0

I work on second line in my company, and we have a small number of our triage analysts who create the standard AD User accounts on our domain. A lot of the time, they seem to do something wrong, be it they've put the AD account in the wrong OU, or they have, yet again, forgotten to put the correct profile path in.

I'm looking for a template that I can implement in the team that will allow myself along with the other work I do to just take the requests, bung them into a batch and click run and not need to worry about what happens.

I'm not very good at creating scripts myself, and I was wondering if anybody had a template lying around?

I would like to be able to fill

  • First Name
  • Last Name
  • Display Name
  • Description
  • Office
  • Telephone Number
  • Email
  • Logon script
  • home folder to map to a network share

Along with this I would like to be able to place the AD object in a specific OU and add the object to certain Security Groups.

Is anybody able to help?

MDMarra
  • 100,734
  • 32
  • 197
  • 329
Sanial
  • 1

1 Answers1

5

This is pretty complex. You're essentially saying "I'm not very good at scripting and I don't want to learn. Someone, please do this complex task for me." That's not how it works here. You're supposed to be a professional, and scripting is a fundemental activity for any SA worth their salt. That said, I'll help you out and suggest that you start learning some PowerShell, it will carry you a long way.

You can read a file by using Get-Content and you can read a csv by doing Import-Csv. These two are the foundation for batch processing information in PowerShell. You can then pipe | that output to ForEach-Object { some commands here }, which will allow you to run a set of commands using the information in each line of the text or csv file that is your source. The $_ variable is a special variable that means "Whatever is currently in the pipeline." Learn how to work with this. PowerShell is almost useless without it.

To create new user accounts, you'll want to use the AD module for PowerShell. You can install this by enabling "command line tools" in RSAT. Then, as the first line of your script, run Import-Module ActiveDirectory. This will allow you to use these PowerShell specific tools in your script. After the module is imported, you'll want to use either New-ADUser or Set-ADUser to create new accounts or modify the permissions of existing accounts.

If you need help or examples of how to use any of these, you can always run Get-Help <cmdlet> -full or Get-Help <cmdlet> -examples. For example, if you want to know more about New-ADUser you would run Get-Help Get-ADUser -full.

Seriously, learn PowerShell or another scripting language (I suggest PowerShell if you're mainly a Windows admin). There's no excuse not to know how to script if you're a competent SA.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • 3
    +1 for `There's no excuse not to know how to script if you're a competent SA.` -- A sysadmin who can't write scripts isn't really very useful. – voretaq7 Jul 02 '12 at 17:56