Tips-Of-Mine/Powershell
2
0
Fork 0
Code Pull Requests Wiki Activity

update

Browse Source
This commit is contained in:
Hubert Cornet
2023-07-04 12:59:44 +02:00
parent 2cef42a718
commit 09c2faad93
231 changed files with 261001 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Active Directory/ADHTMLReports.ps1
+1732
View File
File diff suppressed because it is too large Load Diff
Active Directory/Audit-v3.ps1
+1372
View File
File diff suppressed because it is too large Load Diff
Active Directory/Audit.ps1
+1658
View File
File diff suppressed because it is too large Load Diff
Active Directory/Get-AdComputerInventory.ps1
+50
View File
@@ -0,0 +1,50 @@
$Computers = Get-ADComputer -filter * | Select-Object -ExpandProperty Name
# Get-ADComputer -Filter { OperatingSystem -NotLike '*Server*' } -Properties OperatingSystem
Foreach ($computer in $computers) {
if (!(Test-Connection -Cn $computer -BufferSize 16 -Count 1 -ea 0 -quiet)) {
write-host "cannot reach $computer offline" -f red
}
else {
$outtbl = @()
Try {
$sr = Get-WmiObject win32_bios -ComputerName $Computer -ErrorAction Stop
$Xr = Get-WmiObject class Win32_processor -ComputerName $computer -ErrorAction Stop
$ld = get-adcomputer $computer -properties Name, Lastlogondate, operatingsystem, ipv4Address, enabled, description, DistinguishedName -ErrorAction Stop
$r = "{0} GB" -f ((Get-WmiObject Win32_PhysicalMemory -ComputerName $computer | Measure-Object Capacity -Sum).Sum / 1GB)
$x = gwmi win32_computersystem -ComputerName $computer | Select-Object @{Name = "Type"; Expression = { if (($_.pcsystemtype -eq '2') ) {
'Laptop'
}
Else {
'Desktop Or Other something else'
}
}
}, Manufacturer, @{Name = "Model"; Expression = { if (($_.model -eq "$null") ) { 'Virtual' } Else { $_.model } } }, username -ErrorAction Stop
$t = New-Object PSObject -Property @{
serialnumber = $sr.serialnumber
computername = $ld.name
Ipaddress = $ld.ipv4Address
Enabled = $ld.Enabled
Description = $ld.description
Ou = $ld.DistinguishedName.split(',')[1].split('=')[1]
Type = $x.type
Manufacturer = $x.Manufacturer
Model = $x.Model
Ram = $R
ProcessorName = ($xr.name | Out-String).Trim()
NumberOfCores = ($xr.NumberOfCores | Out-String).Trim()
NumberOfLogicalProcessors = ($xr.NumberOfLogicalProcessors | Out-String).Trim()
Addresswidth = ($xr.Addresswidth | Out-String).Trim()
Operatingsystem = $ld.operatingsystem
Lastlogondate = $ld.lastlogondate
LoggedinUser = $x.username
}
$outtbl += $t
}
catch [Exception] {
"Error communicating with $computer, skipping to next"
}
$outtbl | Select-Object Computername, enabled, description, ipAddress, Ou, Type, Serialnumber, Manufacturer, Model, Ram, ProcessorName, NumberOfCores, NumberOfLogicalProcessors, Addresswidth, Operatingsystem, loggedinuser, Lastlogondate
}
}
Active Directory/Get-UserRights.ps1
+64
View File
@@ -0,0 +1,64 @@
#Paremetres Utilisateur et racine du partage
$User = "Username"
$Path = "PATH"
#Nom de Domaine NetBios
$Domain = "DOMSNS"
Function Get-ADUserNestedGroups {
Param
(
[string]$DistinguishedName,
[array]$Groups = @()
)
#Get the AD object, and get group membership.
$ADObject = Get-ADObject -Filter "DistinguishedName -eq '$DistinguishedName'" -Properties memberOf, DistinguishedName;
#If object exists.
If ($ADObject) {
#Enummurate through each of the groups.
Foreach ($GroupDistinguishedName in $ADObject.memberOf) {
#Get member of groups from the enummerated group.
$CurrentGroup = Get-ADObject -Filter "DistinguishedName -eq '$GroupDistinguishedName'" -Properties memberOf, DistinguishedName;
#Check if the group is already in the array.
If (($Groups | Where-Object { $_.DistinguishedName -eq $GroupDistinguishedName }).Count -eq 0) {
#Add group to array.
$Groups += $CurrentGroup;
#Get recursive groups.
$Groups = Get-ADUserNestedGroups -DistinguishedName $GroupDistinguishedName -Groups $Groups;
}
}
}
Return $Groups;
}
$Groups = Get-ADUserNestedGroups -DistinguishedName (Get-ADUser -Identity $User).DistinguishedName;
$list = Get-ChildItem $Path -Recurse -Directory
Foreach ($item in $list) {
$ACL = (Get-Acl $item.FullName).Access
if (($ACL.IdentityReference -contains ("$($Domain)\" + $User)) -and ($ACL.IsInherited -eq $false)) {
Write-Host "$($User) a les droits $($ACL.FileSystemRights) sur $($item.FullName)"
}
Foreach ($Group in $Groups.Name) {
if (($ACL.IdentityReference -contains ("$($Domain)\" + $Group)) -and ($ACL.IsInherited -eq $false)) {
Write-Host "$($User) est dans le groupe $($Group) qui a les droits $($ACL.FileSystemRights) sur $($item.FullName)"
}
}
}
Active Directory/Import-AdGroups.ps1
+48
View File
@@ -0,0 +1,48 @@
#Importer le module Active Directory
Import-Module activedirectory
[string]$Mode
$Rights = Import-csv "Templates\Import-AdGroups.csv" -Delimiter ";" -Encoding UTF8
# $Groups_Names = ($Rights[0].psobject.Properties).name | Where-Object { $_ -ne "Utilisateur" }
# $Groups_Names -contains $Property.name
ForEach ($User in $Rights) {
ForEach ($Property in $User.PsObject.Properties) {
if ($Property.Value -eq "0") {
$Mode = "Access"
}
elseif ($Property.Value -eq "1") {
$Mode = "Read"
}
elseif ($Property.Value -eq "2") {
$Mode = "Write"
}
$Group = (($Property.name -replace " ", "-" -replace "\\", "_" -replace ",", "-") + "_" + $Mode)
Try {
$TheGroup = Get-ADGroup $Group
$GroupMembers = Get-ADGroupMember -Identity ($($TheGroup.name))
if ($GroupMembers.SamAccountName -contains $User.Utilisateur) {
Write-Host "User $($User.Utilisateur) is already in the group" ($($TheGroup.name)) -BackgroundColor Blue
}
else {
try {
Add-AdGroupMember -Identity ($($TheGroup.name)) -members $User.Utilisateur
Write-Host "User $($User.Utilisateur) added to the group" ($($TheGroup.name)) -BackgroundColor Green
}
catch {
Write-Host "User $($User.Utilisateur) not added to the group" ($($TheGroup.name)) -BackgroundColor Yellow
}
}
}
Catch {
Write-Host "Group $($Group) not exist, skipped !" -BackgroundColor Red
}
Remove-Variable Mode -ErrorAction SilentlyContinue
}
}
Active Directory/Import-AdUsers.ps1
+52
View File
@@ -0,0 +1,52 @@
# Import active directory module for running AD cmdlets
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv "Templates\Import-AdUsers.csv" -Delimiter ";" -Encoding UTF8
$Domain = "dom.hitea.fr"
#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers) {
$FullName = "$($User.firstname) $($User.lastname)"
$Upn = "$($User.username)@$Domain"
if ((Get-AdUser -Filter "SamAccountName -eq '$($User.username)'")) {
Write-Warning "A user account with username $($User.username) already exist in Active Directory."
}
elseif (([string]::IsNullOrEmpty($User.password))) {
Write-Warning "The password for $($User.username) is nul or empty."
}
elseif (($User.username).Length -gt 19) {
Write-Warning "The username $($User.username) is too long (Greater than 20)."
}
else {
try {
New-ADUser `
-SamAccountName $User.username `
-UserPrincipalName $Upn `
-GivenName $User.firstname `
-Surname $User.lastname `
-Name $FullName `
-DisplayName $FullName `
-Path $User.ou `
-Company $User.company `
-State $User.state `
-City $User.city `
-StreetAddress $User.streetaddress `
-OfficePhone $User.telephone `
-EmailAddress $User.email `
-Title $User.jobtitle `
-Department $User.department `
-AccountPassword (convertto-securestring $User.password -AsPlainText -Force) `
-Enabled $True `
-ChangePasswordAtLogon $False `
-PasswordNeverExpires $True `
-CannotChangePassword $False
Write-Host "The user $($User.firstname) $($User.lastname) ($($User.username)) was created."
}
catch {
Write-Error "The user $($User.firstname) $($User.lastname) ($($User.username)) was not created."
}
}
}
Active Directory/Join-Domain.ps1
+12
View File
@@ -0,0 +1,12 @@
# Parametres Domaine
$domain = "DOMAIN"
# Le nom d'utilisateur
$username = "$domain\USERNAME HERE"
# Le mot de passe de l'utilisateur
$password = "PASSWORD HERE" | ConvertTo-SecureString -asPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username, $password)
Add-Computer -DomainName $domain -Credential $credential
Active Directory/New-Domain.ps1
+25
View File
@@ -0,0 +1,25 @@
#Installer la fonctionnalité AD DS
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
#Importer le module de déploiement
Import-Module ADDSDeployment
#Créer une nouvelle forêt
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "DOMAINE.LOCAL" `
-DomainNetbiosName "DOMAINE" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
#Voir les rédirecteurs du serveur DNS
Get-DnsServerForwarder
#Ajouter un redirecteur au serveur DNS, Exemple avec le DNS de CloudFare
Add-DnsServerForwarder -IPAddress 1.1.1.1
Active Directory/New-UsersHome.ps1
+50
View File
@@ -0,0 +1,50 @@
<#
.SYNOPSIS
Créer des dossiers utilisateurs avec les autorisations contrôle total
.PARAMETER Domain
Indique le domaine
.PARAMETER BaseDir
Indique le dossier racine
.EXAMPLE
New-UsersHome -Domain "@Domaine.local" -BaseDir "C:\UsersHome"
#>
param (
[parameter(Mandatory = $True)]
[ValidateNotNullOrEmpty()]$Domain,
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]$BaseDir
)
# Lister tous les utilisateurs du domaine
$Users = Get-ADUser -Filter { UserPrincipalName -like "*$($Domain)" } | Select SAMAccountName, SID
# Déactiver l'héritage sur le dossier racine et supprimer les autorisation Utilisateurs
Foreach ($User in $Users) {
$UserDir = Join-Path $BaseDir $User.SAMAccountName
If (!(test-path $UserDir)) {
New-Item -ItemType Directory -Path $UserDir
}
$acl = Get-Acl $UserDir
$acl.SetAccessRuleProtection($true, $true)
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($User.SID, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
$acl.AddAccessRule($AccessRule)
Set-Acl -Path $UserDir -AclObject $acl -ea Stop
}
Active Directory/README.md
+11
View File
@@ -0,0 +1,11 @@
# Active Directory
- Installer les fonctionnalités AD DS, créer une nouvelle forêt.
<a href="http://www.youtube.com/watch?v=2LEShLkbVvI" target="_blank"><img src="http://img.youtube.com/vi/2LEShLkbVvI/0.jpg"
alt="Configurer Active Directory en PowerShell" width="240" height="180" border="10" /></a>
- Importer des utilisateurs à partir d'un fichier CSV
<a href="https://www.youtube.com/watch?v=xyP5xpNH2qA" target="_blank"><img src="http://img.youtube.com/vi/xyP5xpNH2qA/0.jpg"
alt="Importer des utilisateurs AD par CSV" width="240" height="180" border="10" /></a>
Active Directory/Templates/Import-AdGroups.csv
+6
View File
@@ -0,0 +1,6 @@
Utilisateur;Commun;Commerce;Achats;Direction;Marketing;Technique
p.dupont;2;2;2;2;2;2
b.durand;2;;2;;2;2
d.bellier;2;1;2;;;
j.tartas;2;;;;1;2
b.canu;2;;;;1;2
1 Utilisateur Commun Commerce Achats Direction Marketing Technique
2 p.dupont 2 2 2 2 2 2
3 b.durand 2 2 2 2
4 d.bellier 2 1 2
5 j.tartas 2 1 2
6 b.canu 2 1 2
Active Directory/Templates/Import-AdUsers.csv
+6
View File
@@ -0,0 +1,6 @@
firstname;lastname;username;email;streetaddress;city;state;department;password;telephone;jobtitle;company;ou
Paul;Dupont;p.dupont;p.dupont@hitea.fr;;Agen;;;Test123Test1;;;;OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
Bernard;Durand;b.durand;b.durand@hitea.fr;;Agen;;;Test123Test2;;;;OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
David;Bellier;d.bellier;d.bellier@hitea.fr;;Agen;;;Test123Test3;;;;OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
Joël;Tartas;j.tartas;j.tartas@hitea.fr;;Agen;;;Test123Test4;;;;OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
Benoît;Canu;b.canu;b.canu@hitea.fr;;Agen;;;Test123Test5;;;;OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
1 firstname lastname username email streetaddress city state department password telephone jobtitle company ou
2 Paul Dupont p.dupont p.dupont@hitea.fr Agen Test123Test1 OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
3 Bernard Durand b.durand b.durand@hitea.fr Agen Test123Test2 OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
4 David Bellier d.bellier d.bellier@hitea.fr Agen Test123Test3 OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
5 Joël Tartas j.tartas j.tartas@hitea.fr Agen Test123Test4 OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
6 Benoît Canu b.canu b.canu@hitea.fr Agen Test123Test5 OU=Utilisateurs,OU=Agen,DC=dom,DC=hitea,DC=fr
Active Directory/Validate-GroupMembership.ps1
+112
View File
@@ -0,0 +1,112 @@
<#
.SYNOPSIS
Validates AD group membership for a user or computer object
.PARAMETER SearchString
Provide Username or Computer Name
.PARAMETER SearchType
Specify type (User or Computer)
.PARAMETER Group
Provide AD Group name
.EXAMPLE
Validate-GroupMembership -SearchString $env:USERNAME -SearchType User -Group "Test Group"
.EXAMPLE
Validate-GroupMembership -SearchString $env:COMPUTERNAME -SearchType Computer -Group "ORL Computers"
#>
param (
[parameter(Mandatory = $True)]
[ValidateNotNullOrEmpty()]$SearchString,
[parameter(Mandatory = $True)]
[ValidateSet("User", "Computer")]
[ValidateNotNullOrEmpty()]$SearchType,
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]$Group
)
Try {
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
If ($SearchType -eq "User") {
$objSearcher.Filter = "(&(objectCategory=User)(SAMAccountName=$SearchString))"
}
Else {
$objSearcher.Filter = "(&(objectCategory=Computer)(cn=$SearchString))"
}
$objSearcher.SearchScope = "Subtree"
$obj = $objSearcher.FindOne()
$User = $obj.Properties["distinguishedname"]
$objSearcher.PageSize = 1000
$objSearcher.Filter = "(&(objectClass=group)(cn=$Group))"
$obj = $objSearcher.FindOne()
[String[]]$Members = $obj.Properties["member"]
If ($Members.count -eq 0) {
$retrievedAllMembers = $false
$rangeBottom = 0
$rangeTop = 0
While (! $retrievedAllMembers) {
$rangeTop = $rangeBottom + 1499
$memberRange = "member;range=$rangeBottom-$rangeTop"
$objSearcher.PropertiesToLoad.Clear()
[void]$objSearcher.PropertiesToLoad.Add("$memberRange")
$rangeBottom += 1500
Try {
$obj = $objSearcher.FindOne()
$rangedProperty = $obj.Properties.PropertyNames -like "member;range=*"
$Members += $obj.Properties.item($rangedProperty)
if ($Members.count -eq 0) { $retrievedAllMembers = $true }
}
Catch {
$retrievedAllMembers = $true
}
}
}
}
Catch {
Write-Host "Either group or user does not exist"
Return $False
}
If ($Members -contains $User) {
Return $True
}
Else {
Return $False
}
Active Directory/creation-automatique.ps1
+409
View File
@@ -0,0 +1,409 @@
# Fonction pour les requetes SQL
Function QuerySQLServer([string]$DBServer, [string]$DBName, [string]$Query) {
Try {
$ErrorActionPreference = "Stop"
$resultsDataTable = New-Object System.Data.DataTable
$cn = new-object System.Data.SqlClient.SqlConnection("Data Source=$DBServer;Integrated Security=SSPI;Initial Catalog=$DBName")
$cn.open()
$cmd = new-object "System.Data.SqlClient.SqlCommand" ($Query , $cn)
$reader = $cmd.ExecuteReader()
$resultsDataTable.Load($reader)
$cn.Close()
return $resultsDataTable
}
Catch {
write-host $_.Exception.Message
$_.Exception.Message >> "d:\tmp\error.log"
}
Finally {
$ErrorActionPreference = "Continue"
}
}
# Fonction pour les requetes dans GLPI
Function QueryGLPI([string]$Titre, [string]$Message, [string]$Categorie) {
Write-host $Titre
Write-host $Message
Write-host $Categorie
$UtilisateurGLPI = Get-GlpiToolsUsers -UserName helpdesk
$Ticket = New-GlpiToolsTicket -Name $Titre -Content $Message -Type Request -itilcategories_id $Categorie -Priority Medium -requester_id $UtilisateurGLPI.ID
Update-GlpiToolsTicket -ticket_id $Ticket.id -requester_id $UtilisateurGLPI.ID -technician_id '12'
}
cls
$ListeException = $null
$ListeVide = $null
$FichierException = "D:\tmp\Exception.txt"
$FichierVide = "D:\tmp\vide.txt"
$percentCompleteA = $null
$percentCompleteB = $null
$CounterA = $null
$CounterB = $null
$EtatUtilisateur = $null
$DateDesactivation = Get-Date -Format "dd/MM/yyyy"
$DateExpiration = (Get-Date $DateDesactivation).AddDays(-1)
$DateDelete = (Get-Date $DateDesactivation).AddDays(-30)
$DateTmp = (Get-Date).AddDays(-1)
$DateCreation = Get-Date $DateTmp -Format "yyyy-dd-MM"
Start-Transcript -path "D:\tmp\MyTranscript-$DateCreation.txt"
$OuPath = "OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserAD = Get-ADUser -Filter * -SearchBase $OuPath -Properties cn,description,sAMAccountName
## Desactivation ou Update de compte
Foreach ($UserAD in $ListeUserAD) {
# Barre de progression
$percentCompleteA = $(($CounterA / $ListeUserAD.Count) * 100 )
$ProgressA = @{
Activity = "Getting folder information for '$($UserAD.Name)'."
Status = "Processing $CounterA of $($ListeUserAD.Count)"
PercentComplete = $([math]::Round($percentCompleteA, 2))
}
Write-Progress @ProgressA -Id 1
# recherche inforamtiopn 1 utilisateur
$InfoUser = Get-ADUser -identity $UserAD.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
$C = $UserAD.C
$City = $UserAD.City
$Cn = $UserAD.Cn
$Company = $UserAD.Company
$department = $UserAD.Department
$displayName = $UserAD.DisplayName
$EmailAddress = $UserAD.EmailAddress
$Enable = $UserAD.Enabled
$GivenName = $UserAD.GivenName
$Name = $UserAD.Name
$Office = $UserAD.Office
$Organization = $UserAD.Organization
$PostalCode = $UserAD.PostalCode
$sn = $UserAD.Sn
$Surname = $UserAD.Surname
$ExtensionAttribute1 = $InfoUser.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUser.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUser.Mail
$EmployeeID = $InfoUser.employeeID
$EmployeeNumber = $InfoUser.EmployeeNumber
$EmployeeType = $InfoUser.EmployeeType
$Title = $InfoUser.Title
$Initials = $InfoUser.Initials
# Est-ce qu'il est actif
If ($Enable -eq "True") {
# Est-ce qu'il est interne
If($EmployeeType -eq "Interne") {
# Est-ce qu'il a un ID
If ($EmployeeID) {
# Si l'employeeID est bien présent
$EtatUtilisateurD = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID' And DAT_SRT IS NOT NULL"
$EtatUtilisateurU = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID'"
# Desactivation du compte ?
If ($EtatUtilisateurD) {
If ($DateExpiration -gt $EtatUtilisateurD.DAT_SRT) {
Get-ADUser -Identity $UserAD.sAMAccountName | Move-ADObject -TargetPath "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
Set-ADAccountExpiration -Identity $UserAD.sAMAccountName -DateTime $dateExpiration
Set-ADUser -Identity $Utilisateur -Clear msDS-cloudExtensionAttribute2
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute2' = "$DateExpiration"}
Disable-ADAccount -Identity $UserAD.sAMAccountName
$TitreA = "Désactivation du compte Active Directory : $UserAD.sAMAccountName "
$MessageA = "Bonjour, `r`n `r`n" `
+"Nous venons de désactiver le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte restera en état désactivé pendant 30 jours avant d'être supprimé `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreA $MessageA "213"
}
}
# Mise en place de la civilité
If ($EtatUtilisateurU) {
If (($Initials -ne "Mr") -And ($EtatUtilisateurU.COD_SEX -eq "H")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mr"
Write-Host " - Update civilité - Mr"
}
ElseIf (($Initials -ne "Mme") -And ($EtatUtilisateurU.COD_SEX -eq "F")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mme"
Write-Host " - Update civilité - Mme"
}
Else {
# Write-Host " - Pas de modification"
}
}
# Mise en place du Employee Number
If ($EmployeeNumber -ne $EtatUtilisateurU.NUM_ALC) {
If ($EmployeeID.substring(0, 1) -eq 0 ) {
$tmp = ($EtatUtilisateurU.NUM_ALC).Remove(0,1)
If (!($EmployeeNumber -eq $tmp)) {
Write-host " - 2erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
Else {
Write-host " - erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
# Controle du status
If (($ExtensionAttribute1 -eq $null) -Or ($ExtensionAttribute1 -ne $EmployeeType)) {
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute1' = $EmployeeType}
}
}
Else {
# Si l'employé ID n'est pas présent
$EtatUtilisateurID = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE NOM = '$Surname' And PRN ='$GivenName' And DAT_SRT IS NULL"
If ($EtatUtilisateurID) {
Set-ADUser -Identity $UserAD.sAMAccountName -EmployeeID $EtatUtilisateurID.MTR
Write-Host " - Mise en place de employee ID"
}
}
}
Else {
# Passage d'un externe en interne
}
}
$EtatUtilisateurD = $null
$EtatUtilisateurU = $null
$CounterA++
}
## Suppression des comptes de plus 1 mois
$OuPathDelete = "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserADDelete = Get-ADUser -Filter * -SearchBase $OuPathDelete -Properties cn,description,sAMAccountName
Foreach ($UserADDelete in $ListeUserADDelete) {
# Barre de progression
$percentCompleteB = $(($CounterB / $ListeUserADDelete.Count) * 100 )
$ProgressB = @{
Activity = "Getting folder information for '$($UserADDelete.Name)'."
Status = "Processing $CounterB of $($ListeUserADDelete.Count)"
PercentComplete = $([math]::Round($percentCompleteB, 2))
}
Write-Progress @ProgressB -Id 1
$InfoUserDelete = Get-ADUser -identity $UserADDelete.sAMAccountName -properties 'msDS-cloudExtensionAttribute2'
$ExtensionAttributeDelete2 = $InfoUserDelete.'msDS-cloudExtensionAttribute2'
If ($Enable -eq $False) {
If ($DateDelete -gt $ExtensionAttributeDelete2) {
Remove-ADUser -Identity $UserADDelete.sAMAccountName
$TitreB = "Suppression du compte Active Directory : $UserAD.sAMAccountName "
$MessageB = "Bonjour, `r`n `r`n" `
+"Nous venons de supprimer le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte est resté en état désactivé pendant 30 jours `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreB $MessageB "213"
}
}
$EtatUtilisateur = $null
$CounterB++
}
## Creation compte
$ListeNouveau = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT,NUM_MAG_AGT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE DTH_CRE >= '$DateCreation' ORDER BY DTH_CRE DESC"
$ListeNouveau | Format-Table
Pause
If ($ListeNouveau) {
Foreach ($NouveauUtilisateur in $ListeNouveau) {
$InfoUserNew = Get-ADUser -Filter * | Where-Object {$_.GivenName -like $NouveauUtilisateur.PRN -and $_.Surname -like $NouveauUtilisateur.NOM}
If ($InfoUserNew) {
$InfoUserNewA = Get-ADUser -identity $InfoUserNew.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
}
$C = $InfoUserNew.c
$City = $InfoUserNew.City
$Cn = $InfoUserNew.cn
$Company = $InfoUserNew.company
$department = $InfoUserNew.department
$DisplayName = $InfoUserNew.displayName
$EmailAddress = $InfoUserNew.EmailAddress
$Enable = $InfoUserNew.Enabled
$GivenName = $InfoUserNew.GivenName
$Name = $InfoUserNew.Name
$Office = $InfoUserNew.Office
$Organization = $InfoUserNew.Organization
$PostalCode = $InfoUserNew.PostalCode
$sn = $InfoUserNew.sn
$Surname = $InfoUserNew.Surname
$ExtensionAttribute1 = $InfoUserNewA.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUserNewA.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUserNewA.Mail
$EmployeeID = $InfoUserNewA.employeeID
$EmployeeNumber = $InfoUserNewA.EmployeeNumber
$EmployeeType = $InfoUserNewA.EmployeeType
$Title = $InfoUserNewA.Title
$Initials = $InfoUserNewA.Initials
If ($NouveauUtilisateur.MTR -eq $EmployeeID) {
Write-host "Existe deja"
}
Else {
Write-Host "A creer"
$Surnametmp = ($NouveauUtilisateur.NOM).ToLower()
$GivenNametmp = ($NouveauUtilisateur.PRN).ToLower()
$Titletmp = ($NouveauUtilisateur.LIB_EMP).ToLower()
$Initialstmp = $NouveauUtilisateur.COD_SEX
$CodeMagtmp = $NouveauUtilisateur.NUM_MAG_AGT
$SurnameNew = (Get-Culture).TextInfo.ToTitleCase($Surnametmp)
$GivenNameNew = (Get-Culture).TextInfo.ToTitleCase($GivenNametmp)
$TitleNew = (Get-Culture).TextInfo.ToTitleCase($Titletmp)
$EmployeeIDNew = $NouveauUtilisateur.MTR
If ($NouveauUtilisateur.NOM_PAT) {
$SurnamePattmp = ($NouveauUtilisateur.NOM_PAT).ToLower()
$SurnamePatNew = (Get-Culture).TextInfo.ToTitleCase($SurnamePattmp)
}
$NameNew = $GivenNameNew+" "+$SurnameNew
$DisplayNameNew = $GivenNameNew+" "+$SurnameNew+" "+$SurnamePatNew
$SamAccountNameNew = (("$GivenNameNew.$SurnameNew").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$UserPrincipalNameNew = (("$GivenNameNew.$SurnameNew@fr.dgs.group").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$MailNew = (("$GivenNameNew.$SurnameNew@saint-maclou.com").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$Password = ([System.Guid]::NewGuid()).ToString()
If ($SamAccountNameNew.Length -gt 20) {
$tmp = ($SamAccountNameNew).substring(0, 20)
$SamAccountNameNew = $tmp
}
Write-host $NameNew
Write-host $DisplayNameNew
Write-host $SamAccountNameNew
Write-host $UserPrincipalNameNew
Write-host $MailNew
Write-host $Password
Write-host $EmployeeIDNew
Write-host $TitleNew
New-ADUser -Name "$NameNew" -DisplayName "$DisplayNameNew" -GivenName "$GivenNameNew" -Surname "$SurnameNew" -SamAccountName "$SamAccountNameNew" -UserPrincipalName "$UserPrincipalNameNew" -Path "OU=_ARRIVER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group" -AccountPassword (ConvertTo-SecureString "$Password" -AsPlainText -force) -Enabled $true -EmailAddress $MailNew
sleep 10
Set-ADUser -Identity $SamAccountNameNew -replace @{c="FR";co="France";countrycode=250}
Set-ADUser -Identity $SamAccountNameNew -Add @{'msDS-cloudExtensionAttribute1' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeType' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeID' = "$EmployeeIDNew"}
Set-ADUser -Identity $SamAccountNameNew -Title "$TitleNew"
Set-ADUser -Identity $SamAccountNameNew -Description "A remplir par le Helpdesk"
Set-ADUser -Identity $SamAccountNameNew -City "A remplir par le Helpdesk"
If ($Initialstmp -eq "H") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mr"
Write-Host "Update civilite - Mr"
}
ElseIf ($Initialstmp -eq "F") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mme"
Write-Host "Update civilite - Mme"
}
Else {
}
$TitreC = "Creation du compte de : $DisplayNameNew "
$MessageC = "Bonjour, `r`n `r`n" `
+"la creation de compte automatique a cree le compte de : $DisplayNameNew `r`n `r`n" `
+"Prenom : $GivenNameNew `r`n" `
+"Nom : $SurnameNew `r`n" `
+"Mail : $MailNew `r`n" `
+"Password temporaire : $Password `r`n" `
+"Matricule : $EmployeeIDNew `r`n" `
+"Fonction : $TitleNew `r`n"
QueryGLPI $TitreC $MessageC "104"
$C = $Null
$City = $Null
$Cn = $Null
$Company = $Null
$department = $Null
$DisplayName = $Null
$EmailAddress = $Null
$Enable = $Null
$GivenName = $Null
$Name = $Null
$Office = $Null
$Organization = $Null
$PostalCode = $Null
$sn = $Null
$Surname = $Null
$ExtensionAttribute1 = $Null
$ExtensionAttribute2 = $Null
$Mail = $Null
$EmployeeID = $Null
$EmployeeNumber = $Null
$EmployeeType = $Null
$Title = $Null
$Initials = $Null
$Surnametmp = $Null
$GivenNametmp = $Null
$Titletmp = $Null
$Initialstmp = $Null
$CodeMagtmp = $Null
$SurnameNew = $Null
$SurnamePatNew = $Null
$GivenNameNew = $Null
$TitleNew = $Null
$EmployeeIDNew = $Null
}
}
}
Stop-Transcript