Using PowerShell and custom templates to create new users

A popular use of PowerShell is to create all the IT resources that new users need, including Active Directory accounts, Exchange mailboxes, home folders, and so forth.

I've seen lots of implementations of these routines in PowerShell scripts, but they've all been iterative, meaning a script takes input, such as first name, last name, and so on, and then does everything it needs to do inside that script. There's another way to make this happen, and it might be easier.

We can take a piece from the Infrastructure as Code playbook, and instead of defining parameters in a script and processing everything in code, we can define the input needed in a template or manifest that contains what the state of the environment should look like after our script has run. If you're not familiar with this concept, it's easier to explain using an example.

Let's say I need to create a number of Active Directory user accounts and home folders for several new employees. To create these objects via templates, I need to define a specific schema for this template and the kind of file this template will be in. I like JSON, but you can use YAML, XML, or any other form of plain-text language.

I'll create a JSON file called Employees.json, which might look like the following:

You can see that I've simply created a structure off the top of my head. It doesn't matter how it's built as long as the schema is consistent. I've created support for multiple user accounts and folders, so I can quickly add another one if needed.

Once I have the template built, I can create the code to read the template in PowerShell. The template will be the script's input. First, I need to read the JSON file. I can do this by reading the text file and converting the JSON into a custom object I can read more easily with PowerShell.

Next, I'll begin processing each node in the JSON. Since I'll undoubtedly have more than one Active Directory user and folder, I'll process each node in the JSON with a for each loop. I'll create a PowerShell script, called Invoke-NewEmployeeProcess.ps1, with the following code:

Notice how I'm first checking for the existence of both objects (AD users and folders) and then I'm doing something. I'm making this little solution of ours idempotent, meaning I can run this as many times as I like, and the outcome will be the same.

Now that I have built the code, let's put them together and update the script to account for different template file paths.

The script is finished now, so let’s run it twice and see what happens.

Processing the new employee template

Processing the new employee template

Notice that it created the user and the home folders, but running it again didn’t have any effect. At this point, I can add as many users and folders as I need to the template, run the script again, and it will simply process the JSON file again!

This is a basic example, but you can take this approach for just about anything. Create a manifest/template in a file that has a specific schema, represent what objects you need, and build the PowerShell code to read the file and process each node the same way.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2020


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account