Fix usercreation;Fix GPO
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a1b63ef568
commit
a578ec5ae5
@ -35,13 +35,17 @@ If (@('primary','standalone') -contains $Parameter['deployment.type']) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ForEach ($User in $Entries.Users) {
|
ForEach ($User in $Entries.Users) {
|
||||||
|
$UserName = ($User.DistinguishedName -split ',', 2)[0].Substring(3)
|
||||||
|
$SanitizedUPN = ($UserName -replace "[^a-zA-Z0-9'\.-_!#\^~]").Trim('.')
|
||||||
|
|
||||||
# Create new user
|
# Create new user
|
||||||
$NewADUserSplat = @{
|
$NewADUserSplat = @{
|
||||||
Name = ($User.DistinguishedName -split ',', 2)[0].Substring(3)
|
Name = $UserName
|
||||||
Path = ($User.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
|
UserPrincipleName = "$($SanitizedUPN)@$((Get-ADDomain).DNSRoot)"
|
||||||
AccountPassword = ConvertTo-SecureString $User.Password -AsPlainText -Force
|
Path = ($User.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
|
||||||
PassThru = $True
|
AccountPassword = ConvertTo-SecureString $User.Password -AsPlainText -Force
|
||||||
ErrorAction = 'SilentlyContinue'
|
PassThru = $True
|
||||||
|
ErrorAction = 'SilentlyContinue'
|
||||||
}
|
}
|
||||||
$NewADUser = New-ADUser @NewADUserSplat
|
$NewADUser = New-ADUser @NewADUserSplat
|
||||||
# Add user to group(s)
|
# Add user to group(s)
|
||||||
|
@ -6,7 +6,7 @@ Users:
|
|||||||
Password: "{{ password.johndoe }}"
|
Password: "{{ password.johndoe }}"
|
||||||
MemberOf: []
|
MemberOf: []
|
||||||
- DistinguishedName: CN=admJaneD,OU=Administrators,OU=Privileged,OU=User accounts
|
- DistinguishedName: CN=admJaneD,OU=Administrators,OU=Privileged,OU=User accounts
|
||||||
Password: "{{ password.amdjaned }}"
|
Password: "{{ password.admjaned }}"
|
||||||
MemberOf: []
|
MemberOf: []
|
||||||
- DistinguishedName: CN=zzLDAP,OU=Service accounts,OU=Privileged,OU=User accounts
|
- DistinguishedName: CN=zzLDAP,OU=Service accounts,OU=Privileged,OU=User accounts
|
||||||
Password: "{{ password.zzldap }}"
|
Password: "{{ password.zzldap }}"
|
||||||
@ -20,9 +20,9 @@ Variables:
|
|||||||
- Name: password.johndoe
|
- Name: password.johndoe
|
||||||
Expression: |
|
Expression: |
|
||||||
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
||||||
- Name: password.amdjaned
|
- Name: password.admjaned
|
||||||
Expression: |
|
Expression: |
|
||||||
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'admjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
||||||
- Name: password.zzldap
|
- Name: password.zzldap
|
||||||
Expression: |
|
Expression: |
|
||||||
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
|
||||||
|
@ -1,9 +1,15 @@
|
|||||||
Name: 'COMP: Loopback processing (Merge)'
|
Name: 'COMP: Disable Server Manager at Logon'
|
||||||
Type: Object
|
Type: Object
|
||||||
LinkedOUs: OU=Servers,OU=Computer accounts
|
LinkedOUs:
|
||||||
|
- OU=Servers,OU=Computer accounts
|
||||||
|
- OU=Domain Controllers
|
||||||
WMIFilters: []
|
WMIFilters: []
|
||||||
RegistryEntries:
|
RegistryEntries:
|
||||||
- Key: HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager
|
- Key: HKLM\Software\Microsoft\ServerManager
|
||||||
Type: Dword
|
Type: Dword
|
||||||
ValueName: DoNotOpenAtLogon
|
ValueName: DoNotOpenAtServerManagerAtLogon
|
||||||
|
Value: 1
|
||||||
|
- Key: HKLM\Software\Microsoft\ServerManager
|
||||||
|
Type: Dword
|
||||||
|
ValueName: DoNotPopWACConsoleAtSMLaunch
|
||||||
Value: 1
|
Value: 1
|
||||||
|
Loading…
Reference in New Issue
Block a user