Fix usercreation;Fix GPO
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2021-03-12 14:55:04 +01:00
parent a1b63ef568
commit a578ec5ae5
3 changed files with 22 additions and 12 deletions

View File

@ -35,13 +35,17 @@ If (@('primary','standalone') -contains $Parameter['deployment.type']) {
} }
ForEach ($User in $Entries.Users) { ForEach ($User in $Entries.Users) {
$UserName = ($User.DistinguishedName -split ',', 2)[0].Substring(3)
$SanitizedUPN = ($UserName -replace "[^a-zA-Z0-9'\.-_!#\^~]").Trim('.')
# Create new user # Create new user
$NewADUserSplat = @{ $NewADUserSplat = @{
Name = ($User.DistinguishedName -split ',', 2)[0].Substring(3) Name = $UserName
Path = ($User.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext) UserPrincipleName = "$($SanitizedUPN)@$((Get-ADDomain).DNSRoot)"
AccountPassword = ConvertTo-SecureString $User.Password -AsPlainText -Force Path = ($User.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
PassThru = $True AccountPassword = ConvertTo-SecureString $User.Password -AsPlainText -Force
ErrorAction = 'SilentlyContinue' PassThru = $True
ErrorAction = 'SilentlyContinue'
} }
$NewADUser = New-ADUser @NewADUserSplat $NewADUser = New-ADUser @NewADUserSplat
# Add user to group(s) # Add user to group(s)

View File

@ -6,7 +6,7 @@ Users:
Password: "{{ password.johndoe }}" Password: "{{ password.johndoe }}"
MemberOf: [] MemberOf: []
- DistinguishedName: CN=admJaneD,OU=Administrators,OU=Privileged,OU=User accounts - DistinguishedName: CN=admJaneD,OU=Administrators,OU=Privileged,OU=User accounts
Password: "{{ password.amdjaned }}" Password: "{{ password.admjaned }}"
MemberOf: [] MemberOf: []
- DistinguishedName: CN=zzLDAP,OU=Service accounts,OU=Privileged,OU=User accounts - DistinguishedName: CN=zzLDAP,OU=Service accounts,OU=Privileged,OU=User accounts
Password: "{{ password.zzldap }}" Password: "{{ password.zzldap }}"
@ -20,9 +20,9 @@ Variables:
- Name: password.johndoe - Name: password.johndoe
Expression: | Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.amdjaned - Name: password.admjaned
Expression: | Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'admjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.zzldap - Name: password.zzldap
Expression: | Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']

View File

@ -1,9 +1,15 @@
Name: 'COMP: Loopback processing (Merge)' Name: 'COMP: Disable Server Manager at Logon'
Type: Object Type: Object
LinkedOUs: OU=Servers,OU=Computer accounts LinkedOUs:
- OU=Servers,OU=Computer accounts
- OU=Domain Controllers
WMIFilters: [] WMIFilters: []
RegistryEntries: RegistryEntries:
- Key: HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager - Key: HKLM\Software\Microsoft\ServerManager
Type: Dword Type: Dword
ValueName: DoNotOpenAtLogon ValueName: DoNotOpenAtServerManagerAtLogon
Value: 1
- Key: HKLM\Software\Microsoft\ServerManager
Type: Dword
ValueName: DoNotPopWACConsoleAtSMLaunch
Value: 1 Value: 1