Скрипты Windows PowerShell для работы с Active Directory

0
1065
Скрипты Windows PowerShell для работы с Active Directory
Скрипты Windows PowerShell для работы с Active Directory

Добрый день уважаемые системные администраторы. Предлагаем подборку скриптов под PowerShell для работы с Active Directory.

Меню

Добавление пользователя в группу
Изменение вкладки Address
Изменение вкладки Organization
Изменение вкладки Profile
Изменение вкладки Telephone
Изменение общей информации о пользователе
Изменение одного атрибута пользователя
Создание доменных групп
Создание доменных пользователей
Создание и включение учетной записи

Добавление пользователя в группу

param($name,$group,$ou,$dc,[switch]$help)
function funHelp()
{
$helpText=@"
DESCRIPTION:
NAME: AddUserToGroup.ps1
Adds a user account to a group
 
PARAMETERS: 
-name        name of the user 
-ou          ou of the group
-dc          domain of the user
-group       group to modify
-help        prints help file
 
SYNTAX:
AddUserToGroup.ps1 -name "cn=MyNewUser" -ou "ou=myOU" `
               -dc "dc=nwtraders,dc=com" `
               -group "cn=MyGroup"
                
Adds a user named MyNewUser in the myOU 
organizational unit in the nwtraders.com domain
to the MyGroup group in the same OU.
 
AddUserToGroup.ps1 -help
 
Displays the help topic for the script
 
"@
$helpText
exit
}
 
if($help){ "Obtaining help ..." ; funhelp }
if(!$name -or !$dc -or !$group -or !$ou) 
  { "Missing parameter ..." ; funhelp }
 
$CLass = "User"
"Modifying $name,$ou,$dc"
$ADSI = [ADSI]"LDAP://$group,$ou,$dc"
$ADSI.add("LDAP://$name,$ou,$dc")

Изменение вкладки Address

$objUser = [ADSI]"LDAP://cn=MyNewUser,ou=myTestOU,dc=nwtraders,dc=msft"
$objUser.put("streetAddress", "123 main st")
$objUser.put("postOfficeBox", "po box 12")
$objUser.put("l", "Bedrock")
$objUser.put("st", "Arkansas")
$objUser.put("postalCode" , "12345")
$objUser.put("c", "US")
$objUser.put("co", "United States")
$objUser.put("countryCode", "840")
$objUser.setInfo()

Изменение вкладки Organization

$strDomain = "dc=nwtraders,dc=msft"
$strOU = "ou=myTestOU"
$strUser = "cn=MyNewUser"
$strManager = "cn=myBoss"
 
$objUser = [ADSI]"LDAP://$strUser,$strOU,$strDomain"
$objUser.put("title", "Mid-Level Manager")
$objUser.put("department", "sales")
$objUser.put("company", "North Wind Traders")
$objUser.put("manager", "$strManager,$strou,$strDomain")
 
$objUser.setInfo()

Изменение вкладки Profile

$objUser = [ADSI]"LDAP://cn=MyNewUser,ou=myTestOU,dc=nwtraders,dc=msft"
$objUser.put("profilePath", "\\London\profiles\myNewUser")
$objUser.put("scriptPath", "logon.vbs")
$objUser.put("homeDirectory", "\\london\users\myNewUser")
$objUser.put("homeDrive", "H:")
$objUser.setInfo()

Изменение вкладки Telephone

$objUser = [ADSI]"LDAP://cn=MyNewUser,ou=myTestOU,dc=nwtraders,dc=msft"
$objUser.Put("homePhone", "(215)788-4312")
$objUser.Put("pager", "(215)788-0112")
$objUser.Put("mobile", "(715)654-2341")
$objUser.Put("facsimileTelephoneNumber", "(215)788-3456")
$objUser.Put("ipPhone", "192.168.6.112")
$objUser.Put("info", "All contact information is confidential," `
     + "and is for official use only.")
$objUser.setInfo()

Изменение общей информации о пользователе

$objUser = [ADSI]"LDAP://cn=MyNewUser,ou=myTestOU,dc=nwtraders,dc=msft"
$objUser.put("SamaccountName", "myNewUser")
$objUser.put("givenName", "My")
$objUser.Put("initials", "N.")
$objUser.Put("sn", "User")
$objUser.Put("DisplayName", "My New User")
$objUser.Put("description" , "simple new user")
$objUser.Put("physicalDeliveryOfficeName", "RQ2")
$objUser.Put("telephoneNumber", "999-222-1111")
$objUser.Put("mail", "<a href="mailto:mnu@hotmail.com">mnu@hotmail.com</a>")
$objUser.Put("wwwHomePage", "<a href="http://www.mnu.msn.com"">http://www.mnu.msn.com"</a>)
$objUser.setInfo()

Изменение одного атрибута пользователя

param($name,$property,$value,$ou,$dc,[switch]$help)
function funHelp()
{
$helpText=@"
DESCRIPTION:
NAME: ModifyUser.ps1
Modifies a user account
 
PARAMETERS: 
-name        name of the user to modify
-ou          ou of the user
-dc          domain of the user
-property    attribute to modify
-value       value of the attribute
-help        prints help file
 
SYNTAX:
ModifyUser.ps1 -name "CN=MyNewUser" -ou "ou=myOU" `
               -dc "dc=nwtraders,dc=com" `
               -property "SamaccountName" `
               -value "MyNewUser"
 
Modifies a user named MyNewUser in the myOU 
organizational unit in the nwtraders.com domain
adds the SamaccountName attriute with a value
of MyNewUser
 
ModifyUser.ps1 -help
 
Displays the help topic for the script
 
"@
$helpText
exit
}
 
if($help){ "Obtaining help ..." ; funhelp }
if(!$name -or !$dc -or !$property -or !$value) 
  { "Missing parameter ..." ; funhelp }
 
$CLass = "User"
"Modifying $name,$ou,$dc"
$ADSI = [ADSI]"LDAP://$name,$ou,$dc"
$ADSI.put($property, $value)
$ADSI.setInfo()

Создание доменных групп

param($name,$ou,$dc,[switch]$help)
function funHelp()
{
$helpText=@"
DESCRIPTION:
NAME: CreateGroup.ps1
Creates a group
 
PARAMETERS: 
-name        name of the group to create
-ou          ou to create group in
-dc          domain to create group in
-help        prints help file
 
SYNTAX:
CreateGroup.ps1 -name "CN=MyNewGroup" -ou "myOU" `
               -dc "dc=nwtraders,dc=com"
 
Creates a group named MyNewGroup in the myOU 
organizational unit in the nwtraders.com domain
 
CreateGroup.ps1 -name "CN=MyNewGroup" `
               -dc "dc=nwtraders,dc=com"
 
Creates a group named MyNewGroup in the users 
container in the nwtraders.com domain
 
CreateGroup.ps1 -help
 
Displays the help topic for the script
 
"@
$helpText
exit
}
 
if($help){ "Obtaining help ..." ; funhelp }
if(!$name -or !$dc) { "Missing name parameter ..." ; funhelp }
if($ou)
 {  "Creating group $name in LDAP://$ou,$dc" 
  $ADSI = [ADSI]"LDAP://$ou,$dc"
 }
ELSE
 { "Creating group $name in LDAP://cn=users,$dc"
  $ADSI = [ADSI]"LDAP://cn=users,$dc"
 }
 
$CLass = "Group"
$Group = $ADSI.create($CLass, $Name)
$Group.setInfo()

Создание доменных пользователей

param($name,$ou,$dc,[switch]$help)
function funHelp()
{
$helpText=@"
DESCRIPTION:
NAME: CreateUser.Ps1
Creates a user account
 
PARAMETERS: 
-name        name of the user to create
-ou          ou to create user in
-dc          domain to create user in
-help        prints help file
 
SYNTAX:
CreateUser.Ps1 -name "CN=MyNewUser" -ou "ou=myOU" `
               -dc "dc=nwtraders,dc=com"
 
Creates a user named MyNewUser in the myOU 
organizational unit in the nwtraders.com domain
 
CreateUser.ps1 -name "cn=myuser" -ou "ou=ou2,ou=mytestou" `
               -dc "dc=nwtraders,dc=com"
 
Creates a user named MyNewUser in the ou2 organizational 
unit. A child OU of the mytestou Organizational unit
in the nwtraders.com domain
 
CreateUser.Ps1 -name "CN=MyNewUser" `
               -dc "dc=nwtraders,dc=com"
 
Creates a user named MyNewUser in the users 
container in the nwtraders.com domain
 
CreateUser.Ps1 -help
 
Displays the help topic for the script
 
"@
$helpText
exit
}
 
if($help){ "Obtaining help ..." ; funhelp }
if(!$name -or !$dc) { "Missing name parameter ..." ; funhelp }
if($ou)
 {  "Creating user $name in LDAP://$ou,$dc" 
  $ADSI = [ADSI]"LDAP://$ou,$dc"
 }
ELSE
 { "Creating user $name in LDAP://cn=users,$dc"
  $ADSI = [ADSI]"LDAP://cn=users,$dc"
 }
 
$CLass = "User"
$User = $ADSI.create($CLass, $Name)
$User.setInfo()

Создание и включение учетной записи

param([switch]$help)
function funHelp()
{
$helpText=@"
DESCRIPTION:
NAME: CreateAndEnableUser.Ps1
Creates an enabled user account by reading csv file
 
PARAMETERS: 
 
-help        prints help file
 
SYNTAX:
CreateAndEnableUser.Ps1 
 
Creates an enabled user by reading a csv file
 
CreateAndEnableUser.Ps1 -help
 
Displays the help topic for the script
 
"@
$helpText
exit
}
 
if($help){ "Obtaining help ..." ; funhelp }
 
$aryUser= import-csv -Path c:\psbook\enabledusers.csv
$Class = "User"
$dc = "dc=nwtraders,dc=com"
 
foreach($strUser in $aryUser)
{
 $ou = "ou="+$strUser.OU
 $ADSI = [ADSI]"LDAP://$ou,$dc"
 $cnuser="cn="+$($strUser.userName)
 $User = $ADSI.create($CLass,$cnuser)
 $User.put("SamaccountName", $($strUser.username))
 $User.setInfo()
 $User.put("userPassword", $($strUser.Password))
 $user.psbase.invokeset("AccountDisabled", "False")
 $User.setInfo()
}