As my role changes to move things identity and cloud, I explore ways to improve processes for installing and managing these products. This typically involved using PowerShell scripts as much as I can as I enjoy scripting in PowerShell. In this spirit, I started working on some scripts to help with the creation of user accounts, groups and other aspects. I will break this process into three different parts to show how this is broken up in the scripting process.
Existing Solutions
Even thought I wrote the code below for creating these accounts, there are some variations of this out there written by Microsoft and other programs which create the standard named accounts that MIM requires.
Microsoft Docs Version
Sample version 2
However, what if you have a custom naming convention for service and application login accounts? What if you need custom passwords as well? Well, that is what this script is for.
Code
Write-host "-------------------------------------" -ForegroundColor Green
Write-host " MIM Account Creation Script" -ForegroundColor Green
Write-host "-------------------------------------" -ForegroundColor Green
Write-host ""
Write-host ""
# Import AD Module
Import-Module ActiveDirectory
# Standard MIM User and Password
$Users = @("MIMINSTALL", "MIMMA", "MIMSync", "MIMService","MIMSSPR","SharePoint","SqlServer","BackupAdmin","MIMpool")
# Loop for all users
Foreach ($USer in $Users) {
# Account Name
Write-host "Do you want to use the standard name for the $User account? [s or c]: " -ForegroundColor Yellow -NoNewline
$AccountAnswer = Read-Host
If ($AccountAnswer -eq 'c') {
Write-host "What account name do you want to use: " -ForegroundColor Yellow -NoNewline
$AccountName = Read-Host
} Else {
$AccountName = $User
}
# Password Creation
Write-host "Do you want to use the standard password for the $User account? [s or c]: " -ForegroundColor Yellow -NoNewline
$PasswordAnswer = Read-Host
# Set password to something custom
If ($PasswordAnswer -eq 'c') {
Write-host "Please enter a new password to be used with this account: " -ForegroundColor Yellow -NoNewLine
$SecurePassword = Read-Host -AsSecureString
# $SecurePassword = ConvertTo-SecureString $Password –asplaintext –force
} Else {
$SecurePassword = ConvertTo-SecureString "!th1sISs3cur3#" –asplaintext –force
}
# Account Creation
Try {
$Check = Get-ADUser $AccountName -ErrorAction STOP
} Catch {
$Check = $Null
}
$DNSRoot = (get-addomain).dnsroot
$UPN = $AccountName+"@"+$DNSRoot
If ($Check -eq $Null) {
New-ADUser -Enabled $True –SamAccountName $AccountName –name $AccountName -PasswordNeverExpires 1 -AccountPassword $SecurePassword -UserPrincipalName $UPN
} Else {
Write-host ' '
Write-host "User Account " -ForegroundColor White -NoNewline
Write-host "$AccountName " -ForegroundColor Green -NoNewline
Write-host "already exists and will not be created." -ForegroundColor White
Write-host ' '
}
Write-host '-----------------------------------------------------------------------' -ForegroundColor Green
Write-host ' '
}
Sample Run Through
The below is a sample real world run-through to show how the script works when creating accounts. Note there is detection code for duplicate accounts:
Hope you find this script useful. Look for the next article on Group and SPN creation to come out soon as well.
