If you’re in a smaller environment, most of your users may have a very similar configuration.   As your environment grows you however may find it trickier to note which group to add the user to or what fax number to jot down depending upon their Division or location.

Believe it or not, it can REALLY get out of control.

So we’ve got this wonderful thing called Powershell.   It should be up to the task, and it most certainly is.

What I decided was to take my original “NEW-USER” script from the Technet Script Repository and beef it up a bit Smile

Initially I just assigned some static values to the variables since I wasn’t expecting things to grow much and really, this being my first Powershell script; I just wanted something to make my life easier.

It did too.   For 18 months, that script did the job great.   But our Division grew, we expanded the environment got more complex.    So I found myself little by little doing a task of “NEW-USER” and then go about and make some minor corrections here or there.  

After a while that can get irritating and be a real waste of time

So here was my original approach to simply have a list of variables like so

$max=$Sam.Length    
if ($max -gt 20) {$max=20}     $Sam=$Sam.Substring(0,$max)    
$Name=$Lastname+", "+$FirstName $DisplayName=$Lastname+", "+$FirstName
$UPN=$FirstName+"."+$LastName+"@Contoso.local"
$HomeDir=’\\CONTOSOFILE\USERHOME$\’+$Alias
$Phone=’212-555-0000 x111′
$PostalZip=’90210′
$City=’Toronto’
$Company=’Contoso Rocks Ltd’
$Office=’In the Basement with my stapler’ # A generic description for the user  $Description=’New User’ $ourdomain=’@contoso.local’

So for a small division, this worked.   But I needed to expand this a bit

So I head this idea I was banging about to solve this issue.  I decided to create a Hash Table containing the values unique to each Location, Division including the ability to group Security groups in bundles

Here’s a basic view of an Entry for the Contoso Domain in a little tiny itty bitty teeny weeny place called “Redmond” or as I like to think of it “the Land of the gods”

#
# Redmond
# Ok, fine.  So it’s not REALLY Redmond,WA but a Guy can dream can’t he?
#
[array]$AdConfig+=@{UPN=’@contoso.local’;
Company=’Contoso Rocks Ltd.’;
HomeDir=’\\CONTOSOFILE\UserHome$\’;
HomeDrive=’Z:’;
Phone=’425-555-1212′;
Extension=’424242’;
Postal=’98053′;
City=’Redmond’;
StateProv=’Washington’;
Address=’1 Microsoft Way’;
Office=’A Secret Building – Shhhhh ‘;
Department=’These are not the droids you are looking for’;
Fax=’425-555-1111’;
ourdomain=’@contoso.local’;
OU=’Contoso.local/Divisions/Geeks/Users’;
ExchangeDatabase=’CONTOSO-MAIL\First Storage Group\UberGeeks’;
DOMAIN=’CONTOSO’;
HasEmail=$TRUE;
Contractor=$TRUE;
Divisions=,("","1000");
SecurityGroups=("Standard Contoso Documents”,
"Sharepoint2010 View”,
"SecretStashOfOldDukeNukemPictures”)}

So if you look down, you’ll see I got fancy and created two sub arrays within the Hash Table.

The first one is “Divisions”, which if I have more than One, I can populate with their OU’s (presuming my A/D is well organized) and the standard security groups I might assign based upon the job task for the user.   That’s what the “1000” is.   A simple string that match up against my list of security groups.  “1” means you get this “Group of Groups” and “0” means no.

As I add groups to my localized entry in the HashTable, I can add the the length of the “1000” without affecting other entries.

Now that I have it as a Hash Table I can prepopulate things a bit nicer.   So if I had to setup users for Fabrikam off in say some location like Charlotte, North Carolina; I simply need to add in another entry with the configurations UNIQUE to Charlotte, I can just copy my first table and edit it to meet my needs

#
# Charlotte
# Yeah, seems like a fun place.  Rumor has it some ‘Scripting Guy’ lives near there Winking smile
#
[array]$AdConfig+=@{UPN=’@fabrikam.local’;
Company=’Fabrikam CD Burning.’;
HomeDir=’\\FABRIKAMFILE\UserHome$\’;
HomeDrive=’Z:’;
Phone=’704-555-1212′;
Extension=’998899’;
Postal=’28659′;
City=’Charlotte’;
StateProv=’North Carolina’;
Address=’123 Sesame Street’;
Office=’A Small Brown Building’;
Department=’Shhhhhhhhh’;
Fax=’704-555-1111’;
ourdomain=’@fabrikam.local’;
OU=’Fabrikam.local/Site/TheOtherGuys/Users’;
ExchangeDatabase=’FABRIKAM-SPAM\Third Storage Group\Technet’;
DOMAIN=’FABRIKAM’;
HasEmail=$TRUE;
Contractor=$FALSE;
Divisions=,("Cookie Cutters","1000"),
(“Banana Slicers”,”1100”),
(“Management”,”0000”);
SecurityGroups=("Secret”,
”Domain Losers”,
(“Me”,
”Myself”,
”I”),
("Sharepoint2010 View”,
"SecretStashOfOldDukeNukemPictures”)}

As I place them in order I can reference them as $ADconfig[0] for Contoso, $ADconfig[1] for Fabrikam etc etc.

But I’ll bet you’re wondering about those security groups and Divisions?

Catch you next time on that one.   That’s part of a “little” script going to Technet Script Repository soon.   But I’ll explain how all that works tomorrow.

Advertisements