Categories
Sponsors
Archive
Blogroll
Badges
Community
|
Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comment | 4,008 views | 02/03/2010 12:43
Creates a new user on Active Directory and sets “Password never expires”
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| Function Add-FTPUser
{
Param ($FTPUsername, $FTPPassword)
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$User = [ADSI] "LDAP://CN=$FTPUsername,$CustomerOU,$FQDN"
$PrincipalName = $FTPUsername + "@" + $ADDomainName
$AddADUser = $CustomerOU.Create("User","CN=$FTPUsername")
$AddADUser.Put("Description", "$FTPUsername")
$AddADUser.Put("sAMAccountName", "$FTPUsername")
$AddADUser.Put("userPrincipalName", "$PrincipalName")
$AddADUser.Put("DisplayName", "$FTPUsername")
$AddADUser.SetInfo()
$AddADUser.SetPassword($FTPPassword)
$AddADUser.SetInfo()
$AddADUser.Psbase.Invokeset("AccountDisabled", "False")
$AddADUser.SetInfo()
$AddADUser.Put("userAccountControl", "65536")
$AddADUser.SetInfo()
} |
Function Add-FTPUser
{
Param ($FTPUsername, $FTPPassword)
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$User = [ADSI] "LDAP://CN=$FTPUsername,$CustomerOU,$FQDN"
$PrincipalName = $FTPUsername + "@" + $ADDomainName
$AddADUser = $CustomerOU.Create("User","CN=$FTPUsername")
$AddADUser.Put("Description", "$FTPUsername")
$AddADUser.Put("sAMAccountName", "$FTPUsername")
$AddADUser.Put("userPrincipalName", "$PrincipalName")
$AddADUser.Put("DisplayName", "$FTPUsername")
$AddADUser.SetInfo()
$AddADUser.SetPassword($FTPPassword)
$AddADUser.SetInfo()
$AddADUser.Psbase.Invokeset("AccountDisabled", "False")
$AddADUser.SetInfo()
$AddADUser.Put("userAccountControl", "65536")
$AddADUser.SetInfo()
}
I didn’t change Primary Group of my FTP user. Because I don’t need for ACL.
Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comment | 5,832 views | 02/03/2010 12:40
Creates a new user on Active Directory, sets “Password never expires” and changes primary group of user.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| Function Add-IISUser
{
Param ($Username, $Password)
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$PrincipalName = $Username + "@" + $ADDomainName
$AddADUser = $CustomerOU.Create("User","CN=$Username")
$AddADUser.Put("Description", "$Username")
$AddADUser.Put("sAMAccountName", "$Username")
$AddADUser.Put("userPrincipalName", "$PrincipalName")
$AddADUser.Put("DisplayName", "$Username")
$AddADUser.SetInfo()
$AddADUser.SetPassword($Password)
$AddADUser.SetInfo()
$AddADUser.Psbase.Invokeset("AccountDisabled", "False")
$AddADUser.SetInfo()
$AddADUser.Put("userAccountControl", "65536")
$AddADUser.SetInfo()
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($AddADUser.AdsPath))
$AddADUser.Put("primaryGroupId", $NewGroupToken)
$AddADUser.SetInfo()
$DomainUsers.Remove([String]($AddADUser.AdsPath))
} |
Function Add-IISUser
{
Param ($Username, $Password)
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$PrincipalName = $Username + "@" + $ADDomainName
$AddADUser = $CustomerOU.Create("User","CN=$Username")
$AddADUser.Put("Description", "$Username")
$AddADUser.Put("sAMAccountName", "$Username")
$AddADUser.Put("userPrincipalName", "$PrincipalName")
$AddADUser.Put("DisplayName", "$Username")
$AddADUser.SetInfo()
$AddADUser.SetPassword($Password)
$AddADUser.SetInfo()
$AddADUser.Psbase.Invokeset("AccountDisabled", "False")
$AddADUser.SetInfo()
$AddADUser.Put("userAccountControl", "65536")
$AddADUser.SetInfo()
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($AddADUser.AdsPath))
$AddADUser.Put("primaryGroupId", $NewGroupToken)
$AddADUser.SetInfo()
$DomainUsers.Remove([String]($AddADUser.AdsPath))
}
Our new Primary Group is IIS_USERS as you see. You can change that group name.
Posted in Hosting & IIS7, Windows Powershell, Windows Server | 1 Comment | 12,166 views | 02/03/2010 12:35
My script works on all Active Directory Infrastructures without any change on script.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| Function Get-ADInfo
{
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$Netbios = $ADDomain.Name.Split(".")[0].ToUpper()
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$Results = New-Object Psobject
$Results | Add-Member Noteproperty Domain $ADDomainName
$Results | Add-Member Noteproperty FQDN $FQDN
$Results | Add-Member Noteproperty Server $ADServer
$Results | Add-Member Noteproperty Netbios $Netbios
Write-Output $Results
} |
Function Get-ADInfo
{
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$Netbios = $ADDomain.Name.Split(".")[0].ToUpper()
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$Results = New-Object Psobject
$Results | Add-Member Noteproperty Domain $ADDomainName
$Results | Add-Member Noteproperty FQDN $FQDN
$Results | Add-Member Noteproperty Server $ADServer
$Results | Add-Member Noteproperty Netbios $Netbios
Write-Output $Results
}
Usage is pretty simple:
Thats all! :)
Getting Netbios name:
Getting FQDN:
Getting Active Directory Domain Name:
(Get-ADInfo).$ADDomainName |
(Get-ADInfo).$ADDomainName
Getting Active Directory Primary Server Name:
You can use this in your all scripts. You no longer need any active directory information.
Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comment | 4,669 views | 02/03/2010 12:26
It’s very easy to remove an Active Directory user with Powershell.
1
2
| $CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$RemoveADUser = $CustomerOU.Delete("User", "CN=$Username") |
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$RemoveADUser = $CustomerOU.Delete("User", "CN=$Username")
Again and again, please be sure about your LDAP path.
Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comment | 8,559 views | 02/03/2010 12:23
You see how easy to change ad user password with Powershell.
1
2
3
| $ADUser = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$ADUser.SetPassword($Password)
$ADUser.SetInfo() |
$ADUser = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$ADUser.SetPassword($Password)
$ADUser.SetInfo()
Again, be careful to LDAP name. Have fun!
Posted in Hosting & IIS7, Windows Powershell, Windows Server | 1 Comment | 9,736 views | 02/03/2010 12:19
As you know, changing Primary Group of Active Directory users is a difficult job for system administrators.
You need to set a new one, then assign that as a primary, after all you can remove old group.
But that’s easy if you know Powershell.
1
2
3
4
5
6
7
8
9
10
11
12
| $User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath)) |
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath))
This script simply set IIS_USERS as a primary group of Active Directory users.
Posted in Hosting & IIS7, Windows Powershell, Windows Server | 1 Comment | 10,800 views | 02/03/2010 12:13
You have to set “Password never expires” for some active directory users like IIS or SCVMM users. To do this with Powershell, we’ll simply use “userAccountControl” property with Powershell.
1
2
3
| $User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$User.Put("userAccountControl", "65536")
$User.SetInfo() |
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$User.Put("userAccountControl", "65536")
$User.SetInfo()
65536 means “Password never expires”. Be careful with LDAP name.
|