Public/New-TempADUser.ps1
|
function New-TempADUser { <# .SYNOPSIS This function creates a new temporary AD user using the data parsed from New-TempADUserDetails. .DESCRIPTION Creates a temporary Active Directory user account by calling New-ADUser with the supplied identity and address attributes. TEST/LAB USE ONLY - never run against a production directory. Requires the ActiveDirectory RSAT module and a reachable domain controller. .EXAMPLE New-TempADUserDetails | New-TempADUser Pipes a generated user object straight into New-TempADUser to provision the account. .EXAMPLE New-TempADUser -Name 'Test User' -GivenName 'Test' -Surname 'User' ` -DisplayName 'Test User' -SamAccountName 'testuser' ` -UserPrincipalName 'test.user@contoso.local' ` -AccountPassword 'P@ssw0rd!Plain' -Path 'CN=Users,DC=contoso,DC=local' Creates a single temporary AD user using explicit parameters (no pipeline input). .INPUTS [PSObject] .OUTPUTS None. New-ADUser is invoked without -PassThru, so no object is returned. .NOTES Author: Luke Leigh Website: https://blog.lukeleigh.com/ LinkedIn: https://www.linkedin.com/in/lukeleigh/ GitHub: https://github.com/BanterBoy/ GitHubGist: https://gist.github.com/BanterBoy .LINK https://github.com/BanterBoy #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute( 'PSAvoidUsingUsernameAndPasswordParams', '', Justification = 'TEST-ONLY module for disposable lab accounts. Parameter shape is intentional and matches the pipeline output of New-TempADUserDetails; documented in the module manifest description and README.')] [CmdletBinding( SupportsShouldProcess = $true, DefaultParameterSetName = "Default")] param ( [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Full name (CN) for the new AD user" )] [ValidateNotNullOrEmpty()] [string] $Name, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Job title for the new AD user" )] [string] $Title, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Given (first) name for the new AD user" )] [string] $GivenName, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Surname (last name) for the new AD user" )] [string] $Surname, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Display name shown in directory listings" )] [string] $DisplayName, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "sAMAccountName for the new AD user (must be <=20 chars, alphanumeric)" )] [ValidateNotNullOrEmpty()] [string] $SamAccountName, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Street address for the new AD user" )] [string] $StreetAddress, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "State or region for the new AD user" )] [string] $State, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "City for the new AD user" )] [string] $City, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Country (two-letter code) for the new AD user" )] [string] $Country, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Postal / ZIP code for the new AD user" )] [string] $PostalCode, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "User principal name, e.g. first.last@contoso.com" )] [ValidateNotNullOrEmpty()] [string] $UserPrincipalName, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True, HelpMessage = "Please enter the DistinguishedName for the OU path for your Email address." )] [string] $Path = $null, [Parameter( Mandatory = $false, ParameterSetName = "Default", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Plaintext password - converted to SecureString. TEST/LAB USE ONLY." )] [ValidateNotNullOrEmpty()] [string] $AccountPassword ) begin { } process { $resolvedPath = $Path if (-not $PSBoundParameters.ContainsKey('Path') -or [string]::IsNullOrEmpty($resolvedPath)) { try { $resolvedPath = (Get-ADDomain).UsersContainer } catch { $PSCmdlet.WriteError($_) return } } Write-Verbose 'Converting plaintext password to SecureString - test/lab use only.' $securePassword = ConvertTo-SecureString -String $AccountPassword -AsPlainText -Force $userUserSettings = @{ Name = $Name Title = $Title GivenName = $GivenName Surname = $Surname DisplayName = $DisplayName SamAccountName = $SamAccountName UserPrincipalName = $UserPrincipalName StreetAddress = $StreetAddress State = $State City = $City Country = $Country PostalCode = $PostalCode AccountPassword = $securePassword Enabled = $true ChangePasswordAtLogon = $true } if (-not [string]::IsNullOrEmpty($resolvedPath)) { $userUserSettings['Path'] = $resolvedPath } if ($PSCmdlet.ShouldProcess($UserPrincipalName, 'Create temporary AD user')) { try { New-ADUser @userUserSettings -Verbose } catch { $PSCmdlet.WriteError($_) } } } end { } } |