Saturday, January 27, 2018

PowerShell Script to Create New Active Directory User

Below is the content of a nice script for creating individual Active Directory accounts. It prompts for user input, such as the User ID, first name, last name, etc. It uses variables to pass the values along to the rest of the script to use. It can also be helpful for cases where help desk staff get errors with the ADUC when they populate the home directory because in many cases, help desk personnel won't have access to create shares on file servers. This script sets that path but doesn't actually create the user share or directory.



# Prompt for User Input
$User = Read-Host -Prompt 'Enter individual User ID. For example: abc123'
$FirstName = Read-Host 'Enter individual First Name.'
$MiddleInitial = Read-Host 'Enter individual Middle Initial'
$LastName = Read-Host 'Enter individual Last Name'

# Set Additional Variables

$DisplayName = "$FirstName $MiddleInitial $LastName"

# Create User Account
New-ADUser -Name "$DisplayName" `
-sAMAccountName $User `
-GivenName $FirstName `
-Surname $LastName `
-DisplayName "$DisplayName" `
-Initial $MiddleInitial `
-Description 'Staff' `
-UserPrincipalName "$User@domain.com" `
-ScriptPath 'Staff.bat' `
-HomeDrive 'Z:' `
-HomeDirectory "\\ServerName\$User$" `
-AccountPassword (Read-Host -AsSecureString "AccountPassword")

# Add User to Company-Wide Email Group
Add-ADGroupMember ALL_Company $User

# Optionally you can use the below parameter to require the individual to use a Smartcard. That will require the User ID be changed to the certificate name\number.
# Set-ADUser -Identity $User -SmartcardLogonRequired $true

No comments:

Post a Comment