Active Directory Automation

Hi All,

when we create users, we have to manually put the user in the in the correct OU based on the location of the user, e.g. the user is based in Singapore, we put the user in the Singapore ou. we also have to add the user to specific groups etc.

is there a way to automate this process?

thank you in advance,
Kay
Kelly GarciaSenior Systems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
You can use this command from a powershell command like

New-ADUser -SamAccountName "Jsmith" -GivenName "John" -Surname "Smith" -DisplayName "John Smith" -Path 'CN=Users,DC=Company,DC=local'

You can also put this into a batch script like this. Save it as a .bat and give it a try.

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for SAMAccountName
:samName

REM If samName is blank go to Error prompt.  If username is entered prompt for given name
SET samName=
SET /P samName=Please enter samAccountName: 
IF "%samName%"=="" (goto samNameError) else (goto gName)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for Given Name
:gName

REM If given name is blank go to Error prompt.  If given name is entered prompt for surname
SET gName=
SET /P gname=Please enter your user given name: 
IF "%gName%"=="" (goto gNameError) else (goto sName)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for surname
:sName

REM If display name is blank go to Error prompt.  If username is entered prompt for AD Path
SET sname=
SET /P sname=Please enter your surname: 
IF "%sName%"=="" (goto sNameError) else (goto ADPath)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for AD Path
:ADPath

REM If path is blank go to Error prompt.  If username is entered prompt for path
SET pathName=
SET /P pathName=Please enter Active Directory Path: 
IF "%pathName%"=="" (goto pathNameError) else (goto AddUser)

:AddUser
New-ADUser -SamAccountName "%samName%" -GivenName "%gName%" -Surname "%sName%" -DisplayName "%gName% %sName%" -Path '%path%'

Goto Quit

REM SamAccountName Error Message
:samNameError
ECHO You did not enter a SamAccountName.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto samName) else (goto quit)

REM given name error Message
:gNameError
ECHO You did not enter a given name.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto gName) else (goto quit)

REM surname error Message
:sNameError
ECHO You did not enter a surname.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto sName) else (goto quit)

REM surname error Message
:sNameError
ECHO You did not enter a surname.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto sName) else (goto quit)

:Quit

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
If you always fill out identifying fields in AD like location, you can run a scrript to evaluate that and perform the necessary changes.
Kelly GarciaSenior Systems AdministratorAuthor Commented:
the problem is we will have to run these scripts manually, is there a way the script is automatically triggered as soon as the account is created?
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

Download eBook
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
You always trigger that manually in one or the other way. But you cannot trigger something automatically if a user is created.
Your best choice is to use a script to create the user and perform all necessary operations, similar to what nappy_d showed.
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Agreed with @Qlemo.

You would have some planning to do but based on the start I've sampled in my original post, it would be best if you had nested security, as well as role-based permissions, for your security groups.

This would assist with the script for creation of new users.

I can also show you how you can implement if statements for a feature command called if member.
Kelly GarciaSenior Systems AdministratorAuthor Commented:
I know there are utitlies like active roles, that  run scripts upon user creation. are there any others that you will recommend?
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Quest makes some great tools but this is not one that I've used.
Sam BloomCommented:
It really depends on the complexity of the task that you want to automate. If it's a small environment, a PowerShell script can be perfectly ok, but if you have long provisioning procedures with lots of rules to follow, there are advanced tools that let you put it all together.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Automation

From novice to tech pro — start learning today.