Improve company productivity with a Business Account.Sign Up

x
?
Solved

Create AD user from client and not server with powershell

Posted on 2016-08-04
4
Medium Priority
?
77 Views
Last Modified: 2016-08-04
I have not tested yet, but would I be able to create AD users from a workstation and not directory from the domain controller desktop using powershell?  Here is the script I have. It looks to work well on the server. I have not tried it from a workstation yet. Just wanted to get some advice first.  Would I need to have RSAT tools installed to do this from the workstation?


import-module activedirectory
$Input = Read-Host -Prompt "Input the user name as 'LastName, FirstName'"
$EmployeeID = Read-Host -Prompt "EmployeeID"
$Description = Read-Host -Prompt "Description"
$Department = Read-Host -Prompt "Department"
If ($Input -notmatch '\A\s*(?<LastName>\w+)\s*,\s*(?<FirstName>\w+)\s*\Z') {
	"Invalid input '$($Input)'" | Write-Error
	Exit 1
}
$LastName = $Matches['LastName']
$FirstName = $Matches['FirstName']

$ADUser = [ordered]@{}
$ADUser['Name'] =					"$($FirstName[0])$($LastName)"
$ADUser['SamAccountName'] =			"$($FirstName[0])$($LastName)"
$ADUser['GivenName'] =				$FirstName
$ADUser['Surname'] =				$LastName
$ADUser['DisplayName'] =			"$($FirstName) $($LastName)"
$ADUser['UserPrincipalName'] =		"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Path'] =					'OU=Staff,DC=homelab,DC=com'
$ADUser['AccountPassword'] =		ConvertTo-SecureString -AsPlainText 'P@ssw0rd' -Force
$ADUser['ChangePasswordAtLogon'] =	$True
$ADUser['Department'] =				$Department
$ADUser['Description'] =			$Description
$ADUser['EmailAddress'] =			"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Office'] =				$employeeID
$ADUser['Enabled'] =				$True
$ADUser['HomeDirectory'] =			"\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$ADUser['HomeDrive'] =				'H:'

"Creating a new user with the following properties:"
$ADUser.GetEnumerator() | Format-Table
New-ADUser @ADUser
Add-ADGroupMember "googleapps" –Member $($ADUser['SamAccountName'])
Add-ADGroupMember "yard-staff" –Member $($ADUser['SamAccountName'])

New-Item -type directory -path "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Acl = Get-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$($FirstName[0])$($LastName)","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])" $Acl

Open in new window

0
Comment
Question by:Roccat
  • 2
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 2000 total points
ID: 41743045
Yes. With RSAT installed, you would have the powershell ActiveDirectory module as well.
0
 

Author Comment

by:Roccat
ID: 41743056
Would I need to specify a server in the code or will it just work with the domain that the computer is joined to?
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 41743059
You don't have to specify a DC or domain.
0
 

Author Closing Comment

by:Roccat
ID: 41743180
Thank you!
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The PowerShell Core 6.0 of .NET release is just the beginning. The upcoming PowerShell Core 6.1 would have artificial intelligence and internet of things capabilities. So many things to look forward to in the upcoming release.
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question