Auto-generation of powershell scripts

All sooner or later come to the desire to shift boring and monotonous work on the "shoulders" of the computer. For example, this feeling came to me when I began to implement Active Directory in an organization for 100+ employees. Adding and filling in all the fields for a large number of users manually is a terribly tedious and long task. Of course, the first thing I did was turn to powershell, but the process of writing the script somehow took too long and in the end nothing good came out. Dreams to have a beautiful and neat catalog of users remained dreams. Until I got excited about the idea of ​​automating the creation of powershell scripts.

Millions of administrators around the world, like me, catch the same bugs in thousands of identical scripts for the same standard tasks. It's amazing that before me, none of them decided to close this question once and for all, creating an automatic generator of poweshell scripts. If we can deploy a dozen servers a day, then teaching a computer to write a script without errors is definitely not a problem.

Closer to the point

In short, I put together such a script autogenerator and it is ready for beta testing. It is called d-lera ( d-lera.com ) and its main function is to eliminate the stage of writing script code, the longest and most tedious process when using powershell. Instead, the administrator fills out a fairly simple form — from this data, a ready-made powershell script is generated and saved automatically.

The project has just hatched, and now it is able to generate a simple and convenient script for creating users in Active Directory. I admit, I would like to hear from the commentators in the comments that they are now working incorrectly and what functions are needed “on the fields” in the first place. Go?
')

RTFM.txt

On a simple example, I will show how everything works. Suppose we have an organization with the uncomplicated name "Koteikins Firewood". There are two departments in it: “Shaggy sawmill” and “Mustached accounting”. In the first section there is one telephone number, and the second one is located in two offices at once, each with its own telephone.

It turns out this structure:



It is worth paying attention. that this structure does not necessarily have to repeat the structure of divisions in Active Directory.

Open the page http://d-lera.com/adusercreate , click "Create organization", enter the name. A root unit is created in which the “Organization” attribute is automatically filled:


In the field "Address in the directory" enter the address of the root unit (Organization Unit) in the directory Active Directory, where we store users. Do not add the domain address. We configure attributes that are the same for the whole organization: address, website address, account settings.


After that, we add two departments, “Shaggy power-saw bench” and “Mustache accounting”. When creating departments, all the settings of the parent are copied, but some attributes are updated automatically:

Fill in the same way the heads of departments (you need to enter the login of the account of the head of the department without the domain prefix) and shadow groups, and for “Shaggy power-saw benches” we also fill out the telephone and the office:



And now let's use the fact that when creating a script, the structure of divisions does not have to correspond to the structure of divisions in the Active Directory. In the “mustache accounting” we create two subsidiary divisions: “Mustached accounting: sour cream room” and “Mustached accounting: room with threads” and each of them fill in your phone and office:

Do not forget that when creating subsidiaries, some fields are filled in automatically. Manually delete the added address levels, and for the name of the department, select “update all subsidiary units” in “Usatoy accounting”:

And here we suddenly remember that when creating an account we want to enter an e-mail, and of course a password. Therefore, in Koteikins Firewood, check the checkbox for manual entry of a post and password and update all of its subsidiaries (only immediate heirs are updated, therefore, for Mustache Accounting, you must also press the update button):


And lastly: we’ll tick the “Resolve creation of users in this department” checkbox in “Kotekins Firewood” and “Usatoy Accounting”, so that the script would not suggest creating users there:

No one wants to immediately disclose all information about the organization's domain on the first website on the Internet, so after saving the script, you must open it with any text editor and correct the first two lines by entering the name of your Active Directory domain. Save, run:

Plans for the near future

• Ability to save configuration
• Script signing. Now they are generated unsigned. How to sign yourself can be read, for example, here
• Attribute constructors: so that, for example, a login is automatically compiled from a template based on a first and last name and translated from Russian into translit
• Combined input of multi-valued attributes: entered value + preset value (for example, input of an individual internal phone number + common city number)
• Scripts to update existing users, create users from Excel or .CSV
• Add custom Active Directory user attributes
• Exchange, SharePoint support
• Exploring and adding scripts for various other standard tasks.

PS I invite everyone to potestit and I will be very grateful for any suggestions / suggestions / comments. You can write to admin@d-lera.com , in a personal, in the comments and generally anywhere - we are still on the Internet

Since information about the organization's Active Directory is information of a rather intimate nature, then your opinion is very important: