Hi.
We are changing ou priveliged accounts to a setup where the user can be presented for a number of service accounts with certain priveliges if he has been approved to certain group membership.
Thus, I need to create a script that can provision a number of service accounts with a narrow naming syntax and afterwards provide group membership. User names have a maximum of 20 characters thus:
example username
M1150-DomainAdminP01 |
M1150-DomainAdminP02 |
M1150-DomainAdminP03 |
M1150-DomainAdminP04 |
M1150-DomainAdminP05 |
M1150-DomainAdminP06 |
M1150-DomainAdminP07 |
M1150-DomainAdminP08 |
M1150-DomainAdminP09 |
| M1150-DomainAdminP10 |
Syntax service account name:
12345678901234567890 (20 characters i total)
Character 1---5: Domain name - user specify name for one domain at a time. If I need service accounts for several domains then I will run the script again... (or even better if someone has the scripting abilities give me the opportunity to choose one or several domains from list of 120 (yes 120 domains in total) domains and specify number of service accounts for each domain that I choose)
Character 6-17 Description of service account (if gaps when desciption do not use all 12 characters then use "-")
Character 18 = P
Character 19 and 20 = Forth running number (01, 02, 03, 04, 05)
MemberOf. I need to be able to specify that service users need to be Member of (get-adGroup -filter {name -like "xxxxx"}
Can someone please give me some help where to start. I have never created anything where I Iterate/create a number of users within a narrow naming convention.
Best regards
Carsten