# Script Name: NewUserAccount.ps1

# Created On: 6-Aug-11

# Author: drew

# Purpose: Bulk creation of ActiveDirectory accounts for RMC Users based on a CSV file with specific fields.

# Requirements: 1. Must be ran by a user account with Ownership on the directory containing the profile & home directories.

# 2. Must be ran on a workstation/server with the RSAT tools for Win7/Server 2008R2 (for PoSH AD modules)

# 3. Must be ran by a user account with delegated permissions at the OU level allowing for user object creation.

# 4. CSV file must contain the following fields: GivenName, Surname, MiddleI, Site, UPN, Office, Phone, Nationality, EmployeeType, Title, Email

# Fields can be in any order but the header must be named exactly this. Additional contents of CSV are ignored.

# Usage: NewRMCUserAccount.ps1 -CSVPath "Path_To_CSV.csv"

# Notes: All fields that require customization for the specific environment have a comment preceeding them with the word "CHANGE".

# Reference: New-ADUser cmdlet: http://technet.microsoft.com/en-us/library/ee617253.aspx

param ( [ string ] $CSVPath )

Import - Module ActiveDirectory

$fileserver = "wunderdc.wunder.local" #CHANGE this to the name of the file server hosting the profiles/homedirs

$domain = "wunder.local" #CHANGE this to the domain.tld of the domain the accounts will be created in

function SetAcl ( [ string ] $Path , [ string ] $Access , [ string ] $Permission ) {

# Get ACL on Folder

$GetACL = Get-Acl $Path

# Set up AccessRule

$Allinherit = [ system.security.accesscontrol.InheritanceFlags ] "ContainerInherit, ObjectInherit"

$Allpropagation = [ system.security.accesscontrol.PropagationFlags ] "None"

$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule ( $Access , $Permission , $AllInherit , $Allpropagation , "Allow" )

# Check if Access Already Exists

if ( $GetACL .Access | Where { $_ .IdentityReference -eq $Access } ) {

$AccessModification = New-Object system.security.AccessControl.AccessControlModification

$AccessModification .value__ = 2

$Modification = $False

$GetACL .ModifyAccessRule ( $AccessModification , $AccessRule , [ ref ] $Modification ) | Out-Null

} else {

$GetACL .AddAccessRule ( $AccessRule )

}

Set-Acl -aclobject $GetACL -Path $Path

}

function CreateUser {

param ( $GivenName , $Surname , $MiddleI , [ string ] $Site , [ string ] $UPN , [ string ] $Office , [ string ] $Phone , `

[ string ] $Nationality , [ string ] $EmployeeType , [ string ] $Title , [ string ] $Email )

$new_firstname = $GivenName

$new_lastname = $Surname

if ( $MiddleI -ne $null ) {

$new_MiddleI = $MiddleI

$new_Name = $new_lastname + ", $new_firstname " + $new_MiddleI + "." }

else {

$new_Name = $new_lastname + ", $new_firstname" }

$new_site = $Site

$new_UPN = $UPN

$new_Office = $Office

$new_Phone = $Phone

$new_Email = $Email

$new_samAccountName = $new_site + "_" + $new_firstname .Substring ( 0 , 1 ) + $new_lastname

$new_Nationality = $Nationality

$new_EmployeeType = $EmployeeType

$new_Description = "$new_Nationality $new_EmployeeType" + ", $new_site $new_Office"

if ( $new_MiddleI -ne $null ) {

$new_DisplayName = $new_lastname + ", $new_firstname $new_MiddleI" + "."

}

else {

$new_displayName = $new_lastname + ", $new_firstname"

}

$new_Title = $Title

#CHANGE this to fit the proper OU structure of the domain

$OUPath = "OU=$new_site" + " Users,OU=$new_site" + ",OU=Wunder Users,DC=Wunder,DC=local"

$new_HomeDirectory = "\\$fileserver" + "\UserInfo\HomeDir\" + $new_site + "\$new_samAccountName"

$new_ProfilePath = "\\$fileserver" + "\UserInfo\TSProf\" + $new_site + "\$new_samAccountName"

New - ADUser `

- samAccountName $new_samAccountName `

-name $new_Name `

- AccountPassword ( ConvertTo-SecureString -AsPlainText "P@ssw0rd!!P@SSw0rd" -Force ) `

- Enabled $true `

-Path $OUPath `

- UserPrincipalName $new_UPN `

- ChangePasswordAtLogon $true `

- GivenName $new_firstname `

- Surname $new_lastname `

- Initials $new_MiddleI `

- Office $new_Office `

- OfficePhone $new_Phone `

-Description $new_Description `

-DisplayName $new_DisplayName `

-Title $new_Title `

- EmailAddress $new_Email `

- HomeDrive "J:" `

- HomeDirectory $new_HomeDirectory `

- ProfilePath $new_ProfilePath

New-Item - Type Directory -Path $new_HomeDirectory | Out-Null

SetAcl -Path $new_HomeDirectory - Access ( $domain + "\$new_samAccountName" ) - Permission Modify

New-Item - Type Directory -Path $new_ProfilePath | Out-Null

SetAcl -Path $new_ProfilePath - Access ( $domain + "\$new_samAccountName" ) - Permission Modify

Write-Host "Created User: $new_samAccountName"

}

$usersCSV = Import-CSV $CSVPath

foreach ( $entry in $usersCSV )

{

if ( $entry .MiddleInitial -eq "" ) { $entry .MiddleInitial = $null } #blank from CSV does not automatically count as $null... *boggle*

#CreateUser Params: $GivenName, $Surname, $MiddleI, $Site, $UPN, $Office, $Phone, $Nationality, $EmployeeType, $Title, $Email

#It does not matter what order the columns are in in the CSV, but they need to have the fields named in this exact way.

CreateUser `

$entry .GivenName `

$entry .Surname `

$entry .MiddleInitial `

$entry .Site `

$entry .EDIPI `

$entry .Department `

$entry .OfficeTelephone `

$entry .Nationality `

$entry .EmployeeType `

$entry .Title `

$entry .Email