<# .Synopsis Create new account with random password, save in Passwordstate .DESCRIPTION Create new Active Directory user account in the "ITD SERVICE" OU, randomly generate a password, and save it in Passwordstate .EXAMPLE New-ITDADServiceAccount -SamAccountName !itdtest01 -Description "app/sql db account" -ComputerName itdtest01.nd.gov -PasswordStateList CSRC -Credential #> function New-ITDADServiceAccountOLD { [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [string] $SamAccountName, [Parameter(Mandatory=$true)] [string] $Description, [Parameter(Mandatory=$true)] [string] $ComputerName, [Parameter(Mandatory=$true)] [ValidateSet("CSRC","CND","Linux","Office365","VMware","ZTEST")] [string] $PasswordstateList, [PSCredential] $Credential ) Begin { Write-Verbose "Validate credentials, stop script if invalid." If($Credential -eq "" -or $Credential -eq $null) { $Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential If($Credential -eq "" -or $Credential -eq $null) { Write-Warning "credentials missing - stopping script" break } If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false) { Write-Warning "Invalid credentials or locked account." break } } Write-Verbose "Confirm Passwordstate connection" If((Test-NetConnection -ComputerName itdpv.nd.gov).PingSucceeded) { } Else { Write-Warning "Passwordstate unavailable" break } Import-Module ActiveDirectory } Process { Write-Verbose "verify user account does not already exist, if it does, stop script" $userexists = Get-ADUser -Filter {sAMAccountName -eq $SamAccountName} If($userexists) { Write-Warning "$SamAccountName already exists" break } Write-Verbose "fix description if needed" If($Description -like "*1120*") { Write-Warning "Do not enter '1120' into the description, this will be done for you" Break } Write-Verbose "set OU, get passwordstate passwordlist information, set ADDescription" $OUdestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV" $PStateList = Get-ITDPasswordstatePasswordList -Name $PasswordstateList $ADDescription = "1120 - " + $Description <# removed 20181228 Write-Verbose "Generate new password" $PasswordGenerated = New-ITDRandomPassword $PasswordSecured = $PasswordGenerated | ConvertTo-SecureString -AsPlainText -Force Write-Verbose "add to passwordstate" $Date = Get-Date -UFormat "%Y/%m/%d @ %H:%M:%S" $Notes = "Automatically generated by $env:USERNAME on $Date" New-PasswordstateRecord -ListID $PStateList.ID -Title $ComputerName -Username "nd.gov\$SamAccountName" -APIkey $PStateList.APIkey -Password $PasswordGenerated -Description $Description -Notes $Notes #> New-ITDPasswordstateRecord -Title $ComputerName -Description $ADDescription -PSList $PasswordstateList -Username $SamAccountName -GeneratePassword Write-Verbose "create account in AD" New-ADUser -Name $SamAccountName ` -SamAccountName $SamAccountName ` -UserPrincipalName "$SamAccountName@nd.gov" ` -Description $ADDescription ` -DisplayName "$SamAccountName" ` -Path $OUdestination ` -AccountPassword $PasswordSecured ` -PasswordNeverExpires $true ` -Enabled $true ` -Credential $Credential } End { } }