How To Automate a PowerShell Daily Administrative Work In 3 Steps
Laziness is the engine of progress …
So, after finding some free time we have decided to automate a fairly routine task for each system administrator – creating and deleting users.
1. PowerShell
It all started with the creation of a script on PowerShell, where the console was prompted to enter user data. As a result, the Active Directory user was created in the corresponding OU, with the fields filled in.
$files = Get-ChildItem -LiteralPath \\server\users$ -Include *.txt -File foreach ($file in $files) { $text = Get-Content -Path $file.FullName $data = $text.Split(";") $action = $data[0] $name = $data[1] $lastName = $data[2] $password = $data[3] $project = $data[4] $position = $data[5] $pc = $data[6] if ($action -eq "Add") { createADUser $name $lastName $project $position $password $pc } elseif ($action -eq "Suspend") { disableAdUser ("$name.$lastName") } $file.Delete() } function createADUser($name, $lastName, $project, $position, $password, $pc) { $office = "Head Office" $path = "OU=Users,DC=corp,DC=mydomain,DC=com" $login = "$name.$lastName".ToLower() if ($project -ne "") { $path = "OU=$project,$path" } if ($password -eq "") { $password = "12345678" } New-ADUser -Name "$name $lastName" -DisplayName "$name $lastName" -GivenName $name -Surname $lastName -SamAccountName $login -UserPrincipalName "$login@corp.mydomain.com" -Path $path -Enabled $true -AccountPassword (ConvertTo-SecureString -AsPlainText $password -Force) Set-ADUser -Identity "$name.$lastName" -Department $projectName -Title $position -Office $office -ChangePasswordAtLogon $true -EmailAddress "$login@mydomain.com" Set-ADAccountPassword -Identity "$name.$lastName" -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force) Add-ADGroupMember -Identity GroupName -Members "$name.$lastName" if ($pc -ne "") { Set-ADUser -Identity "$name.$lastName" -Description $pc.ToUpper() setAdmin $pc $login setPcConfig $pc setPcOwner $pc $login } sendMail "$login has been created" } function disableAdUser ($user) { $userObj = Get-ADUser -Identity $user Set-ADUser -Identity $user -Enabled 0 Move-ADObject -Identity $userObj -TargetPath "OU=Fired_users,OU=Users,DC=corp,DC=mydomain,DC=com" sendMail "$user has been disabled" }
2. Google Apps Script
Next, we create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful Apps Script service. It is based on JavaScript. The abundance of documentation and a little programming experience helped to sort this out. Here similarly we transfer the given functions – the account is created.
With the same tool, we modify the Welcome-letter template, replacing% username%, etc. for real data and send pdf to HR, the boss, the new user and of course to himself.
function createUser(name, lastName, gender, groups, password, title, department) { var userMail = email((name + "." + lastName).toLowerCase()); var admin = email("admin"); var recipients = admin + "," + email("hr") + "," + email("boss"); var subject = "Welcome! " + name + " " + lastName + " - " + title; var body = "Welcome to the jungle"; var attachment = makeWelcome(name, lastName, password); var resource = { "name": { "familyName": lastName, "givenName": name }, "password": password, "primaryEmail": userMail, "changePasswordAtNextLogin": true, "organizations": [{ "title": title, "department": department }], "gender": { "type": gender } } AdminDirectory.Users.insert(resource); Logger.log(userMail + "'S BEEN CREATED"); for (var i = 0; i < groups.length; i++) { addMember(groups[i], userMail); } var options = { "attachments": [attachment], "name": "Sysadmin" } MailApp.sendEmail(recipients, subject, body, options); MailApp.sendEmail(userMail, "Welcome!", body, options); }
3. UI, Automation
Of course, entering data from two consoles is not the result we would like to get. In this way, the Google form for data was created. Scripts are added to the schedule for a repeat every 5 minutes.
After working Google script, through Backup and Sync (GDrive), the data as a text file is transferred to the local network. Here, PowerShell taking everything under the control and starts parsing the file and creates an AD user.