April 7, 2018 at 22:23Another example of automation or PowerShell + Google Apps Script
Laziness is the engine of progress ...
So I, finding a bit of free time, decided to automate a fairly routine task for each admin - creating and disconnecting users.
It all started with the creation of a script on PowerShell, where it was proposed to enter user data from the console. As a result, the AD user was created in the corresponding OU, with the fields filled in.
Next, create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful service Apps Script . It is based on JavaScript. The abundance of documentation and little programming experience helped to figure this out. Here we similarly transfer these functions - the account is created.
We rework the Welcome letter template with the same tool, replacing% username%, etc. to real data and send pdf to HR-boss, boss, new user and of course to ourselves.
Of course, entering data from two consoles is not the result that I would like to get. Therefore, a Google form for data was created. Scripts are added to the scheduler to repeat every 5 minutes.
After working out the Google script, through Backup and Sync (GDrive) the data in the form of a text file is transferred to the local network. Here PowerShell is taken up - it parses the file and creates the AD user. Now beautiful!
So I, finding a bit of free time, decided to automate a fairly routine task for each admin - creating and disconnecting users.
1. PowerShell
It all started with the creation of a script on PowerShell, where it was proposed to enter user data from the console. As a result, the AD user was created in the corresponding OU, with the fields filled in.
$files = Get-ChildItem -LiteralPath \\server\users$ -Include *.txt -File
foreach ($file in $files) {
$text = Get-Content -Path $file.FullName
$data = $text.Split(";")
$action = $data[0]
$name = $data[1]
$lastName = $data[2]
$password = $data[3]
$project = $data[4]
$position = $data[5]
$pc = $data[6]
if ($action -eq "Add") {
createADUser $name $lastName $project $position $password $pc
}
elseif ($action -eq "Suspend") {
disableAdUser ("$name.$lastName")
}
$file.Delete()
}
function createADUser($name, $lastName, $project, $position, $password, $pc) {
$office = "Head Office"
$path = "OU=Users,DC=corp,DC=mydomain,DC=com"
$login = "$name.$lastName".ToLower()
if ($project -ne "") {
$path = "OU=$project,$path"
}
if ($password -eq "") {
$password = "12345678"
}
New-ADUser -Name "$name $lastName" -DisplayName "$name $lastName" -GivenName $name -Surname $lastName -SamAccountName $login -UserPrincipalName "$login@corp.mydomain.com" -Path $path -Enabled $true -AccountPassword (ConvertTo-SecureString -AsPlainText $password -Force)
Set-ADUser -Identity "$name.$lastName" -Department $projectName -Title $position -Office $office -ChangePasswordAtLogon $true -EmailAddress "$login@mydomain.com"
Set-ADAccountPassword -Identity "$name.$lastName" -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)
Add-ADGroupMember -Identity GroupName -Members "$name.$lastName"
if ($pc -ne "") {
Set-ADUser -Identity "$name.$lastName" -Description $pc.ToUpper()
setAdmin $pc $login
setPcConfig $pc
setPcOwner $pc $login
}
sendMail "$login has been created"
}
function disableAdUser ($user) {
$userObj = Get-ADUser -Identity $user
Set-ADUser -Identity $user -Enabled 0
Move-ADObject -Identity $userObj -TargetPath "OU=Fired_users,OU=Users,DC=corp,DC=mydomain,DC=com"
sendMail "$user has been disabled"
}
2. Google Apps Script
Next, create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful service Apps Script . It is based on JavaScript. The abundance of documentation and little programming experience helped to figure this out. Here we similarly transfer these functions - the account is created.
We rework the Welcome letter template with the same tool, replacing% username%, etc. to real data and send pdf to HR-boss, boss, new user and of course to ourselves.
function createUser(name, lastName, gender, groups, password, title, department) {
var userMail = email((name + "." + lastName).toLowerCase());
var admin = email("admin");
var recipients = admin + "," + email("hr") + "," + email("boss");
var subject = "Welcome! " + name + " " + lastName + " - " + title;
var body = "Welcome to the jungle";
var attachment = makeWelcome(name, lastName, password);
var resource = {
"name": {
"familyName": lastName,
"givenName": name
},
"password": password,
"primaryEmail": userMail,
"changePasswordAtNextLogin": true,
"organizations": [{
"title": title,
"department": department
}],
"gender": {
"type": gender
}
}
AdminDirectory.Users.insert(resource);
Logger.log(userMail + "'S BEEN CREATED");
for (var i = 0; i < groups.length; i++) {
addMember(groups[i], userMail);
}
var options = {
"attachments": [attachment],
"name": "Sysadmin"
}
MailApp.sendEmail(recipients, subject, body, options);
MailApp.sendEmail(userMail, "Welcome!", body, options);
}
3. UI, automation
Of course, entering data from two consoles is not the result that I would like to get. Therefore, a Google form for data was created. Scripts are added to the scheduler to repeat every 5 minutes.
After working out the Google script, through Backup and Sync (GDrive) the data in the form of a text file is transferred to the local network. Here PowerShell is taken up - it parses the file and creates the AD user. Now beautiful!