Solved

Create AD user from client and not server with powershell

Posted on 2016-08-04
4
44 Views
Last Modified: 2016-08-04
I have not tested yet, but would I be able to create AD users from a workstation and not directory from the domain controller desktop using powershell?  Here is the script I have. It looks to work well on the server. I have not tried it from a workstation yet. Just wanted to get some advice first.  Would I need to have RSAT tools installed to do this from the workstation?


import-module activedirectory
$Input = Read-Host -Prompt "Input the user name as 'LastName, FirstName'"
$EmployeeID = Read-Host -Prompt "EmployeeID"
$Description = Read-Host -Prompt "Description"
$Department = Read-Host -Prompt "Department"
If ($Input -notmatch '\A\s*(?<LastName>\w+)\s*,\s*(?<FirstName>\w+)\s*\Z') {
	"Invalid input '$($Input)'" | Write-Error
	Exit 1
}
$LastName = $Matches['LastName']
$FirstName = $Matches['FirstName']

$ADUser = [ordered]@{}
$ADUser['Name'] =					"$($FirstName[0])$($LastName)"
$ADUser['SamAccountName'] =			"$($FirstName[0])$($LastName)"
$ADUser['GivenName'] =				$FirstName
$ADUser['Surname'] =				$LastName
$ADUser['DisplayName'] =			"$($FirstName) $($LastName)"
$ADUser['UserPrincipalName'] =		"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Path'] =					'OU=Staff,DC=homelab,DC=com'
$ADUser['AccountPassword'] =		ConvertTo-SecureString -AsPlainText 'P@ssw0rd' -Force
$ADUser['ChangePasswordAtLogon'] =	$True
$ADUser['Department'] =				$Department
$ADUser['Description'] =			$Description
$ADUser['EmailAddress'] =			"$($FirstName[0])$($LastName)@homelab.com"
$ADUser['Office'] =				$employeeID
$ADUser['Enabled'] =				$True
$ADUser['HomeDirectory'] =			"\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$ADUser['HomeDrive'] =				'H:'

"Creating a new user with the following properties:"
$ADUser.GetEnumerator() | Format-Table
New-ADUser @ADUser
Add-ADGroupMember "googleapps" –Member $($ADUser['SamAccountName'])
Add-ADGroupMember "yard-staff" –Member $($ADUser['SamAccountName'])

New-Item -type directory -path "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Acl = Get-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$($FirstName[0])$($LastName)","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "\\127.0.0.1\Share\$($ADUser['SamAccountName'])" $Acl

Open in new window

0
Comment
Question by:Roccat
  • 2
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 41743045
Yes. With RSAT installed, you would have the powershell ActiveDirectory module as well.
0
 

Author Comment

by:Roccat
ID: 41743056
Would I need to specify a server in the code or will it just work with the domain that the computer is joined to?
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 41743059
You don't have to specify a DC or domain.
0
 

Author Closing Comment

by:Roccat
ID: 41743180
Thank you!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question