Slightly reduce the action

Each administrator always reduces his actions to a minimum, writes scripts, writes programs, and in order to do less routine tasks, one has to show imagination and work with his head. I want to share my experience, maybe someone will help. My company now has a small number of employees, about 15-18. Mail is created on the Zimbra server, and each employee works under his local account on the computer. And to me here historically it happened that AD is not.

There was a need to deploy a file server, I deployed it based on MS Windows server 2016, from itself it represents the role of a file server where VHDX (virtual hard disk) is created which is a common pool for all. Access is simple, we create local groups and give permissions to groups, and then add each employee to these same groups. But to start each employee manually, move the mouse, flick through the tabs and then write the letter to the employee with the password and access, this is not "true." As a result, I wrote a small script, where from one console window we do all these actions in 4 steps.

First we need to create a user, create a password for it and add a description, for this we need to transfer data to variables.

$login=read-host "  " #    $name=read-host "   " #  $dep=read-host " " #   $Chars = [Char[]]"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" #      $Password=($Chars | Get-Random -Count 10) -join "" #    10  $date = Get-Date #  " $date " + " " + " srv-fs\" + "$login " + " " + " $Password" >> "X:\IT\password_users.txt" $us="$login"+"@"+"domain.net" #        

After passing this block, we get a line in the file - “02/12/2018 08:18:24 for the employee srv-fs \ testovich the password a15qBci2m9 is created”, then you need to create this account.

 $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force #     New-LocalUser "$login" -Password $SecurePassword -PasswordNeverExpires -FullName "$Name" -Description "$dep" #  Add-LocalGroupMember -Group "Share" -Member "$login" #      

As a result, after passing the next block, we get an account with the Share group.

And now we will send the login information to the employee.

 $EmailFrom = "srv-fs@domain.net" #     $EmailTo = "it@domain.net,$us" #      $us -  $login"+"@"+"domain.net $Subject = "   " $Body = "$name" + ",       .   . " + " " + " srv-fs\" + "$login " + " | " + " $Password" + "|" #  $SmtpServer = "mx.domain.net" #  $smtp = New-Object net.mail.smtpclient($SmtpServer) $smtp.Send($EmailFrom, $EmailTo, $Subject, $Body) 

A message will be sent to the e-mail of the employee with the subject "Access to the shared disk", and the message body will contain
"Ivanov Ivan Testovich, you have access to the shared network drive. To log in, use. Username srv-fs \ testovich | Password a15qBci2m9 |"

We do not forget, because the employee works in some division and we have access to folders by groups, now we need to add the user to the necessary group.

 #      ,   1     Write-Host ″ ″ -ForegroundColor Red Write-Host ″1. ″ -ForegroundColor Green Write-Host ″2. ″ -ForegroundColor Green Write-Host ″3. ″ -ForegroundColor Green Write-Host ″4. ″ -ForegroundColor Green Write-Host ″5.  ″ -ForegroundColor Green Write-Host ″6. IT″ -ForegroundColor Green Write-Host ″7. ″ -ForegroundColor Green Write-Host ″8.     ″ -ForegroundColor Red $choice = Read-Host ″  ″ #    Switch($choice){ 1{Add-LocalGroupMember -Group "Account" -Member "$login"} 2{Add-LocalGroupMember -Group "Admin" -Member "$login"} 3{Add-LocalGroupMember -Group "Analytic" -Member "$login"} 4{Add-LocalGroupMember -Group "Developer" -Member "$login"} 5{Add-LocalGroupMember -Group "HR" -Member "$login"} 6{Add-LocalGroupMember -Group "IT" -Member "$login"} 7{Add-LocalGroupMember -Group "Management" -Member "$login"} 8{Write-Host ″″; exit} default {Write-Host ″ ,   .″ -ForegroundColor Red} } 

And at the end of it all, we have a ready user with the right groups, description and password. The employee, in turn, received a letter and connected to the disk, and if not, then this is another story ...