Registering a user in Active Directory using PowerShell
I recently had an opportunity to work on an App Virtualization and Delivery Project. My job was to automate certain tasks using PowerShell. To make the life of my fellow developers a bit easier, I exposed REST APIs that any other service or client could call and that would invoke the PowerShell script, get the job done and then return a response with proper Status Codes and Messages to the calling party. It was a fascinating experience for me as I had never done this before.
The most important thing for dealing with Active Directory using PowerShell is the ActiveDirectory Module. All you have to do is import this module and you are done for the most part. To import the Active Directory Module, just type the below line:
Import-Module ActiveDirectory
Let us now directly jump into the PowerShell Script that does the magic of adding/registering the user to the Active Directory. I have tried my best to add relevant comments to the script and I hope they will be of help. If you still have any confusion or doubt, you can use the comments. Also I have provided the link to download the script at the end of the page. Feel free to tweak the script and play with it as much as you can.
PowerShell Script to add users to Active Directory:
#----------------------------------------------------------------- # Purpose : This Script registers the user who is signing up/registering, to the Active Directory. # Author : Sam Ray # Email : prac.codes@gmail.com # Input Parameters : FirstName LastName UserId Password #----------------------------------------------------------------- #-------------------------------------SCRIPT STARTS HERE-------------------------------------# # Forcing the script to stop at first encountered Error $ErrorActionPreference = "Stop" # PowerShell supports try-catch, hence using it for error handling Try { #Getting the first parameter passed (This parameter is the first name of the user) $FirstName = $args[0] #Getting the second parameter passed (This parameter is the lastname/surname of the user) $LastName = $args[1] # Getting the third parameter passed (This parameter is the userid e.g sam.ray@mycompany.com) $userid=$args[2] # Getting the SamAccountName i.e. the part before the @ symbol # PLEASE NOTE : SamAccountName must be unique for each user as it is used to add users to AD Groups. # Hence extracting it from the user id $splitUserName = $userid -split "@" # Splitting the userid $SamAccountName = $splitUserName[0] # Getting the SAMAccountName $DomainName = $splitUserName[1] # Getting the Domain name( e.g infinityhp.com) # If domain isn't mycompany.com, show error "Invalid Domain Name" if($DomainName -eq "mycompany.com") { #Getting the fourth parameter passed (User Entered Password) $Password = $args[3] # Taking the path into variable where users have to be created in AD $path = "OU=Production,OU=Tenants,DC=mycompany,DC=com" # Importing Active Directory Module Import-Module ActiveDirectory # Now Adding user to the AD using fetched information (User is Added to MyCompany\Users Group) New-ADUser -Name $SamAccountName -GivenName $FirstName -Surname $LastName -DisplayName $($FirstName + " " + $LastName) -SamAccountName $SamAccountName -UserPrincipalName $userid -AccountPassword ( ConvertTo-SecureString $Password -AsPlainText -Force) -Path $path -PassThru | Enable-ADAccount #Adding user to Production Group Add-ADGroupMember -Identity "Production Group" -Members $SamAccountName } else { Write-Host "Invalid Domain Name or Domain Name missing" } # Script ran successfully, returning success Write-Host "success" } catch{ # Some commandlet failed, returning failed Write-Host "failure" } #-------------------------------------SCRIPT ENDS HERE-------------------------------------#
You can download the script from the following link (hosted on Google Drive):
Download UserRegistrationToActiveDirectory PowerShell Script
Thanks!!
Download UserRegistrationToActiveDirectory PowerShell Script
Thanks!!
No comments:
Post a Comment
Thanks for your valuable comment