Zack Meier
118 lines
4.1 KiB
PowerShell
118 lines
4.1 KiB
PowerShell
<#
|
|
.Synopsis
|
|
Create new account with random password, save in Passwordstate
|
|
.DESCRIPTION
|
|
Create new Active Directory user account in the "ITD SERVICE" OU, randomly generate a password, and save it in Passwordstate
|
|
.EXAMPLE
|
|
New-ITDADServiceAccount -SamAccountName !itdtest01 -Description "app/sql db account" -ComputerName itdtest01.nd.gov -PasswordStateList CSRC -Credential <PSCredential>
|
|
#>
|
|
function New-ITDADServiceAccountOLD
|
|
{
|
|
[CmdletBinding()]
|
|
Param
|
|
(
|
|
[Parameter(Mandatory=$true)]
|
|
[string]
|
|
$SamAccountName,
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[string]
|
|
$Description,
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[string]
|
|
$ComputerName,
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[ValidateSet("CSRC","CND","Linux","Office365","VMware","ZTEST")]
|
|
[string]
|
|
$PasswordstateList,
|
|
|
|
[PSCredential]
|
|
$Credential
|
|
)
|
|
|
|
Begin
|
|
{
|
|
Write-Verbose "Validate credentials, stop script if invalid."
|
|
If($Credential -eq "" -or $Credential -eq $null)
|
|
{
|
|
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
|
|
If($Credential -eq "" -or $Credential -eq $null)
|
|
{
|
|
Write-Warning "credentials missing - stopping script"
|
|
break
|
|
}
|
|
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
|
|
{
|
|
Write-Warning "Invalid credentials or locked account."
|
|
break
|
|
}
|
|
}
|
|
|
|
Write-Verbose "Confirm Passwordstate connection"
|
|
If((Test-NetConnection -ComputerName itdpv.nd.gov).PingSucceeded)
|
|
{
|
|
}
|
|
Else
|
|
{
|
|
Write-Warning "Passwordstate unavailable"
|
|
break
|
|
}
|
|
|
|
Import-Module ActiveDirectory
|
|
}
|
|
Process
|
|
{
|
|
Write-Verbose "verify user account does not already exist, if it does, stop script"
|
|
$userexists = Get-ADUser -Filter {sAMAccountName -eq $SamAccountName}
|
|
If($userexists)
|
|
{
|
|
Write-Warning "$SamAccountName already exists"
|
|
break
|
|
}
|
|
|
|
Write-Verbose "fix description if needed"
|
|
If($Description -like "*1120*")
|
|
{
|
|
Write-Warning "Do not enter '1120' into the description, this will be done for you"
|
|
Break
|
|
|
|
}
|
|
|
|
Write-Verbose "set OU, get passwordstate passwordlist information, set ADDescription"
|
|
$OUdestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV"
|
|
$PStateList = Get-ITDPasswordstatePasswordList -Name $PasswordstateList
|
|
$ADDescription = "1120 - " + $Description
|
|
|
|
<# removed 20181228
|
|
Write-Verbose "Generate new password"
|
|
$PasswordGenerated = New-ITDRandomPassword
|
|
$PasswordSecured = $PasswordGenerated | ConvertTo-SecureString -AsPlainText -Force
|
|
|
|
Write-Verbose "add to passwordstate"
|
|
$Date = Get-Date -UFormat "%Y/%m/%d @ %H:%M:%S"
|
|
$Notes = "Automatically generated by $env:USERNAME on $Date"
|
|
New-PasswordstateRecord -ListID $PStateList.ID -Title $ComputerName -Username "nd.gov\$SamAccountName" -APIkey $PStateList.APIkey -Password $PasswordGenerated -Description $Description -Notes $Notes
|
|
#>
|
|
|
|
New-ITDPasswordstateRecord -Title $ComputerName -Description $ADDescription -PSList $PasswordstateList -Username $SamAccountName -GeneratePassword
|
|
|
|
Write-Verbose "create account in AD"
|
|
New-ADUser -Name $SamAccountName `
|
|
-SamAccountName $SamAccountName `
|
|
-UserPrincipalName "$SamAccountName@nd.gov" `
|
|
-Description $ADDescription `
|
|
-DisplayName "$SamAccountName" `
|
|
-Path $OUdestination `
|
|
-AccountPassword $PasswordSecured `
|
|
-PasswordNeverExpires $true `
|
|
-Enabled $true `
|
|
-Credential $Credential
|
|
|
|
|
|
}
|
|
End
|
|
{
|
|
}
|
|
} |