update
This commit is contained in:
Zack Meier
+123
@@ -0,0 +1,123 @@
|
||||
<#
|
||||
.SYNOPSIS
|
||||
A short one-line action-based description, e.g. 'Tests if a function is valid'
|
||||
.DESCRIPTION
|
||||
A longer description of the function, its purpose, common use cases, etc.
|
||||
.NOTES
|
||||
Information or caveats about the function e.g. 'This function is not supported in Linux'
|
||||
.LINK
|
||||
Specify a URI to a help page, this will show when Get-Help -Online is used.
|
||||
.EXAMPLE
|
||||
Test-MyTestFunction
|
||||
Explanation of the function or its result. You can include multiple examples with additional .EXAMPLE lines
|
||||
#>
|
||||
|
||||
function New-ITDADServiceAccount {
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
[string]
|
||||
$SamAccountName,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[string]
|
||||
$Description,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
|
||||
[string]
|
||||
$PasswordstateList,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[string]
|
||||
$PasswordstateTitle,
|
||||
|
||||
[string]
|
||||
$PasswordstateNotes,
|
||||
|
||||
[pscredential]
|
||||
$Credential
|
||||
)
|
||||
|
||||
begin {
|
||||
|
||||
}
|
||||
|
||||
process {
|
||||
Write-Verbose -Message "Verify if user object already exists in Active Directory"
|
||||
try {
|
||||
If (Get-ADUser -Identity $SamAccountName) {
|
||||
$ADUserExists = $true
|
||||
}
|
||||
}
|
||||
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
|
||||
Write-Verbose -Message "Active Directory user object not found"
|
||||
$ADUserExists = $false
|
||||
}
|
||||
catch {
|
||||
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available" -ErrorAction $Stop
|
||||
}
|
||||
|
||||
Write-Verbose -Message "ADUser exists $ADUserExists"
|
||||
|
||||
switch ($ADUserExists) {
|
||||
Default {
|
||||
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available"
|
||||
}
|
||||
$true {
|
||||
Write-Error -Message "AD user object with $SamAccountName SamAccountName already exists."
|
||||
}
|
||||
$false {
|
||||
Write-Verbose -Message "Create Passwordstate record"
|
||||
$NewITDPasswordParams = @{
|
||||
PasswordList = $PasswordstateList;
|
||||
Title = $PasswordstateTitle;
|
||||
Description = $Description;
|
||||
UserName = ("ndgov\$SamAccountName");
|
||||
Credential = $Credential;
|
||||
}
|
||||
|
||||
switch ($PSBoundParameters.Keys) {
|
||||
PasswordStateNotes {
|
||||
$NewITDPasswordParams.Notes = $PasswordstateNotes
|
||||
}
|
||||
}
|
||||
|
||||
$NewITDPasswordResult = New-ITDPassword @NewITDPasswordParams -ErrorAction Stop
|
||||
|
||||
If ($NewITDPasswordResult) {
|
||||
Write-Verbose -Message "Create AD account"
|
||||
$OuDestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV"
|
||||
|
||||
$DCtoUse = Get-ADDomainController -DomainName nd.gov -Discover -Site "Default-First-Site-Name"
|
||||
|
||||
$NewADUserParams = @{
|
||||
Name = $SamAccountName;
|
||||
SamAccountName = $SamAccountName;
|
||||
UserPrincipalName = "$SamAccountName@nd.gov";
|
||||
Description = "1120 - $Description";
|
||||
Surname = "$SamAccountName";
|
||||
DisplayName = "$SamAccountName";
|
||||
Path = $OuDestination;
|
||||
AccountPassword = $NewITDPasswordResult.Password;
|
||||
PasswordNeverExpires = $true;
|
||||
Enabled = $true;
|
||||
Credential = $Credential;
|
||||
Server = $DCtoUse;
|
||||
}
|
||||
|
||||
#try {
|
||||
Write-Verbose -Message "Attempt New-ADUser"
|
||||
New-ADUser @NewADUserParams
|
||||
#}
|
||||
#catch {
|
||||
#Write-Error $error[0]
|
||||
#}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
end {
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user