Another example of automation or PowerShell + Google Apps Script

Laziness is the engine of progress ...

So I, finding a bit of free time, decided to automate a fairly routine task for each admin - creating and disconnecting users.

1. PowerShell

It all started with the creation of a script on PowerShell, where it was proposed to enter user data from the console. As a result, the AD user was created in the corresponding OU, with the fields filled in.

$files = Get-ChildItem -LiteralPath \\server\users$ -Include *.txt -File
foreach ($file in $files) {
    $text = Get-Content -Path $file.FullName
    $data = $text.Split(";")
    $action = $data[0]
    $name = $data[1]
    $lastName = $data[2]
    $password = $data[3]
    $project = $data[4]
    $position = $data[5]
    $pc = $data[6]    
    if ($action -eq "Add") {
        createADUser $name $lastName $project $position $password $pc
    elseif ($action -eq "Suspend") {
        disableAdUser ("$name.$lastName")
function createADUser($name, $lastName, $project, $position, $password, $pc) {
    $office = "Head Office"
    $path = "OU=Users,DC=corp,DC=mydomain,DC=com"
    $login = "$name.$lastName".ToLower()    
    if ($project -ne "") {
        $path = "OU=$project,$path"
    if ($password -eq "") {
        $password = "12345678"
    New-ADUser -Name "$name $lastName" -DisplayName "$name $lastName" -GivenName $name -Surname $lastName -SamAccountName $login -UserPrincipalName "$" -Path $path -Enabled $true -AccountPassword (ConvertTo-SecureString -AsPlainText $password -Force)
    Set-ADUser -Identity "$name.$lastName" -Department $projectName -Title $position -Office $office -ChangePasswordAtLogon $true -EmailAddress "$"
    Set-ADAccountPassword -Identity "$name.$lastName" -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)
    Add-ADGroupMember -Identity GroupName -Members "$name.$lastName"
    if ($pc -ne "") {
        Set-ADUser -Identity "$name.$lastName" -Description $pc.ToUpper()
        setAdmin $pc $login
        setPcConfig $pc
        setPcOwner $pc $login           
    sendMail "$login has been created"
function disableAdUser ($user) {
    $userObj = Get-ADUser -Identity $user
    Set-ADUser -Identity $user -Enabled 0    
    Move-ADObject -Identity $userObj -TargetPath "OU=Fired_users,OU=Users,DC=corp,DC=mydomain,DC=com"
    sendMail "$user has been disabled"    

2. Google Apps Script

Next, create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful service Apps Script . It is based on JavaScript. The abundance of documentation and little programming experience helped to figure this out. Here we similarly transfer these functions - the account is created.

We rework the Welcome letter template with the same tool, replacing% username%, etc. to real data and send pdf to HR-boss, boss, new user and of course to ourselves.

function createUser(name, lastName, gender, groups, password, title, department) {
  var userMail = email((name + "." + lastName).toLowerCase()); 
  var admin = email("admin");
  var recipients = admin + "," + email("hr") + "," + email("boss");
  var subject = "Welcome! " + name + " " + lastName + " - " + title;
  var body = "Welcome to the jungle";
  var attachment = makeWelcome(name, lastName, password);
  var resource = {
    "name": {
      "familyName": lastName,
      "givenName": name
    "password": password,
    "primaryEmail": userMail,
    "changePasswordAtNextLogin": true,
    "organizations": [{
      "title": title,
      "department": department
    "gender": {
      "type": gender
  Logger.log(userMail + "'S BEEN CREATED");
  for (var i = 0; i < groups.length; i++) {
    addMember(groups[i], userMail);
  var options = {
    "attachments": [attachment],
    "name": "Sysadmin"
  MailApp.sendEmail(recipients, subject, body, options);
  MailApp.sendEmail(userMail, "Welcome!", body, options);

3. UI, automation

Of course, entering data from two consoles is not the result that I would like to get. Therefore, a Google form for data was created. Scripts are added to the scheduler to repeat every 5 minutes.

After working out the Google script, through Backup and Sync (GDrive) the data in the form of a text file is transferred to the local network. Here PowerShell is taken up - it parses the file and creates the AD user. Now beautiful!

Also popular now: