Public/New-AdUserFromSyncHr.ps1
function New-AdUserFromSyncHr { [CmdletBinding(PositionalBinding = $true)] param ( [Parameter(Mandatory = $true)][object]$SyncHrNewHire ) Write-Log "Starting function" $returnObj = New-Object -TypeName psobject -Property @{ Result = '' } $username = $SyncHrNewHire.fName + "." + $SyncHrNewHire.lname $name = $SyncHrNewHire.fName + " " + $SyncHrNewHire.lname $newEmpNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $SyncHrNewHire.empNo $password = $($SyncHrNewHire.fName).SubString(0, 1) + $($SyncHrNewHire.lname).SubString(0, 1) + "#" + $newEmpNumber $password_ss = ConvertTo-SecureString $password -AsPlainText -Force $newEmail = "$username@$($SyncHrNewHire.defaultDomain)" $manager = $null if ($SyncHrNewHire.manager_empNo.Length -gt 3) { $managerEmployeeNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $SyncHrNewHire.manager_empNo try { $manager = Get-ADUser -Filter { EmployeeNumber -eq $managerEmployeeNumber } -Properties manager -ErrorAction: Stop | Select-Object -First 1 } catch { } } try { $newUserHash = @{ EmployeeNumber = $newEmpNumber SamAccountName = $username UserPrincipalName = $newEmail Email = $newEmail Name = $name DisplayName = $name GivenName = $SyncHrNewHire.fname Surname = $SyncHrNewHire.lname Enabled = $True ChangePasswordAtLogon = $True Title = $SyncHrNewHire.positionTitle Path = $SyncHrNewHire.defaultOu Manager = $manager.DistinguishedName Office = $SyncHrNewHire.location_name StreetAddress = $SyncHrNewHire.location_street City = $SyncHrNewHire.location_city State = $SyncHrNewHire.location_state PostalCode = $SyncHrNewHire.location_zip Company = $SyncHrNewHire.companyName AccountPassword = $password_ss Homedrive = "H" Homedirectory = "\\svrfp01\Home\$username" } Write-Log -LogText "Creating new user: $($newUserHash | ConvertTo-Json -Compress)" New-ADUser @newUserHash Start-Sleep -Seconds 3 $newUser = Get-AdUser $username -Properties Office, EmployeeNumber -ErrorAction Stop $returnObj | Add-Member -MemberType: NoteProperty -Name SamAccountName -Value $newUser.SamAccountName $returnObj | Add-Member -MemberType: NoteProperty -Name Office -Value $newUser.Office $returnObj | Add-Member -MemberType: NoteProperty -Name EmployeeNumber -Value $newUser.EmployeeNumber $returnObj | Add-Member -MemberType: NoteProperty -Name newPassword -Value $password $returnObj | Add-Member -MemberType: NoteProperty -Name managerName -Value $manager.Name $returnObj.Result = 'OK' } catch { Write-Log "Error with New-AdUser. SynrHr user: $name ($($SyncHrNewHire.empNo))" -LogType: error -ErrorObject $_ $returnObj.Result = "Error: $($_.Exception.Message)" } $proxyAddresses = @( "SMTP:$newEmail" ) foreach ($proxy in $SyncHrNewHire.domainProxyList) { $proxyAddresses += "smtp:$username@$proxy" } try { foreach ($proxy in $proxyAddresses) { Set-ADUser -Identity $username -Add @{ ProxyAddresses = $proxy } } } catch { Write-Log "Error with Set-AdUser. SynrHr user: $name ($($SyncHrNewHire.empNo)). Command: ""Set-ADUser -Identity $username -Add @{ProxyAddresses = $proxy}""" -LogType: error -ErrorObject $_ } try { Add-ADGroupMember -Identity $SyncHrNewHire.positionTitle -Members $username } catch { Write-Log "Error with Add-ADGroupMember. SynrHr user: $name ($($SyncHrNewHire.empNo)). Command: ""Add-ADGroupMember -Identity $($SyncHrNewHire.positionTitle) -Members $username""" -LogType: error -ErrorObject $_ } try { #Create Home Folder if one does not exist, make a new one and set the correct permissions. if ( (Test-Path "\\svrfp01\Home\$username") -eq $false) { $NewFolder = New-Item -Path "\\svrfp01\Home\" -Name $username -ItemType "Directory" $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl,Modify,ReadAndExecute,ListDirectory,Read,Write" $InheritanceFlag = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit, [System.Security.AccessControl.InheritanceFlags]::ObjectInherit) $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None $objType = [System.Security.AccessControl.AccessControlType]::Allow $objUser = New-Object System.Security.Principal.NTAccount "my_full_domain_name\$username" $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($objUser, $Rights, $InheritanceFlag, $PropagationFlag, $objType) $ACL = Get-Acl -Path $NewFolder $ACL.AddAccessRule($objACE) Set-ACL -Path $NewFolder.FullName -AclObject $ACL } } catch { Write-Log "An error occurred in adding the home directory:" -LogType error -ErrorObject $_ } Write-Log "Completing function" return $returnObj } |