Tag Archives: Active Directory

Passing CSV files to powershell to perform bulk commands

Leave a reply

Nice easy one for a Wednesday morning.
Again, you’ll need the quest Powershell ActiveRoles Management Plugin from here: http://www.quest.com/powershell/activeroles-server.aspx

For this i’ll be using the New-QADUser command but you can use any command you like. All the csv and code is doing before that command is populating some variables that are passed to the command.

To tell Powershell what CSV file to use, you use the Import-Csv command and assign to a variable, then pick out each row and assign each value to its own variable :

$List = Import-Csv C:\scripts\list.csv
ForEach ($entry in $list){ 
$firstname = $($entry.firstname)
$lastname = $($entry.lastname)
$ccg = $($entry.ccg)
$code = $($entry.code)
$job = $($entry.job)
$name=$lastname+” “+$firstname
$username=$firstname+”.”+$lastname
$displayname=$name+” (DOMAIN)”
$upn=$username+”@domain.uk”
$password=”tgrefgbfdbfdshgtfsbgfd”
if ($ccg -eq “preston”) {
$ou = “Domain/OU1/Preston”
}
if ($ccg -eq “csr”) {
$ou = “Domain/OU2/C&SR”
}
if ($ccg -eq “wl”) {
$ou = “Domain/OU3/West Lancs”
}

The CSV contains the users name, CCG (OU Name), job title and Job Code. Each are assigned a variable, then other values such as Display name and username are constructed from the variables in the csv file. If I wanted to add more values from the csv, id create a new column (eg Phone number), then reference it in the code like this:

$phone = $($entry.phone)
 

The $phone at the start of the string is the variable within powershell. the “($entry” is the variable for the csv specified at the top of the code and “.phone)” is the column name in the csv.
Once all the variables have been specified that you want to use, you add the command:

New-QADUser -FirstName $firstname -LastName $lastname -Name $name -DisplayName $displayname -UserPrincipalName $upn -UserPassword $password -ParentContainer $ou -SamAccountName $username -Office $code -Description $job
 

To add an additional variable such as phone number, you would add “-PhoneNumber $phone” to the command.
Blank values in the CSV will add a blank value to the object in AD when the account is created.  PS1 download is below.

Powershell File

Sample CSV



Lazy Admin Quick Fix Tool

Leave a reply

I thoughts id be a good samaritan and write a tool to help our service desk automate a few day to day tasks to make their lives a little easier… (im nice like that!).

Its basicly an old school batch menu that calls a PSexec command to run on another computer. All the Service desk tech needs to do is enter the PC number they want to send the command to, then pick the option from the menu. Once its done, they wait for the next job, enter a new PC number then select another command. The command will run as the tech regardless of what user is logged onto the PC at the other end.
May be worth mentioning that our users are basic users on PCs (not power users or local admin) and our Service desk Techs are Part of a security group that has local administrator rights over users PCs. In the past they’d have to open a dameware session (Like VNC) and run any of these commands manually.
Heres what it looks like:

Main GUI

Selecting option A lets you set the value for the PC you want to connect to.  The PSExec command then uses the variables specified, and picks out the command from the menu option selected. Basicly ANYTHING you can run from the command line can be implemented into the menu. All commands will run as the techy, so no need for the user to log out to perform the commands.

The Office 2010 Utilities option also launches a submenu, with a few options in:

Office Menu



 

Building a Powershell script to create user accounts on Active Directory

Leave a reply

User accounts in Active directory can be a pain (and boring) to create… especially if you have a high staff turnover or you need to add extra bits to user accounts once they’ve been provisioned.

For example, when we create a user account in our domain environment i need to:

  • Format the Display name in a certain way. eg, “Smith Jane (CLPCT)”
  • Format the username (Jane.Smith)
  • As we are part of a large AD forest, i sometimes need to choose a different domain suffix in the UPN.
  • The account needs to be added to the correct OU to pick up group policy
  • The mailbox needs to be placed in a particular database in exchange depending on the domain and the users name\position
  • Custom attributes sometimes need to be added
  • Add the user to one or more common AD security groups
  • Depending on the domain, add a profile path based on the users login name

The list goes on and on. With so many steps involved, its easy to miss some and cause problems later down the line.

I decided to create an easy way to create the accounts by entering the bare minimum about the user then selecting the rest of the info from menus and letting powershell do all the work for me.

To make this happen i used:

Before doing any of this, i suggest you TEST on a TEST domain, or a TEST OU…. TEST!

When installing powerGUI, be sure to select AD and Exchange from the powerpacks when you get to the installation feature screen. Also, when installing the Quest activeroles cmdlets, select the option to change powershell to allow unsigned code to run otherwise you’ll hit problems when you come to run your scripts.

Now that bits done we can start on some code…

All my code does is have the commands to create an exchange mailbox and modify an AD user account ready filled with variables, then have multiselection menus and prompts to popualte them. here we go…

First things first. We need to work out what commands we will be using and what values we can apply. Creating an exchange account will also create an account in active directory, so I use the New-Mailbox command. typing the command into a new powerGUI window will show you all the available values you can apply when creating the account. Some user object attributes arent available with that command so we will need to use Set-QADUser after the exchange command to add the bits its missing.

So here’s the command I use for the new mailbox:

New-Mailbox -DomainController $dc -name $name -userprincipalname $upn -Alias $username -OrganizationalUnit $ou -FirstName $firstname -LastName $LastName -Password $password -ResetPasswordOnNextLogon $true -Database $maildatabase -DisplayName $displayname

And the extra values you cant specify in the New-Mailbox command:

Set-QADUser -Identity $upn -ProfilePath $profilepath

All the values starting with $ are variables ive set before the commands run. To set the variables ive added some prompts, along with some “write-host” commands to list all the options.

Here I prompt for the basics:

$firstname = read-host -prompt “Enter First Name”
$lastname = read-host -prompt “Enter Last Name”
$trust = read-host -prompt “LCFT or CLPCT or ICO”
$password = read-host -assecurestring -prompt “Please enter a Password”

Then from the Values above, i can construct some of the other values based on how we format them in our domain.

$name=$lastname+” “+$firstname
$username=$firstname+”.”+$lastname
$displayname=$name+” (“+$trust+”)”
if ($trust -eq “CLPCT”) {
$domain = “@centrallancashire.nhs.uk”
$attrib = ” ”
}
if ($trust -eq “LCFT”) {
$domain = “@lancashirecare.nhs.uk”
$attrib = “TCS-LCFT-CL”
}
if ($trust -eq “ICO”) {
$domain = “@centrallancashire.nhs.uk”
$attrib = “TCS-ICO”
}
$upn=$username+$domain

Here’s the options for the $maildatabase value.

Write-Host “”
Write-Host -foregroundcolor Green “Please Pick a Mailbox Database”
Write-Host “”
Write-Host “0 – TCS User”
Write-Host “1 – StandardUsersA-C”
Write-Host “2 – StandardUsersD-F”
Write-Host “3 – StandardUsersG-I”
Write-Host “4 – StandardUsersJ-L”
Write-Host “5 – StandardUsersM-O”
Write-Host “6 – StandardUsersP-R”
Write-Host “7 – StandardUsersS-U”
Write-Host “8 – StandardUsersV-W”
Write-Host “9 – StandardUsersX-Z”
Write-Host “”
$mailnumber = read-host -prompt “Please Choose a number”
if ($mailnumber -eq “0″) {
$maildatabase = “MAIL\VIPUsers\VIPUsers”
}
if ($mailnumber -eq “1″) {
$maildatabase = “MAIL\StandardUsersA-C\StandardUsersA-C”
}
if ($mailnumber -eq “2″) {
$maildatabase = “MAIL\StandardUsersD-F\StandardUsersD-F”
}
if ($mailnumber -eq “3″) {
$maildatabase = “MAIL\StandardUsersG-I\StandardUsersG-I”
}
if ($mailnumber -eq “4″) {
$maildatabase = “-MAIL\StandardUsersJ-L\StandardUsersJ-L”
}
if ($mailnumber -eq “5″) {
$maildatabase = “MAIL\StandardUsersM-O\StandardUsersM-O”
}
if ($mailnumber -eq “6″) {
$maildatabase = “-MAIL\StandardUsersP-R\StandardUsersP-R”
}
if ($mailnumber -eq “7″) {
$maildatabase = “MAIL\StandardUsersS-U\StandardUsersS-U”
}
if ($mailnumber -eq “8″) {
$maildatabase = “MAIL\StandardUsersV-W\StandardUsersV-W”
}
if ($mailnumber -eq “9″) {
$maildatabase = “MAIL\StandardUsersX-Z\StandardUsersX-Z”
}

MAIL in this instance is the name of our Exchange mailbox server. The rest is the path the the mailbox databases. You’ll be able to pick your own values out of exchange. The code to populate the $ou variable is very similar.

To run the script from a shortcut, you’ll need to create a shortcut that calls powershell.exe then references the location of the ps1 file. So change the target to something like:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file “C:\location of ps1 file”
 

You can use unc paths if your wanting to share  the script with other people

My PS1 file is below. you’ll need to go through and change the values to suit your own domain. Any questions, post a comment.

Powershell File