I’m fairly new to powershell.
I’m looking to get some idea how I can a built a better AD new hire account script.
This is where I’am hoping to find easier way to manage the user group adding.
We have like 25 offices. Each office has at least 3-5 different departments.
I have been using two different switch statement for one for updating office address and other information and one to add the group membership. Managing the groups is pain as Each department in office has some common group and 2 or 3 exclusive group.
This is just sample of first few line of switch
Switch ($office) {
'Mississauga' { Set-ADUser -Identity $ADusername -City Waterloo -Company "JayBala" -Country CA -Fax 905-111-39392 -PostalCode "L6N 2W8" -Server $DC -State ON -StreetAddress "25 Billing Road"}
'Winnipeg' { Set-ADUser -Identity $ADusername -City Watertown -Company "JayBala." -Country CA -Fax 905-111-39392 -PostalCode "L6N 2W8" -Server $DC -State MB -StreetAddress "54 Terry Road"}
'Richmond' { Set-ADUser -Identity $ADusername -City Richmond -Company "JayBala." -Country CA -Fax 905-111-39392 -PostalCode "L6N 2W8" -State BC -StreetAddress "23 Winter Road" -Server $DC}
This is switch I'm using for adding groups based on department. This is hard to maintain as I said. Each office may have 3-5 different department with some common group and 1-2 exclusive groups.
Switch ($department) {
'Waterlooo EDR' {Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf ('ED_Security','EDR','All - Waterloo') -Server $dc }
'Waterlooo GEO' {Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf ('ED_Security','EDR','All - Waterloo') -Server $dc }
'Waterlooo HAZ' {Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf ('HA_Security','Waterloo -Haz','All - Waterloo') -Server $dc }
'Waterlooo BSS' {Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf ('BS_Security','BSG Group','All - Waterloo','Waterloo-BSS') -Server $dc }
'Waterlooo ERC' {Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf ('VE_Security','Waterloo-ERC','All-Waterloo') -Server $dc }
This is just a sample.
Is there any better way of doing this?
CodePudding user response:
Perhaps easier to maintain is by using a Hashtables.
As for the first part, where you now have a switch to get the correct values for the new user's location, I would create a nested HashTable.
This may look like a lot of text, but it helps in maintaining the values in an orderly way.
Also, by doing this, you can use the inner Hashtables for splatting the parameters to Set-ADUser
, as long as you use the correct parameter (key) names as shown in the documentation
$officeLocations = @{
'Mississauga' = @{ City = 'Waterloo'
Company = 'JayBala'
Country = 'CA'
Fax = '905-111-39392'
PostalCode = 'L6N 2W8'
Server = $DC
State = 'ON'
StreetAddress = '25 Billing Road'
}
'Winnipeg' = @{ City = 'Watertown'
Company = 'JayBala'
Country = 'CA'
Fax = '905-111-12345'
PostalCode = 'L6N 2W8'
Server = $DC
State = 'MB'
StreetAddress = '54 Terry Road'
}
'Richmond' = @{ City = 'Richmond'
Company = 'JayBala'
Country = 'CA'
Fax = '905-111-67890'
PostalCode = 'L8N 2W8'
Server = $DC
State = 'BC'
StreetAddress = '23 Winter Road'
}
# and so on
}
Next, create a second Hashtable to store and combine the department names with the groups.
Each key in the Hash will store an array of group names, or a single groupname
$officeGroups = @{
'Waterlooo EDR' = 'ED_Security','EDR','All - Waterloo'
'Waterlooo GEO' = 'ED_Security','EDR','All - Waterloo'
'Waterlooo HAZ' = 'HA_Security','Waterloo -Haz','All - Waterloo'
'Waterlooo BSS' = 'BS_Security','BSG Group','All - Waterloo','Waterloo-BSS'
'Waterlooo ERC' = 'VE_Security','Waterloo-ERC','All-Waterloo'
# and so on
}
Now the code can be simplified like this:
if ($officeLocations.ContainsKey($office)) {
# use the underlying Hashtable for splatting the properties
$properties = $officeLocations[$office] # get the Hash with location properties
$properties['Identity'] = $ADusername # add an Identity item
Set-ADUser @properties
# now that we have set location properties, proceed adding the user to the correct group based on the $department
if ($officeGroups.ContainsKey($department)) {
Add-ADPrincipalGroupMembership -Identity $ADusername -MemberOf $officeGroups[$department] -Server $dc
}
else {
Write-Warning "Could not find groups for department '$department'"
}
}
else {
Write-Warning "Could not find a location for office '$office'"
}