object -ExpandProperty value $nl Write-Host "Adding user to Lync, please wait and enter you domain admin password when prompted..." $session = new-pssession -connectionuri "https://lyncpool.BHPagency.corporate/ocspowershell" -credential $lync import-pssession $session Enable-CsUser -Identity $userid -RegistrarPool "lyncpool.BHPagency.corporate" -SipAddressType SamAccountName -SipDomain BHPagency.corporate 2>&1 | Out-Null TIMEOUT /T 20 /NOBREAK $lineURI = ("tel:$ext;phone-context=dialstring") $serverURI = ("sip:$userid@CUPS-SERVER-02.BHPagency.corporate") Set-csuser -Identity $userid -enterprisevoiceenabled $false -RemoteCallControlTelephonyEnabled $true -lineuri $lineURI -LineServerUri $serverURI Grant-csclientpolicy -identity $userid -policyname "BHPClientPolicy" $nl write-host "The Staff Creation Tool has finished running. Goodbye." } Else { $nl write-host "Invalid input. Please enter either 'contractor' or 'BHP'. The program will now exit. Goodbye." break } } else { $nl Write-Host "The userid $userid already exists in Active Directory. Goodbye." $nl break } $nl stop-transcript
Below is the contents of the bat file that is used to execute the above PowerShell script. Note that '-executionpolicy bypass' prevents any annoying execution prompts.
@ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file "\\HOSTNAME\staff_creation.ps1"
@ TIMEOUT /T 30
Back