Active Directory Automation

Kelly Garcia
Kelly Garcia used Ask the Experts™
on
Hi All,

when we create users, we have to manually put the user in the in the correct OU based on the location of the user, e.g. the user is based in Singapore, we put the user in the Singapore ou. we also have to add the user to specific groups etc.

is there a way to automate this process?

thank you in advance,
Kay
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
There are a 1000 ways to skin the technology cat.
Commented:
You can use this command from a powershell command like

New-ADUser -SamAccountName "Jsmith" -GivenName "John" -Surname "Smith" -DisplayName "John Smith" -Path 'CN=Users,DC=Company,DC=local'

You can also put this into a batch script like this. Save it as a .bat and give it a try.

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for SAMAccountName
:samName

REM If samName is blank go to Error prompt.  If username is entered prompt for given name
SET samName=
SET /P samName=Please enter samAccountName: 
IF "%samName%"=="" (goto samNameError) else (goto gName)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for Given Name
:gName

REM If given name is blank go to Error prompt.  If given name is entered prompt for surname
SET gName=
SET /P gname=Please enter your user given name: 
IF "%gName%"=="" (goto gNameError) else (goto sName)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for surname
:sName

REM If display name is blank go to Error prompt.  If username is entered prompt for AD Path
SET sname=
SET /P sname=Please enter your surname: 
IF "%sName%"=="" (goto sNameError) else (goto ADPath)

@ECHO OFF
setlocal
REM Clear Screen of information
cls
REM Prompt for AD Path
:ADPath

REM If path is blank go to Error prompt.  If username is entered prompt for path
SET pathName=
SET /P pathName=Please enter Active Directory Path: 
IF "%pathName%"=="" (goto pathNameError) else (goto AddUser)

:AddUser
New-ADUser -SamAccountName "%samName%" -GivenName "%gName%" -Surname "%sName%" -DisplayName "%gName% %sName%" -Path '%path%'

Goto Quit

REM SamAccountName Error Message
:samNameError
ECHO You did not enter a SamAccountName.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto samName) else (goto quit)

REM given name error Message
:gNameError
ECHO You did not enter a given name.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto gName) else (goto quit)

REM surname error Message
:sNameError
ECHO You did not enter a surname.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto sName) else (goto quit)

REM surname error Message
:sNameError
ECHO You did not enter a surname.
SET passRetry=
SET /P passRetry=Retry? (y, then enter or press enter to exit):
IF /i "%passRetry%"=="y" (goto sName) else (goto quit)

:Quit

Open in new window

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
If you always fill out identifying fields in AD like location, you can run a scrript to evaluate that and perform the necessary changes.
Kelly GarciaSenior Systems Administrator

Author

Commented:
the problem is we will have to run these scripts manually, is there a way the script is automatically triggered as soon as the account is created?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
You always trigger that manually in one or the other way. But you cannot trigger something automatically if a user is created.
Your best choice is to use a script to create the user and perform all necessary operations, similar to what nappy_d showed.
nappy_dThere are a 1000 ways to skin the technology cat.

Commented:
Agreed with @Qlemo.

You would have some planning to do but based on the start I've sampled in my original post, it would be best if you had nested security, as well as role-based permissions, for your security groups.

This would assist with the script for creation of new users.

I can also show you how you can implement if statements for a feature command called if member.
Kelly GarciaSenior Systems Administrator

Author

Commented:
I know there are utitlies like active roles, that  run scripts upon user creation. are there any others that you will recommend?
nappy_dThere are a 1000 ways to skin the technology cat.

Commented:
Quest makes some great tools but this is not one that I've used.
It really depends on the complexity of the task that you want to automate. If it's a small environment, a PowerShell script can be perfectly ok, but if you have long provisioning procedures with lots of rules to follow, there are advanced tools that let you put it all together.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial