private/New-RBACUser.ps1
|
function New-RBACUser { [CmdletBinding(SupportsShouldProcess=$true)] Param ( [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [String]$GivenName, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [String]$Surname, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [String]$Title, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [String]$PhoneNumber, [Microsoft.ActiveDirectory.Management.ADDirectoryServer]$Server = (get-addomainController -Writable -Discover) ) BEGIN { $DNSDomain = (get-addomain).dnsroot } Process { $password = get-randomPassword $securePassword = $password | ConvertTo-SecureString -AsPlainText -force $userParams = @{ name = "{0}.{1}" -f $GivenName, $Surname GivenName = $GivenName SurName = $Surname samaccountName = "{0}.{1}" -f $GivenName, $Surname DisplayName = "{0} {1}" -f $GivenName, $Surname EmailAddress = "{0}.{1}@{2}" -f $GivenName, $Surname, $DNSDomain Title = $title OtherAttributes = @{ telephoneNumber = $phoneNumber } Enabled = $true Path = $settings.OUPaths.DefaultUsers AccountPassword = $securePassword UserPrincipalName = "{0}.{1}@{2}" -f $GivenName, $Surname, $DNSDomain } try { $User = new-aduser -server $server @userParams -passthru write-Host ("User '{0}' created at {1}." -f $user.userprincipalName, $userParams.path) write-host "PASSWORD: $password" } catch { write-warning $_.exception.getType().fullname throw $_ } } } |