https://pastein.ru/t/d-q
Загрузка данных
$CSVPath = "C:\Lab\new_users.csv"
$LogFile = "C:\Lab\user_creation_$(Get-Date -Format yyyyMMdd_HHmmss).log"
$HomeDrivePath = "\\fs\home"
$SMTPServer = "smtp.contoso.local"
$FromEmail = "ad-automation@contoso.local"
$ToEmail = "admin@contoso.local"
$Domain = "contoso.local"
$Global:CreatedCount = 0
$Global:FailedCount = 0
function Write-Log {
param($Message, $Level = "INFO")
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Add-Content -Path $LogFile -Value "$timestamp - [$Level] - $Message"
}
function New-RandomPassword {
$upper = 'ABCDEFGHJKLMNPQRSTUVWXYZ'.ToCharArray()
$lower = 'abcdefghijkmnopqrstuvwxyz'.ToCharArray()
$numbers = '123456789'.ToCharArray()
$special = '!@#$%^&*'.ToCharArray()
$pass = @()
$pass += ($upper | Get-Random)
$pass += ($lower | Get-Random)
$pass += ($numbers | Get-Random)
$pass += ($special | Get-Random)
$all = $upper + $lower + $numbers + $special
for ($i = 4; $i -lt 12; $i++) { $pass += $all | Get-Random }
return -join ($pass | Sort-Object { Get-Random })
}
function New-UserFromRecord {
param($UserRecord)
$logonName = $UserRecord.Logon
$firstName = $UserRecord.FirstName
$lastName = $UserRecord.LastName
$ouPath = $UserRecord.OU
$groupName = $UserRecord.Group
$title = $UserRecord.Title
if ([string]::IsNullOrWhiteSpace($logonName)) {
Write-Log "Пустое поле Logon" "ERROR"
$Global:FailedCount++; return $false
}
try {
if (Get-ADUser -Filter "SamAccountName -eq '$logonName'" -ErrorAction Stop) {
Write-Log "Пользователь $logonName уже существует" "WARNING"
$Global:FailedCount++; return $false
}
$plainPassword = New-RandomPassword
$securePassword = ConvertTo-SecureString $plainPassword -AsPlainText -Force
New-ADUser -Name "$firstName $lastName" -GivenName $firstName -Surname $lastName `
-SamAccountName $logonName -UserPrincipalName "$logonName@$Domain" -Path $ouPath `
-AccountPassword $securePassword -Enabled $true -ChangePasswordAtLogon $true -Title $title `
-ErrorAction Stop
Write-Log "СОЗДАН: $logonName (пароль: $plainPassword)" "SUCCESS"
if ($groupName) {
$group = Get-ADGroup -Identity $groupName -ErrorAction SilentlyContinue
if ($group) { Add-ADGroupMember -Identity $groupName -Members $logonName; Write-Log "Добавлен в группу $groupName" "SUCCESS" }
else { Write-Log "Группа $groupName не найдена" "WARNING" }
}
$homeFolder = "$HomeDrivePath\$logonName"
if (Test-Path $HomeDrivePath) {
if (-not (Test-Path $homeFolder)) {
New-Item -Path $homeFolder -ItemType Directory -Force | Out-Null
$acl = Get-Acl $homeFolder
$acl.SetAccessRuleProtection($true, $false)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Domain\$logonName", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl -Path $homeFolder -AclObject $acl
Set-ADUser -Identity $logonName -HomeDrive "H:" -HomeDirectory $homeFolder
Write-Log "Домашняя папка создана" "SUCCESS"
}
} else { Write-Log "Сетевой путь недоступен" "ERROR" }
$Global:CreatedCount++
return $true
}
catch {
Write-Log "Ошибка: $_" "ERROR"
$Global:FailedCount++
return $false
}
}
Import-Module ActiveDirectory -ErrorAction Stop
$users = Import-Csv $CSVPath -Encoding UTF8
foreach ($user in $users) { New-UserFromRecord $user }
Write-Log "Итог: создано $Global:CreatedCount, ошибок $Global:FailedCount" "INFO"
Send-MailMessage -SmtpServer $SMTPServer -From $FromEmail -To $ToEmail `
-Subject "Результаты создания пользователей" `
-Body "Создано: $Global:CreatedCount`nОшибок: $Global:FailedCount`nЛог: $LogFile" -BodyAsText