Thursday, June 28, 2012

Powershell scripts for AD-deployments

Some usefull scripts for AD-deployment in server 2008 r2 with powershell.

To Create homefolders:

$dataSource=import-csv “users.csv”
Set-Location "d:\data\users"
 


foreach($dataRecord in $datasource) {
$name=$dataRecord.FirstName + ”.” + $dataRecord.LastName
 
New-Item $name -type directory
}

To create the users:

#Change here to correspond to your domainenvironment
$objOU=[ADSI]“LDAP://OU=ClientUsers,DC=contoso,DC=local”

#Set homedir if needed remove if dont
$homedrive="h:"
$homedir="\\fileserver\users\"

$dataSource=import-csv “users.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName

#check if lastname is empty.
if (!$dataRecord.LastName) {
$dataRecord.LastName=" "
$sAMAccountName=$dataRecord.FirstName
}
else {
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName

}

$givenName=$dataRecord.FirstName
write-host "Creating user :"$sAMAccountName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()

$displayName=$sn + “ ” + $givenName

$homediruser=$homedir+""+$sAMAccountName
$userPrincipalName=$sAMAccountName + “@sb.local”
$objUser=$objOU.Create('user','CN='+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
#remove below if homedrive isn't used.
$objUser.Put("HomeDrive",$homedrive)
$objUser.Put("HomeDirectory",$homediruser)
$objUser.SetInfo()
$objUser.SetPassword("P@ssw0rd")
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.SetInfo()
write-host "User :"$sAMAccountName" created"

}
write-host "Users created"

 

Above script imports users from csv file looking like this:

FirstName,LastName
John,Doe

 

Also to set permissions the following might work, i’ve already forgotten. anyways it might almost work with some modifications.

 

#script to give full control NTFS permissions on a directory to the domain user with the same name of that directory

#script settings

$domain = “contoso.local”

$root = “d:\data\users\”

#don’t edit below here
$folders = Get-ChildItem $root

ForEach ($folder in $folders)

{

$username = $domain+“\”+$folder

$permissions = Get-Acl $folder

$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($username,“FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”)
$permissions.AddAccessRule($userpermissions)

Set-Acl $folder $permissions

Write-Host “Set permissions on $folder for $username”

}

I don’t take cred for creating the scripts from scratch. I found them on the net, but was in a rush at the time so i didn’t note the address. They weren’t perfect to begin with, but i’ve modified them so they work for my purposes.

next step would be to add them to groups auto, but this is step is fairly painless in the gui so we’ll hold of on that for the time being.

No comments: