Fix usercreation;Fix GPO
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2021-03-12 14:55:04 +01:00
parent a1b63ef568
commit a578ec5ae5
3 changed files with 22 additions and 12 deletions

View File

@ -35,9 +35,13 @@ If (@('primary','standalone') -contains $Parameter['deployment.type']) {
}
ForEach ($User in $Entries.Users) {
$UserName = ($User.DistinguishedName -split ',', 2)[0].Substring(3)
$SanitizedUPN = ($UserName -replace "[^a-zA-Z0-9'\.-_!#\^~]").Trim('.')
# Create new user
$NewADUserSplat = @{
Name = ($User.DistinguishedName -split ',', 2)[0].Substring(3)
Name = $UserName
UserPrincipleName = "$($SanitizedUPN)@$((Get-ADDomain).DNSRoot)"
Path = ($User.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
AccountPassword = ConvertTo-SecureString $User.Password -AsPlainText -Force
PassThru = $True

View File

@ -6,7 +6,7 @@ Users:
Password: "{{ password.johndoe }}"
MemberOf: []
- DistinguishedName: CN=admJaneD,OU=Administrators,OU=Privileged,OU=User accounts
Password: "{{ password.amdjaned }}"
Password: "{{ password.admjaned }}"
MemberOf: []
- DistinguishedName: CN=zzLDAP,OU=Service accounts,OU=Privileged,OU=User accounts
Password: "{{ password.zzldap }}"
@ -20,9 +20,9 @@ Variables:
- Name: password.johndoe
Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.amdjaned
- Name: password.admjaned
Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'admjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.zzldap
Expression: |
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']

View File

@ -1,9 +1,15 @@
Name: 'COMP: Loopback processing (Merge)'
Name: 'COMP: Disable Server Manager at Logon'
Type: Object
LinkedOUs: OU=Servers,OU=Computer accounts
LinkedOUs:
- OU=Servers,OU=Computer accounts
- OU=Domain Controllers
WMIFilters: []
RegistryEntries:
- Key: HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager
- Key: HKLM\Software\Microsoft\ServerManager
Type: Dword
ValueName: DoNotOpenAtLogon
ValueName: DoNotOpenAtServerManagerAtLogon
Value: 1
- Key: HKLM\Software\Microsoft\ServerManager
Type: Dword
ValueName: DoNotPopWACConsoleAtSMLaunch
Value: 1