?
Solved

Create AD user from client and not server with powershell

Posted on 2016-08-04
4
Medium Priority
?
75 Views
Last Modified: 2016-08-04
I have not tested yet, but would I be able to create AD users from a workstation and not directory from the domain controller desktop using powershell?  Here is the script I have. It looks to work well on the server. I have not tried it from a workstation yet. Just wanted to get some advice first.  Would I need to have RSAT tools installed to do this from the workstation?


import-module activedirectory
$Input = Read-Host -Prompt "Input the user name as 'LastName, FirstName'"
$EmployeeID = Read-Host -Prompt "EmployeeID"
$Description = Read-Host -Prompt "Description"
$Department = Read-Host -Prompt "Department"
If ($Input -notmatch '\A\s*(?<LastName>\w+)\s*,\s*(?<FirstName>\w+)\s*\Z') {
	"Invalid input '$($Input)'" | Write-Error
	Exit 1
}
$LastName = $Matches['LastName']
$FirstName = $Matches['FirstName']

$ADUser = [ordered]@{}
$ADUser['Name'] =					"$($FirstName[0])$($LastName)"
$ADUser['SamAccountName'] =			"$($FirstName[0])$($LastName)"
$ADUser['GivenName'] =				$FirstName
$ADUser['Surname'] =				$LastName
$ADUser['DisplayName'] =			"$($FirstName) $($LastName)"
$ADUser['UserPrincipalName'] =		"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Path'] =					'OU=Staff,DC=homelab,DC=com'
$ADUser['AccountPassword'] =		ConvertTo-SecureString -AsPlainText 'P@ssw0rd' -Force
$ADUser['ChangePasswordAtLogon'] =	$True
$ADUser['Department'] =				$Department
$ADUser['Description'] =			$Description
$ADUser['EmailAddress'] =			"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Office'] =				$employeeID
$ADUser['Enabled'] =				$True
$ADUser['HomeDirectory'] =			"\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$ADUser['HomeDrive'] =				'H:'

"Creating a new user with the following properties:"
$ADUser.GetEnumerator() | Format-Table
New-ADUser @ADUser
Add-ADGroupMember "googleapps" –Member $($ADUser['SamAccountName'])
Add-ADGroupMember "yard-staff" –Member $($ADUser['SamAccountName'])

New-Item -type directory -path "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Acl = Get-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$($FirstName[0])$($LastName)","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])" $Acl

Open in new window

0
Comment
Question by:Roccat
  • 2
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 2000 total points
ID: 41743045
Yes. With RSAT installed, you would have the powershell ActiveDirectory module as well.
0
 

Author Comment

by:Roccat
ID: 41743056
Would I need to specify a server in the code or will it just work with the domain that the computer is joined to?
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 41743059
You don't have to specify a DC or domain.
0
 

Author Closing Comment

by:Roccat
ID: 41743180
Thank you!
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question