# #NB! CSV UTF-8 #Script for creating karu user accounts. #If using CSV file then following fields are required : Eesnimi;Perenimi;Kasutajanimi;Isikukood;Ryhm #NOTE IF U ARE USING CSV THEN MAKE SURE THE ENCODING IS IN UTF8!!! Import-Module gShell # https://github.com/squid808/gShell/wiki/Downloads | Before using read getting started on github to set up oauth Import-Module NTFSSecurity # install-Module NTFSSecurity Import-Module ActiveDirectory # https://www.microsoft.com/en-us/download/details.aspx?id=45520 Import-Module MSOnline $credential = get-credential Connect-MsolService -Credential $credential Add-Type -AssemblyName System.Web # for generating random secure temp passwords easy. #logging $path = Get-Location | select Path $log = 'create_user.log' $date = Get-Date #static variables $homeDrive = 'H:' $domain = 'karu.win' $upn = '@karu.edu.ee' $loginScript = 'login.bat' $homeBase = '\\plutu.karu.win\kodud' $wwwDir = 'public_html' $wwwUser = 'apache' $accountType = 0 function create_account([string]$username, [string]$firstname, [string]$lastname, [string]$id, [string]$group, [boolean]$csv, [int]$accountType ){ #check if user already exists. $ADUser = Get-ADUser -Filter {SamAccountName -eq $username } If($ADUser) { $email = $username+$upn #user exists "Account $username already exists" | Tee-Object -FilePath $log -Append #still gotta activate the user Set-ADAccountControl -Identity $username -PasswordNeverExpires $true Set-ADAccountControl -Identity $username -Enabled $true # Still add to google group incase student applies to new curriculum. if($group -notlike $null){ Add-GAGroupMember -GroupName $group -UserName $username -Role MEMBER | Tee-Object -FilePath $log -Append } #Check if this user already has OFFICE365 License if not then add $GetMsolUser = Get-MsolUser -UserPrincipalName $username | Select UserPrincipalName, isLicensed if ($GetMsolUser.IsLicensed -eq 'True') { #User is already licensed } else { Set-MsolUser -UserPrincipalName $email -UsageLocation EE Set-MsolUserLicense -UserPrincipalName $email -AddLicenses "erh:OFFICESUBSCRIPTION_STUDENT" Set-MsolUserLicense -UserPrincipalName $email -AddLicenses "erh:STANDARDWOFFPACK_STUDENT" } } Else { $fullname = $firstname+' '+$lastname $email = $username+$upn $GA_alias = $false $upnFull = $username+$upn $homePath = $homeBase+'\'+$username $public_html = $homePath+'\'+$wwwDir $tempPassword = [System.Web.Security.Membership]::GeneratePassword(12,4) $securePassword = ConvertTo-SecureString $tempPassword -AsPlainText -Force Switch( $accountType ){ 1{#õpilane $gaOU = '/opilased' ; $baseGroup = 'opilane' $OU = 'ou=opilased,ou=kontod,ou=karu,dc=karu,dc=win' } 2{#abistaja $gaOU = '/personal' ; $baseGroup = 'abistaja' $OU = 'ou=abistajad,ou=personal,ou=kontod,ou=karu,dc=karu,dc=win' $GA_alias = $true } 3{#admintöötaja $gaOU = '/personal' ; $baseGroup = 'personal' $OU = 'ou=Admintootajad,ou=personal,ou=kontod,ou=karu,dc=karu,dc=win' $GA_alias = $true } 4{#õpetaja $gaOU = 'personal' ; $gaOU = '/personal' ; $baseGroup = 'personal' $OU = 'ou=Opetajad,ou=personal,ou=kontod,ou=karu,dc=karu,dc=win' $GA_alias = $true } 5{#muu $gaOU = '/muu' ; $baseGroup = 'muu' $OU = 'ou=muu,ou=karu,dc=karu,dc=win' } } # end Switch if(!$csv){ #review before creating account Write-Host 'Kasutajanimi: '$username Write-Host 'Täisnimi: ' $fullname Write-Host 'temp salasõna: ' $tempPassword $MenuChoice = Read-Host "trüki 'y' , et jätkata konto loomisega" if( $MenuChoice -ne 'y') { exit } } ###### # Create AD user and assign group ###### try{ New-ADUser $username ` -DisplayName $username ` -GivenName $firstname ` -Description $fullname ` -Path $OU ` -Surname $lastname ` -UserPrincipalName $upnFull ` -HomeDirectory $homePath ` -HomeDrive $homeDrive ` -EmailAddress $email ` -AccountPassword $securePassword ` -ScriptPath $loginScript ` -Enabled $true }catch { "error creating AD user $username" | Tee-Object -file $log -Append } #add ID number to user ( Uniflow printing.. ) Set-ADuser -identity $username -Replace @{'SerialNumber' = $id} # Add user to default group Add-ADGroupMember $baseGroup -Members $username #Activate user in OIS Set-ADAccountControl -Identity $username -PasswordNeverExpires $true Set-ADAccountControl -Identity $username -Enabled $true ###### # Create Google Apps user ###### New-GAUser ` -UserName $username ` -GivenName $firstname ` -FamilyName $lastname ` -Password $tempPassword ` -OrgUnitPath $gaOU if($group -ne ''){ # add new user to Google Apps group Add-GAGroupMember -GroupName $group -UserName $username -Role MEMBER | Tee-Object -FilePath $log -Append } # If account type need e-mail alias if( $GA_alias -notlike $null ) { $alias = $firstname+'.'+$lastname $alias = $alias| foreach {$_ -replace "ä", "a" -replace "ö", "o" -replace "ü", "y" -replace "õ", "o" -replace "š", "s" -replace "ž", "z"} $alias = $alias.ToLower() New-GAUserAlias -UserName $username -Alias $alias } # Create Office365 user and assign license to them. if($email -ne '') { New-Msoluser ` -UserPrincipalName $email ` -FirstName $firstname ` -LastName $lastname ` -Password $tempPassword ` -DisplayName $fullname ` -UsageLocation "EE" ` -LicenseAssignment "erh:OFFICESUBSCRIPTION_STUDENT","erh:STANDARDWOFFPACK_STUDENT" Start-Sleep -s 1 } # Create home directory and assign permissions ###### # check if directory doesnt exist already.. if(Test-Path $homePath){ "directory already exists" | Tee-Object -file $log -Append } else { #create user home dir mkdir $homePath\public_html | Out-Null try{ Set-NTFSOwner -Account $username } catch { 'failed to set homedirectory owner for user $user' | Tee-Object -file $log -Append } #set file permissions #owner permissions FullControl Add-NTFSAccess -Path $homePath -Account $username -AccessRights FullControl -InheritanceFlags ContainerInherit ,ObjectInherit -AccessType Allow # permissions for Apache Add-NTFSAccess -Path $homePath -Account $wwwUser -AccessRights Traverse -InheritanceFlags ContainerInherit -PropagationFlags InheritOnly -AccessType Allow Add-NTFSAccess -Path $public_html -Account $wwwUser -AccessRights ReadAndExecute -InheritanceFlags ContainerInherit -PropagationFlags InheritOnly } } "-----------------LOG END--------------------" | Out-File $log -append "--------------------------------------------" | Out-File $log -append } # END create_user Write-Host 'Vali skripti tööreziim - klikka 1 või enter - loo üksik kontop | 2 - kasuta CSV faili' [int]$inputType = Read-Host if($inputType -eq 1 -or $inputType -eq '' ){ #write-host "üksik konto" # Start logging "Processing started (on " + $date + "): " | Out-File $log -append "--------------------------------------------" | Out-File $log -append # Ask what type of user while ( $accountType -lt 1 -or $accountType -gt 5 ) { Write-Host " " Write-host "1. Õpilane" Write-host "2. Abistaja" Write-host "3. Admintöötaja" Write-host "4. Õpetaja" Write-host "5. Muu.." [Int]$accountType = read-host "Vali grupp.. 1-5 " } write-host "sisesta kasutaja andmed " $username = Read-Host -Prompt 'kasutajanimi ' $firstname = Read-Host -Prompt 'Eesnimi ' $lastname = Read-Host -Prompt 'Perenimi ' $id = Read-Host -Prompt 'Isikukood ' # isikukood $group = Read-Host -Prompt 'rühmatähis (e-posti list nt kv169) ' create_account -username $username -firstname $firstname -lastname $lastname -id $id -group $group -accountType $accountType -csv $false }elseif($inputType -eq 2){ # Start logging "Processing started (on " + $date + "): " | Out-File $log -append "--------------------------------------------" | Out-File $log -append #write-host "csv import" $path = Read-Host "sisesta CSV faili asukoht. nt: c:\stuff\kontod.csv " if(-not(Test-Path $path)){ write-host "Kontrolli faili asukohta!" exit } # $data = Import-Csv -Path $path -Delimiter ';' foreach($item in $data){ $username = $item.Kasutajanimi $firstname = $item.Eesnimi $lastname = $item.Perenimi $id = $item.Isikukood $group = $item.Rühm $accountType = 1 #1-opilased create_account -username $username -firstname $firstname -lastname $lastname -id $id -group $group -accountType $accountType -csv $true } }else{ write-host "Vale/vigane sisend. " }