Zack Meier
123 lines
4.3 KiB
PowerShell
123 lines
4.3 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
A short one-line action-based description, e.g. 'Tests if a function is valid'
|
|
.DESCRIPTION
|
|
A longer description of the function, its purpose, common use cases, etc.
|
|
.NOTES
|
|
Information or caveats about the function e.g. 'This function is not supported in Linux'
|
|
.LINK
|
|
Specify a URI to a help page, this will show when Get-Help -Online is used.
|
|
.EXAMPLE
|
|
Test-MyTestFunction
|
|
Explanation of the function or its result. You can include multiple examples with additional .EXAMPLE lines
|
|
#>
|
|
|
|
function New-ITDADServiceAccount {
|
|
[CmdletBinding()]
|
|
param (
|
|
[string]
|
|
$SamAccountName,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]
|
|
$Description,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
|
|
[string]
|
|
$PasswordstateList,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]
|
|
$PasswordstateTitle,
|
|
|
|
[string]
|
|
$PasswordstateNotes,
|
|
|
|
[pscredential]
|
|
$Credential
|
|
)
|
|
|
|
begin {
|
|
|
|
}
|
|
|
|
process {
|
|
Write-Verbose -Message "Verify if user object already exists in Active Directory"
|
|
try {
|
|
If (Get-ADUser -Identity $SamAccountName) {
|
|
$ADUserExists = $true
|
|
}
|
|
}
|
|
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
|
|
Write-Verbose -Message "Active Directory user object not found"
|
|
$ADUserExists = $false
|
|
}
|
|
catch {
|
|
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available" -ErrorAction $Stop
|
|
}
|
|
|
|
Write-Verbose -Message "ADUser exists $ADUserExists"
|
|
|
|
switch ($ADUserExists) {
|
|
Default {
|
|
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available"
|
|
}
|
|
$true {
|
|
Write-Error -Message "AD user object with $SamAccountName SamAccountName already exists."
|
|
}
|
|
$false {
|
|
Write-Verbose -Message "Create Passwordstate record"
|
|
$NewITDPasswordParams = @{
|
|
PasswordList = $PasswordstateList;
|
|
Title = $PasswordstateTitle;
|
|
Description = $Description;
|
|
UserName = ("ndgov\$SamAccountName");
|
|
Credential = $Credential;
|
|
}
|
|
|
|
switch ($PSBoundParameters.Keys) {
|
|
PasswordStateNotes {
|
|
$NewITDPasswordParams.Notes = $PasswordstateNotes
|
|
}
|
|
}
|
|
|
|
$NewITDPasswordResult = New-ITDPassword @NewITDPasswordParams -ErrorAction Stop
|
|
|
|
If ($NewITDPasswordResult) {
|
|
Write-Verbose -Message "Create AD account"
|
|
$OuDestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV"
|
|
|
|
$DCtoUse = Get-ADDomainController -DomainName nd.gov -Discover -Site "Default-First-Site-Name"
|
|
|
|
$NewADUserParams = @{
|
|
Name = $SamAccountName;
|
|
SamAccountName = $SamAccountName;
|
|
UserPrincipalName = "$SamAccountName@nd.gov";
|
|
Description = "1120 - $Description";
|
|
Surname = "$SamAccountName";
|
|
DisplayName = "$SamAccountName";
|
|
Path = $OuDestination;
|
|
AccountPassword = $NewITDPasswordResult.Password;
|
|
PasswordNeverExpires = $true;
|
|
Enabled = $true;
|
|
Credential = $Credential;
|
|
Server = $DCtoUse;
|
|
}
|
|
|
|
#try {
|
|
Write-Verbose -Message "Attempt New-ADUser"
|
|
New-ADUser @NewADUserParams
|
|
#}
|
|
#catch {
|
|
#Write-Error $error[0]
|
|
#}
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
end {
|
|
|
|
}
|
|
} |