I have two functions, one for creating an AD account, another for creating a mailbox. The AD account function has a switch for mailbox creation which calls the create mailbox function.
The issue I am running into is passing information from the create mailbox back to the parent user creation function. Our Helpdesk staff are not strong with PowerShell and I'm trying to provide text output so they can validate the script worked. The problem I'm encountering is getting both the outputting the 'write-output' steps in the mailbox function and returning a success/fail result. If I store the function in a variable, I can get it to return the success/failure, but it won't output the text as the function runs. If I don't perform a '$Result = create mailbox function', the various outputs from the mailbox function are visible, but then I have no way of validating it actually worked (for screen output purposes of pass/fail.) I'm attaching both functions (scrubbed of any sensitive data), but I'm wondering if this is where scoping gets involved with respect to global/local/script? I'm reading up on the concept but I'm not sure that's the appropriate path. Any help is appreciated. Thank you. Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
<# .Synopsis Creates a new user account in Active Directory. .DESCRIPTION Creates a new user in AD with options to use an existing user as a template or as a new account without any previous dependencies. By default an Exchange mailbox is created for the user in the same domain. This can be switched off. .EXAMPLE Add-NewUser -NoMailbox The 'NoMailbox' switch means the user will be created but will skip the mailbox creation process .EXAMPLE Add-NewUser -NoCopy The 'NoCopy' switch means no tempalte user will be used during the provisioning process. The user will be created with no additional groups or attributes (Department, Title, etc.) #> function Add-NewUser { [CmdletBinding(DefaultParameterSetName="CopyUser")] #[Alias()] Param ( [Parameter(ParameterSetName="NewUser")] [switch] $NoCopy, [Parameter(Mandatory=$false)] [switch] $NoMailbox, [Parameter(Mandatory=$true,ParameterSetName="CopyUser", ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$true,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] [ValidateSet("Company1", "Company2", "Company3", "Company4", "Company5")] $Company, [Parameter(Mandatory=$true,ParameterSetName="CopyUser", ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$true,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true, Position=0)] [ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match "[a-zA-Z]+$")})] $FirstName, [Parameter(Mandatory=$true,ParameterSetName="CopyUser", ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$true,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] [ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match "[a-zA-Z]+$")})] $LastName, [Parameter(Mandatory=$true,ParameterSetName="CopyUser", ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$true,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] [ValidateScript({$_ -match "^[1-9]"})] [int] $EmployeeID, [Parameter(Mandatory=$false,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] $PhoneNumber, [Parameter(Mandatory=$false,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] $OUPath, [Parameter(Mandatory=$false,ParameterSetName="NewUser", ValueFromPipelineByPropertyName=$true)] $Password, [Parameter(Mandatory=$true,ParameterSetName="CopyUser", ValueFromPipelineByPropertyName=$true)] $SourceUser ) Begin { $SaveEApref = $ErrorActionPreference $ErrorActionPreference = 'Stop' $error.Clear() [bool]$failed = $false If($Password -eq $null) { $Password = "Password!" } $Cred = Get-Credential Clear-Host } Process { # Store company specific information # $Hash = @{"Company1" = @{"Domain" = "Company1.org"; "EmailDomain" = "Company1.org"; "OUPath" = "CN=Users,DC=Company1,DC=org" "URI"="http://exchsrvr.Company1.org/PowerShell/"} "Company2" = @{"Domain" = "Company1.org"; "EmailDomain" = "subcompany1.org"; "OUPath" = "CN=Users,DC=Company1,DC=org" "URI"="http://exchsrvr.Company1.org/PowerShell/"} "Company3" = @{"Domain" = "Company1.org"; "EmailDomain" = "subcompany2.org"; "OUPath" = "CN=Users,DC=Company1,DC=org" "URI"="http://exchsrvr.Company1.org/PowerShell/"} "Company4" = @{"Domain" = "Company4.org"; "EmailDomain" = "Company4.org"; "OUPath" = "CN=Users,DC=company4,DC=org" "URI"="http://exchsrvr.company4.org/PowerShell/"} "Company5" = @{"Domain" = "Company5.org"; "EmailDomain" = "company5.org"; "OUPath" = "CN=Users,DC=company5,DC=org" "URI"="http://exchsrvr.company5.org/PowerShell/"} } # Get DC from specified domain [string]$DC = (Get-ADDomainController -Discover -DomainName $($Hash.$Company.Domain)).hostname # Generate UserID (SamAccountname) for AD User creation $UserID = (($FirstName.Substring(0,1)) + ($LastName.Substring(0,1)) + $EmployeeID) If($NoCopy) { Write-Output "Creating new User: $FirstName $LastName ($userID)" $Pswd = ConvertTo-SecureString $Password -AsPlainText -Force $Params = @{Name = "$($LastName.Trim()), $($FirstName.Trim())"; SamAccountName = $UserID; Enabled = $True; UserPrincipalName = "$UserID@$($Hash.$Company.Domain)"; DisplayName = "$($LastName.Trim()), $($FirstName.Trim())"; Company = $Company; EmployeeID = $EmployeeID; GivenName = $($FirstName.Trim()); Surname = $($LastName.Trim()); OfficePhone = $PhoneNumber; Path = $($Hash.$Company.OUPath); Server = $DC Credential = $Cred} # Validate user ID $UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID} If($UserExists) { Write-Warning "$UserID already exists in $($Hash.$Company.Domain)" $Failed = $True } Else { Write-Output "$UserID not found" } If($Failed -eq $False) { Try{ New-ADUser @Params "Successfully created AD account for $UserID" $Failed = !$? } Catch { Write-Warning "Failed to create AD user: $UserID" $Failed = $True } } If($Failed -eq $False) { Write-Output "$UserID AD provisioning completed successfully" } Elseif($failed -eq $true) { Write-Warning "Provisioning of $UserID failed." } } Else { Try { $CopyTo = Get-ADUser $SourceUser -Properties Department,Title,MemberOf -Server $DC -Credential $Cred $Failed = !$? } Catch { Write-Warning "Error: Unable to find source acct: $SourceUser. Aborting user copy." $Failed = $True } If($Failed -eq $False) { Write-Output "Checking $UserID for duplicate name" $UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID} If($UserExists) { Write-Warning "$UserID already exists in $($Hash.$Company.Domain)" $Failed = $True } Else { Write-Output "$UserID not found" } If($Failed -eq $False) { Try{ $OUSplit = $CopyTo.DistinguishedName -split '(?<!\\),' $OUPath = $OUSplit[1..$($OUSplit.Count-1)] -join ',' } Catch { $OUPath = $($Hash.$Company.OUPath) } Write-Output "Creating $UserID using $SourceUser as template" $Pswd = ConvertTo-SecureString $Password -AsPlainText -Force $Params = @{Name = "$($LastName.Trim()), $($FirstName.Trim())"; SamAccountName = $UserID; UserPrincipalName = "$UserID@$($Hash.$Company.Domain)"; Path = $OUPath DisplayName = "$($LastName.Trim()), $($FirstName.Trim())"; Company = $Company; Department = $($CopyTo.Department); Title = $($CopyTo.Title); EmployeeID = $EmployeeID; GivenName = $($FirstName.Trim()); Surname = $($LastName.Trim()); OfficePhone = $PhoneNumber; AccountPassword = $Pswd; Enabled = $True; ChangePasswordAtLogon = $True; Server = $DC Credential = $Cred} Try { New-ADUser @Params Write-Output "Created AD account $UserID@$($Hash.$Company.Domain) successfully" $Failed = !$? } Catch { Write-Warning "Failed to create $UserID from $SourceUser" $Failed = $True Try { Write-Output "Copying group memberships from $SourceUser to $UserID" Foreach($Group in $CopyTo.MemberOf) { Add-ADGroupMember $Group -Members $UserID -Server $DC -Credential $Cred } } Catch { Write-Output "Failed to copy $SourceUser groups to $UserID" } } } } If($Failed -eq $True) { Write-Warning "Provisioning of $UserID failed." } } # Enable Mailbox if AD user creation succeeds If(($NoMailbox -eq $False) -and ($Failed -eq $True)) { Write-Warning "Failed to create AD object $UserID" Write-Warning "Aborting Enable-Mailbox operation for $UserID" } Elseif(($NoMailbox -eq $False) -and ($Failed -eq $False)) { $FirstName = $FirstName -replace " " -replace "'" $LastName = $LastName -replace " " -replace "'" $MailParams = @{User = $UserID EmailAddress = "$FirstName.$LastName@$($Hash.$Company.EmailDomain)" Alias = $UserID URI = $($Hash.$Company.URI) Cred = $Cred} Enable-UserMailbox @MailParams } # Result statements If(($NoMailbox -eq $True) -and ($Failed -eq $False)) { Write-Output "No Mailbox requested. Skipping mailbox creation" Write-Output "$UserID provisioning complete" } ################################################################ <# # I want to Validate 'Enable-UserMailbox' completed successfully. # If 'Enable-UserMailbox' returns success for following pseudocode ElseIf($Enable-Usermailbox -eq sucess) -and ($failed -eq $false)) #Pseudocode { # Write-Output 'Success' } #> ################################################################ } # Exit Process block End { } }
function Enable-UserMailbox { [CmdletBinding()] [Alias()] Param ( # Define AD user to enable mailbox [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] $UserID, # Defines primary SMTP address for user [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] $EmailAddress, # Defines Alias for user's mailbox [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] $Alias, [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] $Cred, # URI for Exchange server connection [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] $URI ) Begin { Write-Output "Establishing Exchange server connection" $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $URI -Authentication Kerberos -Credential $Cred Import-PSSession $Session -DisableNameChecking | Out-Null } Process { Try { Enable-Mailbox $UserID -PrimarySMTPAddress $EmailAddress -Alias $Alias | Out-Null Write-Output "Created mailbox for $UserID`: $EmailAddress" } Catch { Write-Warning "Failed to create mailbox for $UserID" } } End { Get-PSSession | Remove-PSSession } }