I have two functions, one for creating an AD account, another for creating a 
mailbox. The AD account function has a switch for mailbox creation which calls 
the create mailbox function.

The issue I am running into is passing information from the create mailbox back 
to the parent user creation function. Our Helpdesk staff are not strong with 
PowerShell and I'm trying to provide text output so they can validate the 
script worked. The problem I'm encountering is getting both the outputting the 
'write-output' steps in the mailbox function and returning a success/fail 
result. If I store the function in a variable, I can get it to return the 
success/failure, but it won't output the text as the function runs. If I don't 
perform a '$Result = create mailbox function', the various outputs from the 
mailbox function are visible, but then I have no way of validating it actually 
worked (for screen output purposes of pass/fail.)

I'm attaching both functions (scrubbed of any sensitive data), but I'm 
wondering if this is where scoping gets involved with respect to 
global/local/script? I'm reading up on the concept but I'm not sure that's the 
appropriate path.

Any help is appreciated.

Thank you.
Confidentiality Notice: This is a transmission from Community Hospital of the 
Monterey Peninsula. This message and any attached documents may be confidential 
and contain information protected by state and federal medical privacy 
statutes. They are intended only for the use of the addressee. If you are not 
the intended recipient, any disclosure, copying, or distribution of this 
information is strictly prohibited. If you received this transmission in error, 
please accept our apologies and notify the sender. Thank you.



<#
.Synopsis
   Creates a new user account in Active Directory.
.DESCRIPTION
   Creates a new user in AD with options to use an
   existing user as a template or as a new account
   without any previous dependencies. By default an
   Exchange mailbox is created for the user in the 
   same domain. This can be switched off. 
.EXAMPLE
   Add-NewUser -NoMailbox
   
   The 'NoMailbox' switch means the user will be created but will skip the
   mailbox creation process
.EXAMPLE
   Add-NewUser -NoCopy
   
   The 'NoCopy' switch means no tempalte user will be used during the
   provisioning process. The user will be created with no additional
   groups or attributes (Department, Title, etc.)
#>

function Add-NewUser
{
    [CmdletBinding(DefaultParameterSetName="CopyUser")]
    #[Alias()]
    Param
    (
        [Parameter(ParameterSetName="NewUser")]
        [switch]
        $NoCopy,        
        [Parameter(Mandatory=$false)]
        [switch]
        $NoMailbox,
        [Parameter(Mandatory=$true,ParameterSetName="CopyUser",
                   ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$true,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        [ValidateSet("Company1",
                     "Company2",
                     "Company3",
                     "Company4",
                     "Company5")]
        $Company,
        [Parameter(Mandatory=$true,ParameterSetName="CopyUser",
                   ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$true,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        [ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match 
"[a-zA-Z]+$")})]
        $FirstName,
        [Parameter(Mandatory=$true,ParameterSetName="CopyUser",
                   ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$true,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        [ValidateScript({($_ -match "^[a-zA-Z]") -and ($_ -match 
"[a-zA-Z]+$")})]
        $LastName,
        [Parameter(Mandatory=$true,ParameterSetName="CopyUser",
                   ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$true,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        [ValidateScript({$_ -match "^[1-9]"})]
        [int]
        $EmployeeID,
        [Parameter(Mandatory=$false,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        $PhoneNumber,
        [Parameter(Mandatory=$false,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        $OUPath,
        [Parameter(Mandatory=$false,ParameterSetName="NewUser",
                   ValueFromPipelineByPropertyName=$true)]
        $Password,
        [Parameter(Mandatory=$true,ParameterSetName="CopyUser",
                   ValueFromPipelineByPropertyName=$true)]
        $SourceUser
    )

    Begin
    {
        $SaveEApref = $ErrorActionPreference
        $ErrorActionPreference = 'Stop'        
        $error.Clear()
        [bool]$failed = $false
        
        If($Password -eq $null)
        {
            $Password = "Password!"
        }

        $Cred = Get-Credential
        Clear-Host
    }
    Process
    {

        # Store company specific information #
        $Hash = @{"Company1" = @{"Domain" = "Company1.org";
                                 "EmailDomain" = "Company1.org";
                                 "OUPath" = "CN=Users,DC=Company1,DC=org"
                                 
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
                  "Company2" = @{"Domain" = "Company1.org";
                                 "EmailDomain" = "subcompany1.org";
                                 "OUPath" = "CN=Users,DC=Company1,DC=org"
                                 
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
                  "Company3" = @{"Domain" = "Company1.org";
                                 "EmailDomain" = "subcompany2.org";
                                 "OUPath" = "CN=Users,DC=Company1,DC=org"
                                 
"URI"="http://exchsrvr.Company1.org/PowerShell/"}
                  "Company4" = @{"Domain" = "Company4.org";
                                 "EmailDomain" = "Company4.org";
                                 "OUPath" = "CN=Users,DC=company4,DC=org"
                                 
"URI"="http://exchsrvr.company4.org/PowerShell/"}
                  "Company5" = @{"Domain" = "Company5.org";
                                 "EmailDomain" = "company5.org";
                                 "OUPath" = "CN=Users,DC=company5,DC=org"
                                 
"URI"="http://exchsrvr.company5.org/PowerShell/"}
                 }
        # Get DC from specified domain
        [string]$DC = (Get-ADDomainController -Discover -DomainName 
$($Hash.$Company.Domain)).hostname
        
        # Generate UserID (SamAccountname) for AD User creation
        $UserID = (($FirstName.Substring(0,1)) + ($LastName.Substring(0,1)) + 
$EmployeeID)

        If($NoCopy)
        {
            Write-Output "Creating new User: $FirstName $LastName ($userID)"
            $Pswd = ConvertTo-SecureString $Password -AsPlainText -Force
            $Params = @{Name = "$($LastName.Trim()), $($FirstName.Trim())";
                        SamAccountName = $UserID;
                        Enabled = $True;
                        UserPrincipalName = "$UserID@$($Hash.$Company.Domain)";
                        DisplayName = "$($LastName.Trim()), 
$($FirstName.Trim())";
                        Company = $Company;
                        EmployeeID = $EmployeeID;
                        GivenName = $($FirstName.Trim());
                        Surname = $($LastName.Trim());
                        OfficePhone = $PhoneNumber;
                        Path = $($Hash.$Company.OUPath);
                        Server = $DC
                        Credential = $Cred}
            
            # Validate user ID
            $UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID}
            If($UserExists)
            {
                Write-Warning "$UserID already exists in 
$($Hash.$Company.Domain)"
                $Failed = $True
            }
            Else
            {
                Write-Output "$UserID not found"
            }

            If($Failed -eq $False)
            {
                Try{
                    New-ADUser @Params
                     "Successfully created AD account for $UserID"
                    $Failed = !$?
                } Catch {
                    Write-Warning "Failed to create AD user: $UserID"
                    $Failed = $True
                }
            }

            If($Failed -eq $False)
            {
                Write-Output "$UserID AD provisioning completed successfully"
            }
            Elseif($failed -eq $true)
            {
                Write-Warning "Provisioning of $UserID failed."
            }
            
        }
        Else
        {
            Try
            {
                $CopyTo = Get-ADUser $SourceUser -Properties 
Department,Title,MemberOf -Server $DC -Credential $Cred
                $Failed = !$?
            } Catch {
                Write-Warning "Error: Unable to find source acct: $SourceUser. 
Aborting user copy."
                $Failed = $True
            }

            If($Failed -eq $False)
            {
                Write-Output "Checking $UserID for duplicate name"
                $UserExists = Get-ADUser -Filter {SamAccountName -eq $UserID}
                If($UserExists)
                {
                    Write-Warning "$UserID already exists in 
$($Hash.$Company.Domain)"
                    $Failed = $True
                }
                Else
                {
                    Write-Output "$UserID not found"
                }
                If($Failed -eq $False)
                {
                    Try{
                        $OUSplit = $CopyTo.DistinguishedName -split '(?<!\\),'
                        $OUPath = $OUSplit[1..$($OUSplit.Count-1)] -join ','
                    } Catch {
                        $OUPath = $($Hash.$Company.OUPath)
                    }
                    Write-Output "Creating $UserID using $SourceUser as 
template"
                    $Pswd = ConvertTo-SecureString $Password -AsPlainText -Force
                    $Params = @{Name = "$($LastName.Trim()), 
$($FirstName.Trim())";
                                SamAccountName = $UserID;
                                UserPrincipalName = 
"$UserID@$($Hash.$Company.Domain)";
                                Path = $OUPath
                                DisplayName = "$($LastName.Trim()), 
$($FirstName.Trim())";
                                Company = $Company;
                                Department = $($CopyTo.Department);
                                Title = $($CopyTo.Title);
                                EmployeeID = $EmployeeID;
                                GivenName = $($FirstName.Trim());
                                Surname = $($LastName.Trim());
                                OfficePhone = $PhoneNumber;
                                AccountPassword = $Pswd;
                                Enabled = $True;
                                ChangePasswordAtLogon = $True;
                                Server = $DC
                                Credential = $Cred}
                    Try
                    {
                        New-ADUser @Params
                        Write-Output "Created AD account 
$UserID@$($Hash.$Company.Domain) successfully"
                        $Failed = !$?
                    } Catch {
                        Write-Warning "Failed to create $UserID from 
$SourceUser"
                        $Failed = $True
                    Try
                    {
                        Write-Output "Copying group memberships from 
$SourceUser to $UserID"
                        Foreach($Group in $CopyTo.MemberOf)
                        {
                            Add-ADGroupMember $Group -Members $UserID -Server 
$DC -Credential $Cred
                        }
                    } Catch {
                        Write-Output "Failed to copy $SourceUser groups to 
$UserID"
                    }
                    }
                }
            }
            
            If($Failed -eq $True)
            {
                Write-Warning "Provisioning of $UserID failed."
            }
            
        }
                    
        # Enable Mailbox if AD user creation succeeds
        If(($NoMailbox -eq $False) -and ($Failed -eq $True))
        {
            Write-Warning "Failed to create AD object $UserID"
            Write-Warning "Aborting Enable-Mailbox operation for $UserID"
        }
        Elseif(($NoMailbox -eq $False) -and ($Failed -eq $False))
        {
            $FirstName = $FirstName -replace " " -replace "'"
            $LastName = $LastName -replace " " -replace "'"
            $MailParams = @{User = $UserID
                            EmailAddress = 
"$FirstName.$LastName@$($Hash.$Company.EmailDomain)"
                            Alias = $UserID
                            URI = $($Hash.$Company.URI)
                            Cred = $Cred}

            Enable-UserMailbox @MailParams
        }

        # Result statements
        If(($NoMailbox -eq $True) -and ($Failed -eq $False))
        {
            Write-Output "No Mailbox requested. Skipping mailbox creation"
            Write-Output "$UserID provisioning complete"
        }

        ################################################################
        <#
        # I want to Validate 'Enable-UserMailbox' completed successfully.
        # If 'Enable-UserMailbox' returns success for following pseudocode
        
        ElseIf($Enable-Usermailbox -eq sucess) -and ($failed -eq $false)) 
#Pseudocode
        {
            # Write-Output 'Success'
        }
        #>
        ################################################################

    } # Exit Process block
    End
    {
    }

}
function Enable-UserMailbox
{
    [CmdletBinding()]
    [Alias()]
    Param
    (
        # Define AD user to enable mailbox
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $UserID,
        # Defines primary SMTP address for user
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true)]
        $EmailAddress,
        # Defines Alias for user's mailbox
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true)]
        $Alias,
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true)]
        $Cred,
        # URI for Exchange server connection
        [Parameter(Mandatory=$true,
           ValueFromPipelineByPropertyName=$true)]
        $URI
    )

    Begin
    {
        Write-Output "Establishing Exchange server connection"
        $Session = New-PSSession -ConfigurationName Microsoft.Exchange 
-ConnectionUri $URI -Authentication Kerberos -Credential $Cred
        Import-PSSession $Session -DisableNameChecking | Out-Null
    }
    Process
    {
        Try
        {
            Enable-Mailbox $UserID -PrimarySMTPAddress $EmailAddress -Alias 
$Alias | Out-Null
            Write-Output "Created mailbox for $UserID`: $EmailAddress"
        } Catch {
            Write-Warning "Failed to create mailbox for $UserID"
        }
    }
    End
    {
        Get-PSSession | Remove-PSSession
    }
}

Reply via email to