· 5 years ago · Feb 12, 2020, 06:22 PM
1Write-Host "Please enter your domain credentials in the format of a UPN"
2$DomainCredential = Get-Credential
3$userAmountNeedingDelegation = Read-Host -Prompt "How many users do you need to add to the environment?"
4
5For ($i = 0; $i -lt $userAmountNeedingDelegation; $i++) {
6
7 #region These are properties our scripts needs for proper user assignment within the domain controller
8 $OULocation = "OU=Quiroga Team,OU=User Accounts,OU=Quiroga Law,DC=QLAW,DC=local"
9 $PrimarySMTPDomain = "@QuirogaLawOffice.com"
10 $whoReportsTo = ""
11 $officeLocation = ""
12 $employeeIsRemote = ""
13 $employeeIsSpanish = ""
14 $employeeIsFemale = ""
15 $employeeNeedsVPN = ""
16 #endregion
17
18 #region These are our domain group membership definitions for the varying roles we have
19 $RoleGroups = @("Corporate Team" , "Daily", "Quiroga Team")
20 #endregion
21
22 #region Functions we need to complete this entire process
23 function RunADFSync {
24 <#
25 .SYNOPSIS
26 This function connects to the ADFS-LOCAL Server using Remote PowerShell and executes the ADSync PS Command
27 .EXAMPLE
28 RunADFSync
29 #>
30 Write-Host "Connecting to ADFS Server ..."
31 $s = New-PSSession -ComputerName adfs-local
32 Invoke-Command -Session $s -ScriptBlock { Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1" }
33 Invoke-Command -Session $s -ScriptBlock { Start-ADSyncSyncCycle -PolicyType Delta }
34 Write-Host "Sucessfully Synchronized user to Office 365"
35 Disconnect-PSSession -Session $s
36 Write-Host "Closed out of Office 365 Connection ... `n"
37 }
38
39 function Set-Licensing {
40 Param
41 (
42 [Parameter(Mandatory = $true, Position = 0)]
43 [string]$FQDNUserName
44 )
45
46 Import-Module AzureAD
47 Connect-AzureAD -Credential $DomainCredential
48 Set-AzureADUser -ObjectId $FQDNUserName -UsageLocation "US"
49
50 $AzureUser = Get-AzureADUser -ObjectId $FQDNUserName
51 $AzureUser.UsageLocation = "US"
52
53 Write-Host "Attempting to assign Office 365 License to new user `n"
54 $AzureLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
55 $AzureLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
56
57 $AzureLicense.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value "ENTERPRISEPACK" -EQ).SkuID
58 $AzureLicenses.AddLicenses = $AzureLicense
59
60 Set-AzureADUserLicense -ObjectID $FQDNUserName -AssignedLicenses $AzureLicenses
61 Write-Host "Successfully assigned license to $($FQDNUserName)"
62
63 Disconnect-AzureAD
64 }
65 #endregion
66
67 function Set-Proper-Groups {
68 Param
69 (
70 [Parameter(Mandatory = $true, Position = 0)]
71 [string]$PositionName,
72 [Parameter(Mandatory = $true, Position = 1)]
73 [Object]$UserObject
74 )
75
76 if ([string]$employeeIsRemote.ToLower() -eq "yes") { $employeeIsRemote = "Remotes" } else { $employeeIsRemote = "" }
77 if ([string]$employeeIsSpanish.ToLower() -eq "yes") { $employeeIsSpanish = "Spanish" } else { $employeeIsSpanish = "" }
78 if ([string]$employeeIsFemale.ToLower() -eq "yes") { $employeeIsFemale = "Women" } else { $employeeIsFemale = "Men" }
79 if ([string]$employeeNeedsVPN.ToLower() -eq "yes") { $employeeNeedsVPN = "VPNUsers" } else { $employeeNeedsVPN = "" }
80
81 # Add the default location, sex and language preference groups
82 $RoleGroups = $RoleGroups + @($employeeIsFemale, $employeeIsSpanish, $employeeIsRemote, "$($officeLocation)", $employeeNeedsVPN)
83
84 switch ([string]$PositionName.ToLower()) {
85 "legal assistant" { $RoleGroups = $RoleGroups + @("GladiatorProductionAccess", "Production","UniversityLegalAssistant") }
86 "receptionist" {
87 $RoleGroups = $RoleGroups + @("Production", "GladiatorProductionAccess", "UniversityReceptionist", "Appointments",
88 "Call_Out", "Daily", "Facebook", "Fax Dist Group", "GladiatorAccountingAccess", "Intakes", "Leads", "New Hires", "Pandora", "Quiroga Law Webmaster",
89 "Reschedule", "Ruby", "Sales", "Sonos", "Spotify")
90 }
91 "attorney" { $RoleGroups = $RoleGroups + @("Attorneys", "Case_Brief", "GladiatorProductionAccess" ) }
92 }
93
94 foreach ($groupName in $RoleGroups) {
95 if (!$groupName -eq "") {
96 Add-ADGroupMember -Server "QLAWAD1" -Identity $groupName -Members $UserObject
97 }
98 }
99 }
100
101 function Set-Delegation {
102 Param
103 (
104 [Parameter(Mandatory = $true, Position = 0)]
105 [string]$FQDNUserName
106 )
107
108 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $DomainCredential -Authentication Basic -AllowRedirection
109 Import-PSSession $Session
110
111 Add-MailboxPermission -User "$($whoReportsTo)@quirogalawoffice.com" -Identity "$($FQDNUserName)" -AutoMapping $false -AccessRights FullAccess
112 Add-MailboxPermission -User "joseph.rouse@quirogalawoffice.com" -Identity "$($FQDNUserName)" -AutoMapping $false -AccessRights FullAccess
113 Add-MailboxPermission -User "stevan.veselinovic@quirogalawoffice.com" -Identity "$($FQDNUserName)" -AutoMapping $false -AccessRights FullAccess
114
115 Remove-PSSession -Session $Session
116 }
117
118 function Create-Signatures {
119 Param
120 (
121 [Parameter(Mandatory = $true, Position = 0)]
122 [string]$UserName,
123 [Parameter(Mandatory = $true, Position = 1)]
124 [string]$FullName,
125 [Parameter(Mandatory = $true, Position = 1)]
126 [string]$JobTitle,
127 [Parameter(Mandatory = $true, Position = 2)]
128 [string]$ImageName
129 )
130
131 # Let's create the default folder for this
132 New-Item -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)" -ItemType Directory
133 Write-Host "Successfully created default directory for $($FullName)"
134
135 $HtmlSigNew = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\New.htm" -Raw
136 # $RtfSigNew = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\New.rtf" -Raw
137 $TxtSigNew = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\New.txt" -Raw
138
139 $HtmlSigReply = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\Reply.htm" -Raw
140 $RtfSigReply = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\Reply.rtf" -Raw
141 $TxtSigReply = Get-Content -path "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultsig\Reply.txt" -Raw
142
143
144 Write-Host "Loaded default signature options..."
145 # Let's do our replacements for new signatures
146 $HtmlSigNew = $HtmlSigNew -replace '{FULLNAME}', "$($FullName)"
147 $HtmlSigNew = $HtmlSigNew -replace '{JOBTITLE}', "$($JobTitle)"
148 $HtmlSigNew = $HtmlSigNew -replace '{IMGNAME}', "$($ImageName)"
149 $TxtSigNew = $TxtSigNew -replace '{FULLNAME}', "$($FullName)"
150 $TxtSigNew = $TxtSigNew -replace '{JOBTITLE}', "$($JobTitle)"
151
152 Set-Content -Value $HtmlSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\New.htm"
153 Set-Content -Value $RtfSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\New.rtf"
154 Set-Content -Value $TxtSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\New.txt"
155
156 Write-Host "Over-written signature data for $($FullName), with position $($JobTitle) and saved new signature"
157
158 # Let's do our replacements for reply signatures
159 $HtmlSigReply = $HtmlSigReply -replace '{FULLNAME}', "$($FullName)"
160 $HtmlSigReply = $HtmlSigReply -replace '{JOBTITLE}', "$($JobTitle)"
161 $HtmlSigReply = $HtmlSigReply -replace '{IMGNAME}', "$($ImageName)"
162 $RtfSigReply = $RtfSigReply -replace '<FULLNAME>', "$($FullName)"
163 $RtfSigReply = $RtfSigReply -replace '<JOBTITLE>', "$($JobTitle)"
164 $RtfSigReply = $RtfSigReply -replace '<IMGNAME>', "$($ImageName)"
165 $TxtSigReply = $TxtSigReply -replace '{FULLNAME{', "$($FullName)"
166 $TxtSigReply = $TxtSigReply -replace '{JOBTITLE{', "$($JobTitle)"
167 $TxtSigReply = $TxtSigReply -replace '{IMGNAME}', "$($ImageName)"
168
169 Set-Content -Value $HtmlSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\Reply.htm"
170 Set-Content -Value $RtfSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\Reply.rtf"
171 Set-Content -Value $TxtSigNew -Path "\\qlaw.local\NETLOGON\UserSignatures\$($UserName)\Reply.txt"
172
173 Write-Host "Over-written signature data for $($FullName), with position $($JobTitle) and saved REPLY signature"
174 }
175
176 function Send-WelcomeEmail {
177 Param
178 (
179 [Parameter(Mandatory = $true, Position = 0)]
180 [string]$EmployeeFirstName,
181 [Parameter(Mandatory = $true, Position = 1)]
182 [string]$EmployeeFullName,
183 [Parameter(Mandatory = $true, Position = 2)]
184 [string]$EmployeePosition,
185 [Parameter(Mandatory = $true, Position = 3)]
186 [string]$AbacusCredentials,
187 [Parameter(Mandatory = $true, Position = 4)]
188 [string]$UserExtension,
189 [Parameter(Mandatory = $true, Position = 5)]
190 [string]$UserName,
191 [Parameter(Mandatory = $true, Position = 6)]
192 [string]$RemoteEmployee
193 )
194
195 $BodySignature = Get-Content -Raw -Path "\\qlaw.local\NETLOGON\UserSignatures\stevan.veselinovic\New.htm"
196
197 $word = New-Object -ComObject Word.Application
198
199 if($RemoteEmployee -eq "no") {
200 $WelcomeLetter = $word.Documents.Open("C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultdocs\WelcomeLocal.docx");
201 }
202 else {
203 $WelcomeLetter = $word.Documents.Open("C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultdocs\WelcomeRemote.docx")
204 }
205
206 $SaveFilePath = "C:\Users\stevan.veselinovic\Documents\Useful Scripts\PowerShell\defaultdocs\Welcome $($EmployeeFirstName).pdf"
207
208 $FindText = $search
209 $MatchCase = $False
210 $MatchWholeWord = $False
211 $MatchWildcards = $False
212 $MatchSoundsLike = $False
213 $MatchAllWordForms = $False
214 $Forward = $True
215 $Wrap = $wdFindContinue
216 $Format = $False
217 $wdReplaceNone = 1
218 $ReplaceWith = $replacewithtext
219 $wdFindContinue = 1
220
221 # Update the welcome letter values
222 $WelcomeLetter.Content.Find.Execute("<FIRSTNAME>",$MatchCase,$MatchWholeWord,$MatchWildcards,$MatchSoundsLike,$MatchAllWordForms,$Forward,$Wrap,$Format,"$($EmployeeFirstName)",2)
223 $WelcomeLetter.Content.Find.Execute("<EXTENSION>",$MatchCase,$MatchWholeWord,$MatchWildcards,$MatchSoundsLike,$MatchAllWordForms,$Forward,$Wrap,$Format,"$($UserExtension)",2)
224 $WelcomeLetter.Content.Find.Execute("<WINDOWSUSERNAME>",$MatchCase,$MatchWholeWord,$MatchWildcards,$MatchSoundsLike,$MatchAllWordForms,$Forward,$Wrap,$Format,"$($UserName)",2)
225 $WelcomeLetter.Content.Find.Execute("<ABACUSID>",$MatchCase,$MatchWholeWord,$MatchWildcards,$MatchSoundsLike,$MatchAllWordForms,$Forward,$Wrap,$Format,"$($AbacusCredentials)",2)
226
227 $WelcomeLetter.SaveAs([ref] $SaveFilePath, [ref] 17)
228
229 $WelcomeLetter.Content.Document.Undo(4)
230
231 $WelcomeLetter.Close()
232
233 $word.Quit()
234
235 $Body = "Hello $($EmployeeFirstName), and welcome to Quiroga Law Office, PLLC! We are happy to have you on board as a $($EmployeePosition)." +
236 "<br /><br />Attached in this email is a welcome letter which includes your default credentials, some instructions on using phones as well as voicemail.<br /><br />" +
237 "Please review this letter carefully, and make sure you change your voice mail greeting."
238
239 # We don't ask remote employees for their cell phone #'s
240 if($RemoteEmployee -eq "no") {
241 $Body = $Body + "<br /><br />Also, please send me your cell phone #, as we'd like to add it to the company directory."
242 }
243
244 $Body = $Body + "<br /><br />" + $BodySignature
245
246 Send-MailMessage -From 'Stevan Veselinovic <stevan@quirogalawoffice.com>' -To "$($EmployeeFullName) <$($UserName)@quirogalawoffice.com>" -Bcc "Joseph Rouse <Joe@QuirogaLawOffice.com>" -Subject "Welcome to Quiroga Law Office, $($EmployeeFirstName)!" -Body $Body -Attachments $SaveFilePath -BodyAsHtml -Priority High -SmtpServer 'smtp.office365.com' -Credential 'stevan.veselinovic@quirogalawoffice.com' -Port 587 -UseSsl
247
248 # Clean up
249 Remove-Item -Path $SaveFilePath
250 }
251
252 Write-Host "Before continuing, please verify the following information is unique.
253 1. Combination of First & Last Name (for example, if Stevan Veselinovic exists, use something else!)
254 2. The initials are unique, i.e SV `n" -ForegroundColor Green
255
256 $UserAck = Read-Host "Are the details defined above unique for this user? Yes / No"
257
258 # If the user running this script has verified this is indeed a unique user, let's proceed
259 if ($UserAck.ToLower() -eq "yes") {
260 $firstName = Read-Host "First Name"
261 $lastName = Read-Host "Last Name"
262 $position = Read-Host "What position [Role] are we hiring this invidual for?"
263 $officeLocation = Read-Host "What office are they located in?"
264 $initials = Read-Host "What are the indivduals initials? THESE MUST BE UNIQUE"
265 $whoReportsTo = Read-Host "Whom do they report to? Please type First and Last Name of the managing staff member. For example: joseph.rouse"
266 $assignedExtension = Read-Host "What extension # is assigned to $($firstName)"
267 $employeeIsRemote = Read-Host "Is this Employee remote? yes / no"
268 $employeeIsSpanish = Read-Host "Is this Employee Spanish Speaking? yes / no"
269 $employeeIsFemale = Read-Host "Is this Employee Female? yes / no"
270 $employeeNeedsVPN = Read-Host "Does this employee need VPN Access? yes / no"
271
272 if (!([string]::IsNullOrEmpty($firstName)) -and
273 !([string]::IsNullOrEmpty($lastName)) -and
274 !([string]::IsNullOrEmpty($officeLocation)) -and
275 !([string]::IsNullOrEmpty($initials)) -and
276 !([string]::IsNullOrEmpty($whoReportsTo)) -and
277 !([string]::IsNullOrEmpty($position)) -and
278 !([string]::IsNullOrEmpty($employeeIsRemote)) -and
279 !([string]::IsNullOrEmpty($employeeIsSpanish)) -and
280 !([string]::IsNullOrEmpty($employeeIsFemale)) -and
281 !([string]::IsNullOrEmpty($employeeNeedsVPN))) {
282
283 # Create the domain user, and assign it to the right OU
284
285 # Set the intial assigment
286 New-ADUser -Server "QLAWAD1" -Name "$($firstName) $($lastName)" -GivenName $firstName -Surname $lastName -SamAccountName "$($firstname.ToLower()).$($lastName.ToLower())" -UserPrincipalName "$($firstname.ToLower()).$($lastName.ToLower())@quirogalawoffice.com" -Path $OULocation
287
288 # Reload the user, let's do some work
289 $User = Get-ADUser -Server "QLAWAD1" -Identity "$($firstName.ToLower()).$($lastName.ToLower())" -Properties *
290
291 # Set the company and other use profile information. Having the company name helps us build out the Corporate Diagram
292 $User.Company = "Quiroga Law Office, PLLC"
293 $User.HomeDrive = "H"
294 $User.HomeDirectory = "\\spk-nas1\homes\$($firstName.ToLower()).$($lastName.ToLower())"
295 $User.Office = $officeLocation
296 $User.Initials = $initials.ToUpper()
297 $User.Title = $position
298 $User.OfficePhone = $assignedExtension
299 $User.MemberOf
300
301 # $User.Manager = $whoReportsTo
302 $User.DisplayName = "$($firstName) $($lastName)"
303
304 # Set the email details [including proxy addresses - very important!]
305 $User.EmailAddress = "$($firstName)@QuirogaLawOffice.com"
306
307 # Let's create the proxy addresses now and assign them
308 $ProxyAddresses = @("SMTP:$($firstName)$($PrimarySMTPDomain)", "smtp:$($firstName.ToLower()).$($lastName.ToLower())$($PrimarySMTPDomain)", "smtp:$($firstName.ToLower()).$($lastName.ToLower())@quirogalawofficepllc.onmicrosoft.com")
309 $UsableHashTable = New-Object HashTable
310 $UsableHashTable.Add("proxyAddresses", $ProxyAddresses)
311
312 # Create the users home directory
313 New-Item -ItemType Directory -Force -Path "\\10.1.100.15\homes\$($firstName.ToLower()).$($lastName.ToLower())"
314
315 # This takes care of the hash table, or proxyAddresses
316 Set-AdUser -Server "QLAWAD1" -Identity "$($firstname.ToLower()).$($lastName.ToLower())" -Replace $UsableHashTable
317
318 # This updates all of our values above
319 Set-AdUser -Server "QLAWAD1" -Instance $User
320
321 # We call this function so that it may assign the proper domain groups to this user
322 Set-Proper-Groups -PositionName $position -UserObject $User
323
324 # Kick off remote ADFS Sync
325 RunADFSync
326
327 # Put this script to sleep before starting off the license assignment. This gives us enough time to sync the user to the cloud
328 Write-Host "The script is now pausing for 2 minutes before assigning the appropriate Office 365 license`s" -ForegroundColor Green
329 Write-Host "Licensing assignmented to start at $((Get-Date).AddSeconds(121).ToString("hh:mm"))" -ForegroundColor Green
330 Start-Sleep -s 120
331
332 # Assign user license
333 Set-Licensing -FQDNUserName $User.UserPrincipalName
334
335 # Put this script to sleep before starting off mailbox delegation. This should give us enough time for the mailbox to be created on Exchange 365
336 Write-Host "The script is now pausing for 10 minutes before assigning default access permissions for the new mailbox" -ForegroundColor Green
337 Write-Host "Assigning default access permissions set to begin at $((Get-Date).AddSeconds(960).ToString("hh:mm"))" -ForegroundColor Green
338 Start-Sleep -s 960
339
340 # Give leadership team delegation rights
341 Set-Delegation -FQDNUserName $User.UserPrincipalName
342
343 # Create signatures
344 Create-Signatures -UserName $User.SamAccountName -FullName $User.DisplayName -JobTitle $User.Title -ImageName "temp.jpg"
345
346 # Send the welcome email!
347 Send-WelcomeEmail -EmployeeFirstName "$($firstName)" -EmployeeFullName "$($firstName) $($lastName)" -EmployeePosition "$($position)" -AbacusCredentials "$($initials)" -UserExtension "$($assignedExtension)" -UserName "$($firstName.ToLower()).$($lastName.ToLower())" -RemoteEmployee $employeeIsRemote
348
349 Write-Host "$($firstName)'s account, signature, and welcome email have been setup and distributed. You must now enable their account, set the default password, and setup remote and their PC."
350 }
351 else {
352 Write-Host "One of the required fields was not entered. Please try again"
353 }
354 }
355}