<# .SYNOPSIS A short one-line action-based description, e.g. 'Tests if a function is valid' .DESCRIPTION A longer description of the function, its purpose, common use cases, etc. .NOTES Information or caveats about the function e.g. 'This function is not supported in Linux' .LINK Specify a URI to a help page, this will show when Get-Help -Online is used. .EXAMPLE Test-MyTestFunction Explanation of the function or its result. You can include multiple examples with additional .EXAMPLE lines #> function New-ITDADServiceAccount { [CmdletBinding()] param ( [string] $SamAccountName, [Parameter(Mandatory = $true)] [string] $Description, [Parameter(Mandatory = $true)] [ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')] [string] $PasswordstateList, [Parameter(Mandatory = $true)] [string] $PasswordstateTitle, [string] $PasswordstateNotes, [pscredential] $Credential ) begin { } process { Write-Verbose -Message "Verify if user object already exists in Active Directory" try { If (Get-ADUser -Identity $SamAccountName) { $ADUserExists = $true } } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { Write-Verbose -Message "Active Directory user object not found" $ADUserExists = $false } catch { Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available" -ErrorAction $Stop } Write-Verbose -Message "ADUser exists $ADUserExists" switch ($ADUserExists) { Default { Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available" } $true { Write-Error -Message "AD user object with $SamAccountName SamAccountName already exists." } $false { Write-Verbose -Message "Create Passwordstate record" $NewITDPasswordParams = @{ PasswordList = $PasswordstateList; Title = $PasswordstateTitle; Description = $Description; UserName = ("ndgov\$SamAccountName"); Credential = $Credential; } switch ($PSBoundParameters.Keys) { PasswordStateNotes { $NewITDPasswordParams.Notes = $PasswordstateNotes } } $NewITDPasswordResult = New-ITDPassword @NewITDPasswordParams -ErrorAction Stop If ($NewITDPasswordResult) { Write-Verbose -Message "Create AD account" $OuDestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV" $DCtoUse = Get-ADDomainController -DomainName nd.gov -Discover -Site "Default-First-Site-Name" $NewADUserParams = @{ Name = $SamAccountName; SamAccountName = $SamAccountName; UserPrincipalName = "$SamAccountName@nd.gov"; Description = "1120 - $Description"; Surname = "$SamAccountName"; DisplayName = "$SamAccountName"; Path = $OuDestination; AccountPassword = $NewITDPasswordResult.Password; PasswordNeverExpires = $true; Enabled = $true; Credential = $Credential; Server = $DCtoUse; } #try { Write-Verbose -Message "Attempt New-ADUser" New-ADUser @NewADUserParams #} #catch { #Write-Error $error[0] #} } } } } end { } }