Powershell - New AD user script questions

Discussion in 'Programming & Software Development' started by Gunna, Feb 22, 2021.

  1. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,822
    Location:
    Brisbane
    I'm not even sure what i'm wanting is possible but it seems logical, there are 2 parts to this request.

    I'm in the early stages of scripting AD account creation for new hires, long time coming but thats another topic.

    Question 1:
    The start of my script has initial questions to set variables we require as a minimum like:

    $NewHireGiven = Read-host "Please enter new hires FIRST NAME:"

    $NewHireSurname = Read-Host "Please enter new hires SURNAME:"

    As I manage the APAC region I need to factor in AU, NZ and Asia and they all have different OU structures, internal cost centres and cost centre descriptions which need to be added to the AD User object.

    I'd like the person creating the account to enter the new hires cost centre which does Switch statement that has pulled the condition and action(description) from a CSV. This way if a cost centre is added I can update the CSV rather than the (eventual) digitially signed PS1 file

    e.g:
    [int]$NHCostCentre = Read-host "Please enter new hires COST CENTRE, eg 301000:"
    User enter 301001 at prompt

    Code:
    switch ($NHCostCentre)
    { 301000 {AUS Sales};break
    301001 {NZ Internal}
    }
    I'm just not sure how to pull both the condition and description from CSV, i know I could pull the condition from CSV using IMPORT-CSV and a foreach but I need both condition and action to be pulled.

    The 2nd part is at the end of the user input section i'd like to echo the output of each variable to have the user confirm the details and if correct proceed or restart the script if wrong

    I may be over thinking it by this point though
     
    Last edited: Feb 22, 2021
  2. harrye30

    harrye30 Member

    Joined:
    Apr 1, 2012
    Messages:
    273
    What HR platform are you guys using?

    Reason for asking is a lot of the decent (which i'll assume if you're global) platforms allow for direct integration with AD and will allow for single source of truth either by utilising Azure hybrid workers or an enterprise application.

    Definitely worth a look rather than reinventing the wheel if its at all possible.
     
  3. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,822
    Location:
    Brisbane
    Thats not an option I want to go down. We use a module in SAP for HR and getting the team to integrate with AD would be more trouble than making a script, trust me.
     
  4. harrye30

    harrye30 Member

    Joined:
    Apr 1, 2012
    Messages:
    273
    Have done this successfully in the past with SAP and successfactors - off the shelf integration with AD. (https://api.sap.com/package/SuccessfactorsEmployeeCentraltoActiveDirectory?section=Overview)

    If you're doing this, I'd strongly suggest doing it properly. I say that from a man who fixed a broken script integration in an environment with roughly 8000 users across the globe. It was painful enough that if you can get your single source of truth to be your HR platform from the get go I'd champion for it.

    If you're not interested in that, and you have access to AAD and Sharepoint online, I'd suggest building this into an online list. And then using the list to call various runbooks based on what your HR staff input into the list.

    Similar to this: https://365lab.net/2016/01/09/create-ad-users-with-help-from-azure-automation-and-sharepoint-online/

    both give you the ability to have a proper portal where IT staff are not responsible for the cleanliness of the entered information. In every org I move into I've tried to move the onus off level 1 staff to ensure that user accounts are created in a sanitised way.

    The invested time is worth it IMO.
     
  5. harrye30

    harrye30 Member

    Joined:
    Apr 1, 2012
    Messages:
    273
    With requesting confirmation from a user "-confirm" should get you most of the way there.

    As for your condition question;


    Import-Csv D:\data.csv -Delimiter '~' | ForEach-Object {

    if ($_.TEST -match ',') # IF row.TEST contains a comma
    {
    $first, $second = $_.TEST.Split(',') # Get first and second words ready

    $_.TEST = $first # Output the record once with
    $_ # first word

    $_.TEST = $second # and again with second word
    $_ #
    }
    else
    {
    $_ # otherwise output it unchanged
    }
    } | Export-CSV out.csv -Delimiter '~' -NoTypeInformation
     
  6. mooboyj

    mooboyj Member

    Joined:
    Sep 13, 2005
    Messages:
    1,044
    Create scripts for each region. Most of it will be cut and pastes, and will it is multiple scripts it'll only be a small amount of extra work.
     
  7. Optimus.

    Optimus. Member

    Joined:
    Jun 27, 2002
    Messages:
    6,564
    What I do is set up 'config' files (CSVs or lookup tables e.g. matching AD groups to job roles and AD OUs) and then import the settings from that based on a match. Then make your script pretty generic and just work off the settings provided.
     

Share This Page

Advertisement: