Clatent

Technology | Fitness | Food

PowerShell

Read-Only Friday October 7, 2022

by Leave a Comment

For todays ROF, what about working with a coworker and  help them with learning something new. If your are more junior, ask a coworker if they can help you out with on something that either you’ve been struggling with or just want to know more about it and they have experience with it.

If you’re a one person shop, go on to YouTube, pluralsight, cbtnuggets, or even linkedin learning and see if there are courses that interest you. If you don’t have a subscription to that site, see what other courses are on there and make a case to your manager for it. Most of the time if they don’t already have a learning program, they will pay the subscription cost for you. But you won’t know until you ask. Don’t make the decision for them.

Never stop learning and improving.

Module Monday October 3, 2022

by Leave a Comment

Here is a super handy module that is a bit old, but does the trick and has saved me a bunch of time. It’s called Merge-PDF. It does exactly what is says, and I know your thinking Adobe and other pdf writers can already do this…. How about needing to do it on a computer that doesn’t even have a pdf reader on it and you can merge based on variables? That’s how powerful this module is.

An example I use this for is when I have to prep a Purchase Order to be signed. I have to merge the quote and purchase order together. Now I just use a specific name for the quote and purchase order, then run my PowerShell, and it grabs the 2 files, merges them, names the file to the final document name per my template, then puts it in folder I need to from the parameters built into my script. If I wanted to I could even email them off to someone or import them into DocuSign.

PowerShell Gallery:
MergePdf/1.1

Creating an AD Security Group

by Leave a Comment

We’ve all had to create a security group before, but why not standardize it.

First, what fields are mandatory and helpful for creating a security group? We will need these to create parameters to make sure they are always filled out.

  • Security Group Name
  • Display Name
  • Description of Group
  • Credential

Then we create the function parameters as below. If you notice the Mandatory and help message in there, these will require these parameters to be entered in before running as well as give help if someone is unsure of what needs to be entered.

#Create Security Group
#Change the OU path if necessary

[CmdletBinding()]
param (
    [Parameter(Mandatory,HelpMessage='Name of Security Group')]
    [string]$Name,

    [Parameter(Mandatory,HelpMessage='Display Name of Security Group')]
    [string]$DisplayName,

    [Parameter(HelpMessage='Description of Security Group')]
    [string]$Description,

    [Parameter(Mandatory)]
    [ValidateNotNull()]
    [System.Management.Automation.PSCredential]
    [System.Management.Automation.Credential()]
    $Credential = [System.Management.Automation.PSCredential]::Empty

)

Then we apply these parameters to our code

New-ADGroup -Name $Name -Credential $Credential -SamAccountName $Name -GroupCategory Security -GroupScope Global -DisplayName $DisplayName -Path "OU=Security Groups,DC=domain,DC=local" -Description $Description -Confirm

As you can see I’ve hard coded the default OU Path, which you can easily change, or even create a variable for it too. Also you’ll notice that I put the “-Confirm” at the end, this will ask you again if you want to create it after you attempt to run it.

And that’s it! Now you can make sure you and your team always create AD Security Groups the same way. You can add more parameters if you like, check out the New-ADGroup Help for more info.

Import Users into AD with CSV

by Leave a Comment

The Intro

Tired of always trying to remember which fields you need to enter in AD and clicking through all the different tabs to fill them out? Or need consistency on how the AD fields are filled out from all techs? Or need HR to fill out the fields they know, then you just add the “IT” fields? This little script is for you. I’ll walk you through each step of the way, and if you have any questions feel free to reach out.

The Prep

  1. Find the fields you want to include in your template
  2. I recommend finding an already created user(or create one) who fits the template you want to use – and screenshot those fields to start with. As you can see below the field names don’t always match up with the exported headers.
  1. Export that User to CSV to see how they are entered
   $ADUserInfo = Read-Host "Enter user name for all information"
   $FileName = Read-Host "Template name"

   Get-ADUser $ADUserInfo -Properties * | Select-Object * | Export-Csv ".\$FileName.csv" -NoTypeInformation

   Read-Host -Prompt "Press Enter to exit"

Note This will export all fields associated with this user, and there will be many you do not use.

  1. Create a CSV (Named NewHire-Template.csv) with the header names of the fields you want to populate
  2. I’d recommend copying and pasting the header fields from your export to make sure there are no spelling errors. Placement of the fields doesn’t matter, but I’d keep them in logical order for readability. (See Figure 1.1)
  3. Input test user information
  4. Fill out the fields test user’s information then save. (See Figure 1.2)
Figure 1.1
Figure 1.2

The Script

  1. Open up your favorite Powershell editor(I’m using VSCode which I’d highly recommend)
  2. Create a file name “Add-ADUserCSVTemplate.ps1”
  3. First we need to make sure we have the ActiveDirectory Module
   #Import active directory module for running AD cmdlets 
   Import-Module ActiveDirectory
  1. Import the users information from the CSV you created earlier NewHire-Template.csv – Feel free to change the location if needed
    #Store the data from NewHire-Template.csv in the $ADUsers variable
    $ADUsers = Import-Csv "C:\scripts\NewHire-Template.csv"
  1. Define your UserPrincipleName, this will be your email domain
   # Define Domain
   $Domain = "yourdomain.com"
  1. Now we will match the CSV Headers with the AD Attributes and import them in for each user.
   # Loop through each row containing user details in the CSV file
   foreach ($User in $ADUsers) {

   #Read user data from each field in each row and assign the data to a variable as below
   $username = $User.UserName
   $password = $User.password
   $firstname = $User.firstname
   $lastname = $User.lastname
   $initials = $User.initials
   $OU = $User.ou #This field refers to the OU the user account is to be created in
   $email = $User.email
   $streetaddress = $User.streetaddress
   $city = $User.city
   $zipcode = $User.postalcode
   $state = $User.state
   $telephone = $User.officephone
   $mobilephone = $User.mobilephone
   $jobtitle = $User.jobtitle
   $company = $User.company
   $department = $User.department
   $homepage = $User.website
   $HomeDirectory = $User.HomeDirectory
   $HomeDrive = $User.HomeDrive
   $ScriptPath = $User.LogonScript
   $mailnickname = $User.mailnickname

Note The $User.xxxxx is the field that will be pulling from the csv, so you can name those csv headers whatever you want, but make sure it matches here and it will pull it into the corresponding variable.

  1. Lets check to make sure the user isn’t already there – This searches for the username as the SamAccountName and if it exists state it already exists
# Check to see if the user already exists in AD
    if (Get-ADUser -F { SamAccountName -eq $username }) {

        # If user does exist, give a warning
        Write-Warning "A user account with username $username already exists in Active Directory."
    }
  1. If user hasn’t been created, use the below information
else {

        $newUserParams = @{
            GivenName           = $firstname
            Surname             = $lastname
            Name                = "$firstname $lastname"
            DisplayName         = "$firstname $lastname"
            Initials            = $initials
            SamAccountName      = $username
            UserPrincipalName   = "$username@$Domain"
            EmailAddress        = $email
            Title               = $jobtitle
            StreetAddress       = $streetaddress
            City                = $city
            State               = $state
            PostalCode          = $zipcode
            Country             = $country
            Company             = $company
            OfficePhone         = $telephone
            MobilePhone         = $mobilephone
            Path                = $OU
            HomePage            = $HomePage
            Department          = $department
            HomeDirectory       = $HomeDirectory
            HomeDrive           = $HomeDrive
            Enabled             = $True
        }
  1. Create new user while not sending the password in plain text
       # Account will be created in the OU provided by the $OU variable read from the CSV file
        New-ADUser @newUserParams -AccountPassword (ConvertTo-secureString $password -AsPlainText -Force)
  1. Once user is created set the mailnickname and login script fields. I haven’t found an easy way to put it in the above parameters so that is why I have it seperated out here. Also in our environment we have to set mailnickname or hiding a user from the addressbook won’t work.
        #Sets Mailnickname and Logon Script
        Set-ADUser -identity $username -Replace @{mailnickname="$mailnickname"; ScriptPath="$scriptpath"}
  1. Now that we have all of the standard information and the new user is created, display that the user is created
       # If user is created, show message.
        Write-Host "The user account $username is created." -ForegroundColor Cyan
    }
}
  1. Then I like to put a pause at the end so I can see what was created and can exit when I want to
        Read-Host -Prompt "Press Enter to exit"

Conclusion

You did it! You created your first script to import bulk users into AD in there correct OU with all fields filled out. Now you or your colleagues do not have to guess what fields need to be filled out. Feel free to add/remove fields for your organization. What I would recommend if you have multiple OUs and locations is to create a CSV or if you have documentation for each role and copy the AD field information for that user so you don’t have to keep typing it. Eventually, I’ll have it automatically input from just typing in a number that is associated for that OU and for that location. If you only have one location, you could pre set that location and not need to put it into the CSV. Once that script is created, I’ll be sure to share.

Next Steps

A few ideas you could add besides the couple I just mentioned

  • Add to security groups
  • Add to distribution groups
  • Email HR that the email is ready
  • Add licensing
  • Trigger next step in the process

Hope this was helpful and makes your life easier! Let me what you think and how you changed it!