Public/New-ADSIUser.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
function New-ADSIUser { <# .SYNOPSIS Function to create a new User .DESCRIPTION Function to create a new User .PARAMETER SamAccountName Specifies the SamAccountName parameter .PARAMETER AccountPassword Specifies the password parameter .PARAMETER Enabled Specifies if the user need to be enabled on creation. Default is $False. .PARAMETER GivenName Specifies the GivenName parameter .PARAMETER SurName Specifies the Surname parameter .PARAMETER UserPrincipalName Specifies the UserPrincipalName parameter. .PARAMETER DisplayName Specifies the DisplayName parameter. .PARAMETER Name Specifies the Name parameter. .PARAMETER PasswordNeverExpires Specifies if the Password Never Expires .PARAMETER UserCannotChangePassword Specifies if the User Cannot Change Password .PARAMETER PasswordNotRequired Specifies if the Password is Not Required .PARAMETER Credential Specifies the alternative credential to use. By default it will use the current user windows credentials. .PARAMETER DomainName Specifies the alternative Domain where the user should be created By default it will use the current domain. .PARAMETER Passthru Specifies if you want to see the object created after running the command. .EXAMPLE PS C:\> New-ADSIUser -SamAccountName "fxtest04" -Enabled -AccountPassword (Read-Host -AsSecureString "AccountPassword") -Passthru .EXAMPLE PS C:\> New-ADSIUser -SamAccountName "fxtest04" -Enabled -AccountPassword (Read-Host -AsSecureString "AccountPassword") -Passthru # You can test the credential using the following function Test-ADSICredential -AccountName "fxtest04" -AccountPassword (Read-Host -AsSecureString "AccountPassword") .NOTES Francois-Xavier.Cat LazyWinAdmin.com @lazywinadm github.com/lazywinadmin .LINK https://msdn.microsoft.com/en-us/library/System.DirectoryServices.AccountManagement.UserPrincipal(v=vs.110).aspx #> [CmdletBinding(SupportsShouldProcess = $true)] param ( [Parameter(Mandatory = $true)] [String]$SamAccountName, [System.Security.SecureString]$AccountPassword, [switch]$Enabled = $false, [String]$GivenName, [String]$SurName, [String]$UserPrincipalName, [String]$DisplayName, [String]$Name, [Switch]$PasswordNeverExpires = $false, [Switch]$UserCannotChangePassword = $false, [Switch]$PasswordNotRequired = $false, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [String]$DomainName, [Switch]$Passthru ) BEGIN { Add-Type -AssemblyName System.DirectoryServices.AccountManagement # Create Context splatting $ContextSplatting = @{ ContextType = "Domain" } IF ($PSBoundParameters['Credential']) { $ContextSplatting.Credential = $Credential } IF ($PSBoundParameters['DomainName']) { $ContextSplatting.DomainName = $DomainName } $Context = New-ADSIPrincipalContext @ContextSplatting } PROCESS { TRY { IF ($PSCmdlet.ShouldProcess($SamAccountName, "Create User Account")) { Write-Verbose -message "Build the user object" $User = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal -ArgumentList $context Write-Verbose -message "set the properties" $User.SamAccountName = $SamAccountName $User.Enabled = $Enabled $user.PasswordNeverExpires = $PasswordNeverExpires $user.UserCannotChangePassword = $UserCannotChangePassword $User.PasswordNotRequired = $PasswordNotRequired IF ($PSBoundParameters['Name']) { $User.Name = $Name } IF ($PSBoundParameters['DisplayName']) { $User.DisplayName = $DisplayName } IF ($PSBoundParameters['GivenName']) { $User.GivenName = $GivenName } IF ($PSBoundParameters['SurName']) { $User.SurName = $SurName } IF ($PSBoundParameters['UserPrincipalName']) { $User.UserPrincipalName = $UserPrincipalName } IF ($PSBoundParameters['Description']) { $user.Description = $Description } IF ($PSBoundParameters['EmployeeId']) { $user.EmployeeId = $EmployeeId } IF ($PSBoundParameters['HomeDirectory']) { $user.HomeDirectory = $HomeDirectory } IF ($PSBoundParameters['HomeDrive']) { $user.HomeDrive = $HomeDrive } IF ($PSBoundParameters['MiddleName']) { $user.MiddleName = $MiddleName } IF ($PSBoundParameters['VoiceTelephoneNumber']) { $user.VoiceTelephoneNumber } IF ($PSBoundParameters['AccountPassword']){$User.SetPassword($AccountPassword)} Write-Verbose -message "Create the Account in Active Directory" $User.Save($Context) } } CATCH { Write-Error $Error[0] break } } END { IF ($PSBoundParameters['Passthru']) { $ContextSplatting.Remove("ContextType") Get-ADSIUser -Identity $SamAccountName @ContextSplatting } } } |