I have two functions, one for creating an AD account, another for creating a
mailbox. The AD account function has a switch for mailbox creation which calls
the create mailbox function.
The issue I am running into is passing information from the create mailbox back
to the parent user creation function. Our Helpdesk staff are not strong with
PowerShell and I'm trying to provide text output so they can validate the
script worked. The problem I'm encountering is getting both the outputting the
'write-output' steps in the mailbox function and returning a success/fail
result. If I store the function in a variable, I can get it to return the
success/failure, but it won't output the text as the function runs. If I don't
perform a '$Result = create mailbox function', the various outputs from the
mailbox function are visible, but then I have no way of validating it actually
worked (for screen output purposes of pass/fail.)
I'm attaching both functions (scrubbed of any sensitive data), but I'm
wondering if this is where scoping gets involved with respect to
global/local/script? I'm reading up on the concept but I'm not sure that's the
appropriate path.
Any help is appreciated.
Thank you.
Confidentiality Notice: This is a transmission from Community Hospital of the
Monterey Peninsula. This message and any attached documents may be confidential
and contain information protected by state and federal medical privacy
statutes. They are intended only for the use of the addressee. If you are not
the intended recipient, any disclosure, copying, or distribution of this
information is strictly prohibited. If you received this transmission in error,
please accept our apologies and notify the sender. Thank you.
<#
.Synopsis
Creates a new user account in Active Directory.
.DESCRIPTION
Creates a new user in AD with options to use an
existing user as a template or as a new account
without any previous dependencies. By default an
Exchange mailbox is created for the user in the
same domain. This can be switched off.
.EXAMPLE
Add-NewUser -NoMailbox
The 'NoMailbox' switch means the user will be created but will skip the
mailbox creation process
.EXAMPLE
Add-NewUser -NoCopy
The 'NoCopy' switch means no tempalte user will be used during the
provisioning process. The user will be created with no additional
groups or attributes (Department, Title, etc.)
#>
function Add-NewUser
{
[CmdletBinding(DefaultParameterSetName="CopyUser")]
#[Alias()]
Param
(
[Parameter(ParameterSetName="NewUser")]
[switch]
$NoCopy,
[Parameter(Mandatory=$false)]
[switch]
$NoMailbox,
[Parameter(Mandatory=$true,ParameterSetName="CopyUser",
ValueFromPipelineByPropertyName=$true)]
[Parameter(Mandatory=$true,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
[ValidateSet("Company1",
"Company2",
"Company3",
"Company4",
"Company5")]
$Company,
[Parameter(Mandatory=$true,ParameterSetName="CopyUser",
ValueFromPipelineByPropertyName=$true)]
[Parameter(Mandatory=$true,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true,
Position=0)]
[ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match
"[a-zA-Z]+$")})]
$FirstName,
[Parameter(Mandatory=$true,ParameterSetName="CopyUser",
ValueFromPipelineByPropertyName=$true)]
[Parameter(Mandatory=$true,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
[ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match
"[a-zA-Z]+$")})]
$LastName,
[Parameter(Mandatory=$true,ParameterSetName="CopyUser",
ValueFromPipelineByPropertyName=$true)]
[Parameter(Mandatory=$true,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
[ValidateScript({$_ -match "^[1-9]"})]
[int]
$EmployeeID,
[Parameter(Mandatory=$false,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
$PhoneNumber,
[Parameter(Mandatory=$false,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
$OUPath,
[Parameter(Mandatory=$false,ParameterSetName="NewUser",
ValueFromPipelineByPropertyName=$true)]
$Password,
[Parameter(Mandatory=$true,ParameterSetName="CopyUser",
ValueFromPipelineByPropertyName=$true)]
$SourceUser
)
Begin
{
$SaveEApref = $ErrorActionPreference
$ErrorActionPreference = 'Stop'
$error.Clear()
[bool]$failed = $false
If($Password -eq $null)
{
$Password = "Password!"
}
$Cred = Get-Credential
Clear-Host
}
Process
{
# Store company specific information #
$Hash = @{"Company1" = @{"Domain" = "Company1.org";
"EmailDomain" = "Company1.org";
"OUPath" = "CN=Users,DC=Company1,DC=org"
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
"Company2" = @{"Domain" = "Company1.org";
"EmailDomain" = "subcompany1.org";
"OUPath" = "CN=Users,DC=Company1,DC=org"
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
"Company3" = @{"Domain" = "Company1.org";
"EmailDomain" = "subcompany2.org";
"OUPath" = "CN=Users,DC=Company1,DC=org"
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
"Company4" = @{"Domain" = "Company4.org";
"EmailDomain" = "Company4.org";
"OUPath" = "CN=Users,DC=company4,DC=org"
"URI"="http://exchsrvr.company4.org/PowerShell/"}
"Company5" = @{"Domain" = "Company5.org";
"EmailDomain" = "company5.org";
"OUPath" = "CN=Users,DC=company5,DC=org"
"URI"="http://exchsrvr.company5.org/PowerShell/"}
}
# Get DC from specified domain
[string]$DC = (Get-ADDomainController -Discover -DomainName
$($Hash.$Company.Domain)).hostname
# Generate UserID (SamAccountname) for AD User creation
$UserID = (($FirstName.Substring(0,1)) + ($LastName.Substring(0,1)) +
$EmployeeID)
If($NoCopy)
{
Write-Output "Creating new User: $FirstName $LastName ($userID)"
$Pswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Params = @{Name = "$($LastName.Trim()), $($FirstName.Trim())";
SamAccountName = $UserID;
Enabled = $True;
UserPrincipalName = "$UserID@$($Hash.$Company.Domain)";
DisplayName = "$($LastName.Trim()),
$($FirstName.Trim())";
Company = $Company;
EmployeeID = $EmployeeID;
GivenName = $($FirstName.Trim());
Surname = $($LastName.Trim());
OfficePhone = $PhoneNumber;
Path = $($Hash.$Company.OUPath);
Server = $DC
Credential = $Cred}
# Validate user ID
$UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID}
If($UserExists)
{
Write-Warning "$UserID already exists in
$($Hash.$Company.Domain)"
$Failed = $True
}
Else
{
Write-Output "$UserID not found"
}
If($Failed -eq $False)
{
Try{
New-ADUser @Params
"Successfully created AD account for $UserID"
$Failed = !$?
} Catch {
Write-Warning "Failed to create AD user: $UserID"
$Failed = $True
}
}
If($Failed -eq $False)
{
Write-Output "$UserID AD provisioning completed successfully"
}
Elseif($failed -eq $true)
{
Write-Warning "Provisioning of $UserID failed."
}
}
Else
{
Try
{
$CopyTo = Get-ADUser $SourceUser -Properties
Department,Title,MemberOf -Server $DC -Credential $Cred
$Failed = !$?
} Catch {
Write-Warning "Error: Unable to find source acct: $SourceUser.
Aborting user copy."
$Failed = $True
}
If($Failed -eq $False)
{
Write-Output "Checking $UserID for duplicate name"
$UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID}
If($UserExists)
{
Write-Warning "$UserID already exists in
$($Hash.$Company.Domain)"
$Failed = $True
}
Else
{
Write-Output "$UserID not found"
}
If($Failed -eq $False)
{
Try{
$OUSplit = $CopyTo.DistinguishedName -split '(?<!\\),'
$OUPath = $OUSplit[1..$($OUSplit.Count-1)] -join ','
} Catch {
$OUPath = $($Hash.$Company.OUPath)
}
Write-Output "Creating $UserID using $SourceUser as
template"
$Pswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Params = @{Name = "$($LastName.Trim()),
$($FirstName.Trim())";
SamAccountName = $UserID;
UserPrincipalName =
"$UserID@$($Hash.$Company.Domain)";
Path = $OUPath
DisplayName = "$($LastName.Trim()),
$($FirstName.Trim())";
Company = $Company;
Department = $($CopyTo.Department);
Title = $($CopyTo.Title);
EmployeeID = $EmployeeID;
GivenName = $($FirstName.Trim());
Surname = $($LastName.Trim());
OfficePhone = $PhoneNumber;
AccountPassword = $Pswd;
Enabled = $True;
ChangePasswordAtLogon = $True;
Server = $DC
Credential = $Cred}
Try
{
New-ADUser @Params
Write-Output "Created AD account
$UserID@$($Hash.$Company.Domain) successfully"
$Failed = !$?
} Catch {
Write-Warning "Failed to create $UserID from
$SourceUser"
$Failed = $True
Try
{
Write-Output "Copying group memberships from
$SourceUser to $UserID"
Foreach($Group in $CopyTo.MemberOf)
{
Add-ADGroupMember $Group -Members $UserID -Server
$DC -Credential $Cred
}
} Catch {
Write-Output "Failed to copy $SourceUser groups to
$UserID"
}
}
}
}
If($Failed -eq $True)
{
Write-Warning "Provisioning of $UserID failed."
}
}
# Enable Mailbox if AD user creation succeeds
If(($NoMailbox -eq $False) -and ($Failed -eq $True))
{
Write-Warning "Failed to create AD object $UserID"
Write-Warning "Aborting Enable-Mailbox operation for $UserID"
}
Elseif(($NoMailbox -eq $False) -and ($Failed -eq $False))
{
$FirstName = $FirstName -replace " " -replace "'"
$LastName = $LastName -replace " " -replace "'"
$MailParams = @{User = $UserID
EmailAddress =
"$FirstName.$LastName@$($Hash.$Company.EmailDomain)"
Alias = $UserID
URI = $($Hash.$Company.URI)
Cred = $Cred}
Enable-UserMailbox @MailParams
}
# Result statements
If(($NoMailbox -eq $True) -and ($Failed -eq $False))
{
Write-Output "No Mailbox requested. Skipping mailbox creation"
Write-Output "$UserID provisioning complete"
}
################################################################
<#
# I want to Validate 'Enable-UserMailbox' completed successfully.
# If 'Enable-UserMailbox' returns success for following pseudocode
ElseIf($Enable-Usermailbox -eq sucess) -and ($failed -eq $false))
#Pseudocode
{
# Write-Output 'Success'
}
#>
################################################################
} # Exit Process block
End
{
}
}
function Enable-UserMailbox
{
[CmdletBinding()]
[Alias()]
Param
(
# Define AD user to enable mailbox
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$UserID,
# Defines primary SMTP address for user
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$EmailAddress,
# Defines Alias for user's mailbox
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Alias,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Cred,
# URI for Exchange server connection
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$URI
)
Begin
{
Write-Output "Establishing Exchange server connection"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange
-ConnectionUri $URI -Authentication Kerberos -Credential $Cred
Import-PSSession $Session -DisableNameChecking | Out-Null
}
Process
{
Try
{
Enable-Mailbox $UserID -PrimarySMTPAddress $EmailAddress -Alias
$Alias | Out-Null
Write-Output "Created mailbox for $UserID`: $EmailAddress"
} Catch {
Write-Warning "Failed to create mailbox for $UserID"
}
}
End
{
Get-PSSession | Remove-PSSession
}
}
