Public/New-AdUserFromSyncHr.ps1
|
function New-AdUserFromSyncHr { [CmdletBinding(PositionalBinding = $true)] param ( [Parameter(Mandatory = $true)][object]$SyncHrNewHire ) Write-Log "Starting function" -EmployeeId $SyncHrNewHire.empNo $returnObj = New-Object -TypeName psobject -Property @{ Result = '' } $username = $SyncHrNewHire.fName + "." + $SyncHrNewHire.lname $name = $SyncHrNewHire.fName + " " + $SyncHrNewHire.lname $newEmpNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $SyncHrNewHire.empNo $password = $($SyncHrNewHire.fName).SubString(0, 1) + $($SyncHrNewHire.lname).SubString(0, 1) + "#" + $newEmpNumber $password_ss = ConvertTo-SecureString $password -AsPlainText -Force $newEmail = "$username@$($SyncHrNewHire.defaultDomain)" $manager = $null if ($SyncHrNewHire.manager_empNo.Length -gt 3) { $managerEmployeeNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $SyncHrNewHire.manager_empNo try { $managerFilter = "EmployeeNumber -eq ""$managerEmployeeNumber""" $manager = Get-ADUser -Filter $managerFilter -Properties manager -ErrorAction: Stop | Select-Object -First 1 } catch { } } $homeFolder = $null if ($SyncHrNewHire.homeFolder.Length -gt 3) { try { $homeFolder = Join-Path $SyncHrNewHire.homeFolder $username } catch { } } try { $newUserHash = @{ EmployeeNumber = $newEmpNumber SamAccountName = $username UserPrincipalName = $newEmail Email = $newEmail Name = $name DisplayName = $name GivenName = $SyncHrNewHire.fname Surname = $SyncHrNewHire.lname Enabled = $True ChangePasswordAtLogon = $True Title = $SyncHrNewHire.positionTitle Path = $SyncHrNewHire.defaultOu Manager = $manager.DistinguishedName Office = $SyncHrNewHire.location_name StreetAddress = $SyncHrNewHire.location_street City = $SyncHrNewHire.location_city State = $SyncHrNewHire.location_state PostalCode = $SyncHrNewHire.location_zip Company = $SyncHrNewHire.companyName AccountPassword = $password_ss Description = "Created by SyncHr script $(Get-Date -Format 'yyyy-MM-dd hh:mmtt')" Homedrive = "H" Homedirectory = $homeFolder ErrorAction = 'Stop' } Write-Log -LogText "Creating new user: $($newUserHash | ConvertTo-Json -Compress)" -EmployeeId $SyncHrNewHire.empNo New-ADUser @newUserHash Start-Sleep -Seconds 3 $newUser = Get-AdUser $username -Properties Office, EmployeeNumber -ErrorAction Stop $returnObj | Add-Member -MemberType: NoteProperty -Name SamAccountName -Value $newUser.SamAccountName $returnObj | Add-Member -MemberType: NoteProperty -Name Office -Value $newUser.Office $returnObj | Add-Member -MemberType: NoteProperty -Name EmployeeNumber -Value $newUser.EmployeeNumber $returnObj | Add-Member -MemberType: NoteProperty -Name newPassword -Value $password $returnObj | Add-Member -MemberType: NoteProperty -Name managerName -Value $manager.Name $returnObj.Result = 'OK' $proxyAddresses = @( "SMTP:$newEmail" ) foreach ($proxy in $SyncHrNewHire.domainProxyList) { $proxyAddresses += "smtp:$username@$proxy" } try { foreach ($proxy in $proxyAddresses) { Set-ADUser -Identity $username -Add @{ ProxyAddresses = $proxy } } } catch { Write-Log "Error with Set-AdUser. SynrHr user: $name ($($SyncHrNewHire.empNo)). Command: ""Set-ADUser -Identity $username -Add @{ProxyAddresses = $proxy}""" -LogType: error -ErrorObject $_ -EmployeeId $SyncHrNewHire.empNo } try { Add-ADGroupMember -Identity $SyncHrNewHire.positionTitle -Members $username } catch { Write-Log "Error with Add-ADGroupMember. SynrHr user: $name ($($SyncHrNewHire.empNo)). Command: ""Add-ADGroupMember -Identity $($SyncHrNewHire.positionTitle) -Members $username""" -LogType: error -ErrorObject $_ -EmployeeId $SyncHrNewHire.empNo } if ($homeFolder.Length -gt 3) { try { if ( (Test-Path $homeFolder) -eq $false) { $acl = Get-Acl (New-Item -Path $SyncHrNewHire.homeFolder -Name $username -ItemType Directory -Verbose) # Make sure access rules inherited from parent folders. $acl.SetAccessRuleProtection($false, $true) $ace = $username, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($ace) $acl.AddAccessRule($objACE) Set-ACL -Path $homeFolder -AclObject $acl -Verbose Write-Log "Home folder added successfully: ""$homeFolder""" -EmployeeId $SyncHrNewHire.empNo } else { Write-Log "Home folder ""$homeFolder"" already exists. Skipping home folder creation" -LogType: warning -EmployeeId $SyncHrNewHire.empNo } } catch { Write-Log "An error occurred in adding the home directory:" -LogType error -ErrorObject $_ -EmployeeId $SyncHrNewHire.empNo } } else { Write-Log "Skipping home folder creation. SyncHrNewHire.homeFolder value ""$($SyncHrNewHire.homeFolder)""" -LogType: warning -EmployeeId $SyncHrNewHire.empNo } } catch { Write-Log "Error with New-AdUser. SynrHr user: $name ($($SyncHrNewHire.empNo))" -LogType: error -ErrorObject $_ -EmployeeId $SyncHrNewHire.empNo $returnObj.Result = "Error: $($_.Exception.Message)" } Write-Log "Completing function" -EmployeeId $SyncHrNewHire.empNo return $returnObj } |