Tips-Of-Mine/Powershell
2
0
Fork 0
Code Pull Requests Wiki Activity
Powershell/Active Directory/creation-automatique.ps1
hcornet 09c2faad93 update
2023-07-04 12:59:44 +02:00

410 lines
18 KiB
PowerShell
Raw Blame History

# Fonction pour les requetes SQL
Function QuerySQLServer([string]$DBServer, [string]$DBName, [string]$Query) {
Try {
$ErrorActionPreference = "Stop"
$resultsDataTable = New-Object System.Data.DataTable
$cn = new-object System.Data.SqlClient.SqlConnection("Data Source=$DBServer;Integrated Security=SSPI;Initial Catalog=$DBName")
$cn.open()
$cmd = new-object "System.Data.SqlClient.SqlCommand" ($Query , $cn)
$reader = $cmd.ExecuteReader()
$resultsDataTable.Load($reader)
$cn.Close()
return $resultsDataTable
}
Catch {
write-host $_.Exception.Message
$_.Exception.Message >> "d:\tmp\error.log"
}
Finally {
$ErrorActionPreference = "Continue"
}
}
# Fonction pour les requetes dans GLPI
Function QueryGLPI([string]$Titre, [string]$Message, [string]$Categorie) {
Write-host $Titre
Write-host $Message
Write-host $Categorie
$UtilisateurGLPI = Get-GlpiToolsUsers -UserName helpdesk
$Ticket = New-GlpiToolsTicket -Name $Titre -Content $Message -Type Request -itilcategories_id $Categorie -Priority Medium -requester_id $UtilisateurGLPI.ID
Update-GlpiToolsTicket -ticket_id $Ticket.id -requester_id $UtilisateurGLPI.ID -technician_id '12'
}
cls
$ListeException = $null
$ListeVide = $null
$FichierException = "D:\tmp\Exception.txt"
$FichierVide = "D:\tmp\vide.txt"
$percentCompleteA = $null
$percentCompleteB = $null
$CounterA = $null
$CounterB = $null
$EtatUtilisateur = $null
$DateDesactivation = Get-Date -Format "dd/MM/yyyy"
$DateExpiration = (Get-Date $DateDesactivation).AddDays(-1)
$DateDelete = (Get-Date $DateDesactivation).AddDays(-30)
$DateTmp = (Get-Date).AddDays(-1)
$DateCreation = Get-Date $DateTmp -Format "yyyy-dd-MM"
Start-Transcript -path "D:\tmp\MyTranscript-$DateCreation.txt"
$OuPath = "OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserAD = Get-ADUser -Filter * -SearchBase $OuPath -Properties cn,description,sAMAccountName
## Desactivation ou Update de compte
Foreach ($UserAD in $ListeUserAD) {
# Barre de progression
$percentCompleteA = $(($CounterA / $ListeUserAD.Count) * 100 )
$ProgressA = @{
Activity = "Getting folder information for '$($UserAD.Name)'."
Status = "Processing $CounterA of $($ListeUserAD.Count)"
PercentComplete = $([math]::Round($percentCompleteA, 2))
}
Write-Progress @ProgressA -Id 1
# recherche inforamtiopn 1 utilisateur
$InfoUser = Get-ADUser -identity $UserAD.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
$C = $UserAD.C
$City = $UserAD.City
$Cn = $UserAD.Cn
$Company = $UserAD.Company
$department = $UserAD.Department
$displayName = $UserAD.DisplayName
$EmailAddress = $UserAD.EmailAddress
$Enable = $UserAD.Enabled
$GivenName = $UserAD.GivenName
$Name = $UserAD.Name
$Office = $UserAD.Office
$Organization = $UserAD.Organization
$PostalCode = $UserAD.PostalCode
$sn = $UserAD.Sn
$Surname = $UserAD.Surname
$ExtensionAttribute1 = $InfoUser.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUser.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUser.Mail
$EmployeeID = $InfoUser.employeeID
$EmployeeNumber = $InfoUser.EmployeeNumber
$EmployeeType = $InfoUser.EmployeeType
$Title = $InfoUser.Title
$Initials = $InfoUser.Initials
# Est-ce qu'il est actif
If ($Enable -eq "True") {
# Est-ce qu'il est interne
If($EmployeeType -eq "Interne") {
# Est-ce qu'il a un ID
If ($EmployeeID) {
# Si l'employeeID est bien présent
$EtatUtilisateurD = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID' And DAT_SRT IS NOT NULL"
$EtatUtilisateurU = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID'"
# Desactivation du compte ?
If ($EtatUtilisateurD) {
If ($DateExpiration -gt $EtatUtilisateurD.DAT_SRT) {
Get-ADUser -Identity $UserAD.sAMAccountName | Move-ADObject -TargetPath "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
Set-ADAccountExpiration -Identity $UserAD.sAMAccountName -DateTime $dateExpiration
Set-ADUser -Identity $Utilisateur -Clear msDS-cloudExtensionAttribute2
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute2' = "$DateExpiration"}
Disable-ADAccount -Identity $UserAD.sAMAccountName
$TitreA = "Désactivation du compte Active Directory : $UserAD.sAMAccountName "
$MessageA = "Bonjour, `r`n `r`n" `
+"Nous venons de désactiver le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte restera en état désactivé pendant 30 jours avant d'être supprimé `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreA $MessageA "213"
}
}
# Mise en place de la civilité
If ($EtatUtilisateurU) {
If (($Initials -ne "Mr") -And ($EtatUtilisateurU.COD_SEX -eq "H")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mr"
Write-Host " - Update civilité - Mr"
}
ElseIf (($Initials -ne "Mme") -And ($EtatUtilisateurU.COD_SEX -eq "F")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mme"
Write-Host " - Update civilité - Mme"
}
Else {
# Write-Host " - Pas de modification"
}
}
# Mise en place du Employee Number
If ($EmployeeNumber -ne $EtatUtilisateurU.NUM_ALC) {
If ($EmployeeID.substring(0, 1) -eq 0 ) {
$tmp = ($EtatUtilisateurU.NUM_ALC).Remove(0,1)
If (!($EmployeeNumber -eq $tmp)) {
Write-host " - 2erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
Else {
Write-host " - erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
# Controle du status
If (($ExtensionAttribute1 -eq $null) -Or ($ExtensionAttribute1 -ne $EmployeeType)) {
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute1' = $EmployeeType}
}
}
Else {
# Si l'employé ID n'est pas présent
$EtatUtilisateurID = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE NOM = '$Surname' And PRN ='$GivenName' And DAT_SRT IS NULL"
If ($EtatUtilisateurID) {
Set-ADUser -Identity $UserAD.sAMAccountName -EmployeeID $EtatUtilisateurID.MTR
Write-Host " - Mise en place de employee ID"
}
}
}
Else {
# Passage d'un externe en interne
}
}
$EtatUtilisateurD = $null
$EtatUtilisateurU = $null
$CounterA++
}
## Suppression des comptes de plus 1 mois
$OuPathDelete = "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserADDelete = Get-ADUser -Filter * -SearchBase $OuPathDelete -Properties cn,description,sAMAccountName
Foreach ($UserADDelete in $ListeUserADDelete) {
# Barre de progression
$percentCompleteB = $(($CounterB / $ListeUserADDelete.Count) * 100 )
$ProgressB = @{
Activity = "Getting folder information for '$($UserADDelete.Name)'."
Status = "Processing $CounterB of $($ListeUserADDelete.Count)"
PercentComplete = $([math]::Round($percentCompleteB, 2))
}
Write-Progress @ProgressB -Id 1
$InfoUserDelete = Get-ADUser -identity $UserADDelete.sAMAccountName -properties 'msDS-cloudExtensionAttribute2'
$ExtensionAttributeDelete2 = $InfoUserDelete.'msDS-cloudExtensionAttribute2'
If ($Enable -eq $False) {
If ($DateDelete -gt $ExtensionAttributeDelete2) {
Remove-ADUser -Identity $UserADDelete.sAMAccountName
$TitreB = "Suppression du compte Active Directory : $UserAD.sAMAccountName "
$MessageB = "Bonjour, `r`n `r`n" `
+"Nous venons de supprimer le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte est resté en état désactivé pendant 30 jours `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreB $MessageB "213"
}
}
$EtatUtilisateur = $null
$CounterB++
}
## Creation compte
$ListeNouveau = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT,NUM_MAG_AGT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE DTH_CRE >= '$DateCreation' ORDER BY DTH_CRE DESC"
$ListeNouveau | Format-Table
Pause
If ($ListeNouveau) {
Foreach ($NouveauUtilisateur in $ListeNouveau) {
$InfoUserNew = Get-ADUser -Filter * | Where-Object {$_.GivenName -like $NouveauUtilisateur.PRN -and $_.Surname -like $NouveauUtilisateur.NOM}
If ($InfoUserNew) {
$InfoUserNewA = Get-ADUser -identity $InfoUserNew.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
}
$C = $InfoUserNew.c
$City = $InfoUserNew.City
$Cn = $InfoUserNew.cn
$Company = $InfoUserNew.company
$department = $InfoUserNew.department
$DisplayName = $InfoUserNew.displayName
$EmailAddress = $InfoUserNew.EmailAddress
$Enable = $InfoUserNew.Enabled
$GivenName = $InfoUserNew.GivenName
$Name = $InfoUserNew.Name
$Office = $InfoUserNew.Office
$Organization = $InfoUserNew.Organization
$PostalCode = $InfoUserNew.PostalCode
$sn = $InfoUserNew.sn
$Surname = $InfoUserNew.Surname
$ExtensionAttribute1 = $InfoUserNewA.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUserNewA.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUserNewA.Mail
$EmployeeID = $InfoUserNewA.employeeID
$EmployeeNumber = $InfoUserNewA.EmployeeNumber
$EmployeeType = $InfoUserNewA.EmployeeType
$Title = $InfoUserNewA.Title
$Initials = $InfoUserNewA.Initials
If ($NouveauUtilisateur.MTR -eq $EmployeeID) {
Write-host "Existe deja"
}
Else {
Write-Host "A creer"
$Surnametmp = ($NouveauUtilisateur.NOM).ToLower()
$GivenNametmp = ($NouveauUtilisateur.PRN).ToLower()
$Titletmp = ($NouveauUtilisateur.LIB_EMP).ToLower()
$Initialstmp = $NouveauUtilisateur.COD_SEX
$CodeMagtmp = $NouveauUtilisateur.NUM_MAG_AGT
$SurnameNew = (Get-Culture).TextInfo.ToTitleCase($Surnametmp)
$GivenNameNew = (Get-Culture).TextInfo.ToTitleCase($GivenNametmp)
$TitleNew = (Get-Culture).TextInfo.ToTitleCase($Titletmp)
$EmployeeIDNew = $NouveauUtilisateur.MTR
If ($NouveauUtilisateur.NOM_PAT) {
$SurnamePattmp = ($NouveauUtilisateur.NOM_PAT).ToLower()
$SurnamePatNew = (Get-Culture).TextInfo.ToTitleCase($SurnamePattmp)
}
$NameNew = $GivenNameNew+" "+$SurnameNew
$DisplayNameNew = $GivenNameNew+" "+$SurnameNew+" "+$SurnamePatNew
$SamAccountNameNew = (("$GivenNameNew.$SurnameNew").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$UserPrincipalNameNew = (("$GivenNameNew.$SurnameNew@fr.dgs.group").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$MailNew = (("$GivenNameNew.$SurnameNew@saint-maclou.com").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$Password = ([System.Guid]::NewGuid()).ToString()
If ($SamAccountNameNew.Length -gt 20) {
$tmp = ($SamAccountNameNew).substring(0, 20)
$SamAccountNameNew = $tmp
}
Write-host $NameNew
Write-host $DisplayNameNew
Write-host $SamAccountNameNew
Write-host $UserPrincipalNameNew
Write-host $MailNew
Write-host $Password
Write-host $EmployeeIDNew
Write-host $TitleNew
New-ADUser -Name "$NameNew" -DisplayName "$DisplayNameNew" -GivenName "$GivenNameNew" -Surname "$SurnameNew" -SamAccountName "$SamAccountNameNew" -UserPrincipalName "$UserPrincipalNameNew" -Path "OU=_ARRIVER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group" -AccountPassword (ConvertTo-SecureString "$Password" -AsPlainText -force) -Enabled $true -EmailAddress $MailNew
sleep 10
Set-ADUser -Identity $SamAccountNameNew -replace @{c="FR";co="France";countrycode=250}
Set-ADUser -Identity $SamAccountNameNew -Add @{'msDS-cloudExtensionAttribute1' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeType' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeID' = "$EmployeeIDNew"}
Set-ADUser -Identity $SamAccountNameNew -Title "$TitleNew"
Set-ADUser -Identity $SamAccountNameNew -Description "A remplir par le Helpdesk"
Set-ADUser -Identity $SamAccountNameNew -City "A remplir par le Helpdesk"
If ($Initialstmp -eq "H") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mr"
Write-Host "Update civilite - Mr"
}
ElseIf ($Initialstmp -eq "F") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mme"
Write-Host "Update civilite - Mme"
}
Else {
}
$TitreC = "Creation du compte de : $DisplayNameNew "
$MessageC = "Bonjour, `r`n `r`n" `
+"la creation de compte automatique a cree le compte de : $DisplayNameNew `r`n `r`n" `
+"Prenom : $GivenNameNew `r`n" `
+"Nom : $SurnameNew `r`n" `
+"Mail : $MailNew `r`n" `
+"Password temporaire : $Password `r`n" `
+"Matricule : $EmployeeIDNew `r`n" `
+"Fonction : $TitleNew `r`n"
QueryGLPI $TitreC $MessageC "104"
$C = $Null
$City = $Null
$Cn = $Null
$Company = $Null
$department = $Null
$DisplayName = $Null
$EmailAddress = $Null
$Enable = $Null
$GivenName = $Null
$Name = $Null
$Office = $Null
$Organization = $Null
$PostalCode = $Null
$sn = $Null
$Surname = $Null
$ExtensionAttribute1 = $Null
$ExtensionAttribute2 = $Null
$Mail = $Null
$EmployeeID = $Null
$EmployeeNumber = $Null
$EmployeeType = $Null
$Title = $Null
$Initials = $Null
$Surnametmp = $Null
$GivenNametmp = $Null
$Titletmp = $Null
$Initialstmp = $Null
$CodeMagtmp = $Null
$SurnameNew = $Null
$SurnamePatNew = $Null
$GivenNameNew = $Null
$TitleNew = $Null
$EmployeeIDNew = $Null
}
}
}
Stop-Transcript
View Git Blame Copy Permalink