Auto-generating powershell scripts

    Sooner or later, everyone comes to the desire to shift the boring and monotonous work on the "shoulders" of the computer. For example, this feeling came to me when I started implementing Active Directory in organizations with 100+ employees. Adding and filling in all the fields for a large number of users manually is a terribly boring and long task. Of course, the first thing I turned to powershell, but the process of writing a script was somehow too long and ultimately nothing good came of it. Dreams of having a beautiful and neat user directory remained dreams. Until I got the idea of ​​automating the creation of powershell scripts.

    Millions of administrators around the world, like me, catch the same bugs in thousands of identical scripts for the same standard tasks. It is simply amazing that before me, none of them dared to close this issue once and for all, creating a poweshell script autogenerator. If we can deploy a dozen servers a day, then teaching a computer to write a script without errors is definitely not a problem.

    Get to the point

    In short, I put together such a script auto-generator and it is ready for beta testing. It is called  d-lera  ( ) and its main function is to eliminate the stage of writing script code, the longest and most tedious process when using powershell. Instead, the administrator fills out a fairly simple form - according to this data, the finished powershell script is generated and saved automatically.

    The project has just hatched, and now knows how to generate a simple and convenient script for creating users in Active Directory. I admit, from the hawkers in the comments I want to hear that now it works incorrectly and what functions are needed "in the fields" in the first place. Go?


    In a simple example, I will show how everything works. Suppose we have an organization with the uncomplicated name Koteykiny firewood. In it there are two departments “Shaggy sawmill” and “Mustachioed bookkeeping”. In the first section there is one telephone number, and the second let it be located in two offices at once, each of which has its own telephone.

    It turns out the following structure:

    It is worth paying attention. that this structure does not have to repeat the organizational structure in Active Directory.

    We open the page , click "Create Organization", enter the name. A root unit is created in which the "Organization" attribute is automatically populated:

    In the "Address in the directory" field, enter the address of the root unit (Organization Unit) in the Active Directory, where we store users. You do not need to add a domain address. We set up attributes that are the same for the entire organization: address, website address, account settings.

    Then we add two departments “Shaggy sawmill” and “Mustachioed bookkeeping”. When creating the units, all the parent’s settings are copied, but some attributes are updated automatically:

    We’ll also fill in the department heads (enter the login of the department head’s account without the domain prefix) and shadow groups, and for the Shaggy Power-saw bench, fill in the phone and office:
    Shadow groups
    Sometimes it is necessary that the accounts of employees of the entire department are members of a security group. If the “Shadow group” parameter is filled in after creating the account, the generated script will automatically add it to the specified group

    And now let’s take advantage of the fact that when creating a script, the organizational unit does not have to correspond to the organizational unit in the Active Directory. In "mustached accounting" we create two subsidiary divisions: "Mustached accounting: sour cream room" and "Mustached accounting: a room with balls of thread" and each of them we fill in our telephone and office:

    Do not forget that when creating subsidiary divisions some fields are filled in automatically. Manually delete the added address levels, and for the department name, select "update all subsidiary units" in "Mustachioed accounting":

    And then we suddenly remember that when creating the account we want to enter e-mail, and of course the password. Therefore, in “Koteikiny Drovo” we check the box for manually entering the position and password and update all subsidiaries (only the immediate heirs are updated, therefore, for “Mustached Accounting” you must also press the update button):

    And lastly: in “Koteikiny Drovo” and With "Mustached accounting", uncheck the box "Allow user creation in this unit" so that the script does not offer to create users there:

    Nobody wants to immediately disclose all the information about the organization’s domain on the first website on the Internet, so after saving the script, you must open it with any text editor and correct the first two lines by entering the name of your Active Directory domain. Save, run:

    Plans for the near future

    • Ability to save configuration
    • Signing scripts. Now they are generated by unsigned. You can read how to sign it yourself, for example, here
    • Attribute constructors: so that, for example, a login is automatically compiled according to a template based on a name and surname and is translated from Russian into transliteration
    • Combined entry of multi-valued attributes: entered value + preset value (for example, entering an individual internal phone number + common city number)
    • Scripts for updating existing users, creating users from an Excel or .CSV file
    • Adding custom Active Directory user attributes
    • Support for Exchange, SharePoint
    • Learning and adding scripts for various other common tasks

    PS I invite everyone to test and I will be very grateful for any wishes / suggestions / comments. You can write to , in PM, in comments and generally anywhere - we are on the Internet after all

    . information about the organization’s Active Directory is information of a rather intimate nature, your opinion is very important:

    Only registered users can participate in the survey. Please come in.

    How would you like to see departmental configuration saved?

    • 5.2% I agree to keep in the account on the project 10
    • 59.2% I want it locally, to file 112
    • 35.4% I agree on both options 67

    Also popular now: