Michael Leonard
asked on
powershell question - need assistance
hello can someone provide a way that I can change these scripts below to use an input TXT or CSV file, so that we do not have to run this one by one to create users and groups.
script #1 - we need to add a variable to pull from an input CSV file for bulk creation:
script #2 - same requirement for group creation:
script #1 - we need to add a variable to pull from an input CSV file for bulk creation:
$sj = New-PAMUser –SourceDomain mydomain.com –SourceAccountName jsmith
$jp = ConvertTo-SecureString "Pass@word2" –asplaintext –force
Set-ADAccountPassword –identity priv.jsmith –NewPassword $jp
Set-ADUser –identity priv.jsmith –Enabled 1
script #2 - same requirement for group creation:
$ca = get-credential –UserName admin@mydomain.com –Message "CORP forest domain admin credentials"
$pg = New-PAMGroup –SourceGroupName "group1priv2" –SourceDomain mydomain.com –SourceDC dc1.mydomain.com –Credentials $ca
$pr = New-PAMRole –DisplayName "priv.group1priv2" –Privileges $pg –Candidates $sj
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
#2 does not fit into a loop, because both scripts are connected - you use the new PAM user created in #1 for #2. You can do that only if you expand the CSV above to contain a single line per user for both parts, and I'm not sure that makes sense, to create a new PAM group for each user? I'm not knowing anything about PAM (Privileged Access Management) and related stuff, by the way.
incomplete code since I have no source data
function add-myusers{
$users= import-csv -Path mylist.csv
foreach ($user in $users)
{
$sj = New-PAMUser -SourceDomain mydomain.com -SourceAccountName $user.Name
$jp = ConvertTo-SecureString "Pass@word2" -asplaintext -force
$newid = 'priv.' + $user.name
Set-ADAccountPassword -identity $newid -NewPassword $jp
Set-ADUser -identity $newid -Enabled 1
}
}
function add-newgroup{
users= import-csv -Path mylist.csv
foreach ($group in $groups){
$pg = New-PAMGroup -SourceGroupName $group.name -SourceDomain mydomain.com -SourceDC dc1.mydomain.com -Credentials $ca
$newid = 'priv.' + $group.name
$pr = New-PAMRole -DisplayName $newid -Privileges $pg -Candidates $sj
}
$ca = get-credential -UserName admin@mydomain.com -Message "CORP forest domain admin credentials"
$valid = $false
do {
write-host("1 for add users")
write-host("2 add group")
$myswitch = read-host "Enter 1 or 2"
switch ($myswitch){
1 { $valid = $true; add-myusers; break }
2 { $valid = $true; add-newgroup; break }
}
} while ($valid -eq $false)
ASKER
excellent. thanks Qlemo!
I don't feel like I have really answered your question ...