Tips-Of-Mine/Powershell
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Téléverser les fichiers vers "Active Directory"

Browse Source
This commit is contained in:
Hubert Cornet
2025-08-06 10:14:28 +02:00
parent 66ce24c4b3
commit 1e529de629
5 changed files with 3539 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1372
Active Directory/Audit-v3.ps1 Normal file
View File

File diff suppressed because it is too large Load Diff

1658
Active Directory/Audit.ps1 Normal file
View File

File diff suppressed because it is too large Load Diff

50
Active Directory/Get-AdComputerInventory.ps1 Normal file
View File

@@ -0,0 +1,50 @@
$Computers = Get-ADComputer -filter * | Select-Object -ExpandProperty Name
# Get-ADComputer -Filter { OperatingSystem -NotLike '*Server*' } -Properties OperatingSystem
Foreach ($computer in $computers) {
if (!(Test-Connection -Cn $computer -BufferSize 16 -Count 1 -ea 0 -quiet)) {
write-host "cannot reach $computer offline" -f red
}
else {
$outtbl = @()
Try {
$sr = Get-WmiObject win32_bios -ComputerName $Computer -ErrorAction Stop
$Xr = Get-WmiObject class Win32_processor -ComputerName $computer -ErrorAction Stop
$ld = get-adcomputer $computer -properties Name, Lastlogondate, operatingsystem, ipv4Address, enabled, description, DistinguishedName -ErrorAction Stop
$r = "{0} GB" -f ((Get-WmiObject Win32_PhysicalMemory -ComputerName $computer | Measure-Object Capacity -Sum).Sum / 1GB)
$x = gwmi win32_computersystem -ComputerName $computer | Select-Object @{Name = "Type"; Expression = { if (($_.pcsystemtype -eq '2') ) {
'Laptop'
}
Else {
'Desktop Or Other something else'
}
}
}, Manufacturer, @{Name = "Model"; Expression = { if (($_.model -eq "$null") ) { 'Virtual' } Else { $_.model } } }, username -ErrorAction Stop
$t = New-Object PSObject -Property @{
serialnumber = $sr.serialnumber
computername = $ld.name
Ipaddress = $ld.ipv4Address
Enabled = $ld.Enabled
Description = $ld.description
Ou = $ld.DistinguishedName.split(',')[1].split('=')[1]
Type = $x.type
Manufacturer = $x.Manufacturer
Model = $x.Model
Ram = $R
ProcessorName = ($xr.name | Out-String).Trim()
NumberOfCores = ($xr.NumberOfCores | Out-String).Trim()
NumberOfLogicalProcessors = ($xr.NumberOfLogicalProcessors | Out-String).Trim()
Addresswidth = ($xr.Addresswidth | Out-String).Trim()
Operatingsystem = $ld.operatingsystem
Lastlogondate = $ld.lastlogondate
LoggedinUser = $x.username
}
$outtbl += $t
}
catch [Exception] {
"Error communicating with $computer, skipping to next"
}
$outtbl | Select-Object Computername, enabled, description, ipAddress, Ou, Type, Serialnumber, Manufacturer, Model, Ram, ProcessorName, NumberOfCores, NumberOfLogicalProcessors, Addresswidth, Operatingsystem, loggedinuser, Lastlogondate
}
}

50
Active Directory/New-UsersHome.ps1 Normal file
View File

@@ -0,0 +1,50 @@
<#
.SYNOPSIS
Créer des dossiers utilisateurs avec les autorisations contrôle total
.PARAMETER Domain
Indique le domaine
.PARAMETER BaseDir
Indique le dossier racine
.EXAMPLE
New-UsersHome -Domain "@Domaine.local" -BaseDir "C:\UsersHome"
#>
param (
[parameter(Mandatory = $True)]
[ValidateNotNullOrEmpty()]$Domain,
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]$BaseDir
)
# Lister tous les utilisateurs du domaine
$Users = Get-ADUser -Filter { UserPrincipalName -like "*$($Domain)" } | Select SAMAccountName, SID
# Déactiver l'héritage sur le dossier racine et supprimer les autorisation Utilisateurs
Foreach ($User in $Users) {
$UserDir = Join-Path $BaseDir $User.SAMAccountName
If (!(test-path $UserDir)) {
New-Item -ItemType Directory -Path $UserDir
}
$acl = Get-Acl $UserDir
$acl.SetAccessRuleProtection($true, $true)
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($User.SID, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
$acl.AddAccessRule($AccessRule)
Set-Acl -Path $UserDir -AclObject $acl -ea Stop
}

409
Active Directory/creation-automatique.ps1 Normal file
View File

@@ -0,0 +1,409 @@
# Fonction pour les requetes SQL
Function QuerySQLServer([string]$DBServer, [string]$DBName, [string]$Query) {
Try {
$ErrorActionPreference = "Stop"
$resultsDataTable = New-Object System.Data.DataTable
$cn = new-object System.Data.SqlClient.SqlConnection("Data Source=$DBServer;Integrated Security=SSPI;Initial Catalog=$DBName")
$cn.open()
$cmd = new-object "System.Data.SqlClient.SqlCommand" ($Query , $cn)
$reader = $cmd.ExecuteReader()
$resultsDataTable.Load($reader)
$cn.Close()
return $resultsDataTable
}
Catch {
write-host $_.Exception.Message
$_.Exception.Message >> "d:\tmp\error.log"
}
Finally {
$ErrorActionPreference = "Continue"
}
}
# Fonction pour les requetes dans GLPI
Function QueryGLPI([string]$Titre, [string]$Message, [string]$Categorie) {
Write-host $Titre
Write-host $Message
Write-host $Categorie
$UtilisateurGLPI = Get-GlpiToolsUsers -UserName helpdesk
$Ticket = New-GlpiToolsTicket -Name $Titre -Content $Message -Type Request -itilcategories_id $Categorie -Priority Medium -requester_id $UtilisateurGLPI.ID
Update-GlpiToolsTicket -ticket_id $Ticket.id -requester_id $UtilisateurGLPI.ID -technician_id '12'
}
cls
$ListeException = $null
$ListeVide = $null
$FichierException = "D:\tmp\Exception.txt"
$FichierVide = "D:\tmp\vide.txt"
$percentCompleteA = $null
$percentCompleteB = $null
$CounterA = $null
$CounterB = $null
$EtatUtilisateur = $null
$DateDesactivation = Get-Date -Format "dd/MM/yyyy"
$DateExpiration = (Get-Date $DateDesactivation).AddDays(-1)
$DateDelete = (Get-Date $DateDesactivation).AddDays(-30)
$DateTmp = (Get-Date).AddDays(-1)
$DateCreation = Get-Date $DateTmp -Format "yyyy-dd-MM"
Start-Transcript -path "D:\tmp\MyTranscript-$DateCreation.txt"
$OuPath = "OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserAD = Get-ADUser -Filter * -SearchBase $OuPath -Properties cn,description,sAMAccountName
## Desactivation ou Update de compte
Foreach ($UserAD in $ListeUserAD) {
# Barre de progression
$percentCompleteA = $(($CounterA / $ListeUserAD.Count) * 100 )
$ProgressA = @{
Activity = "Getting folder information for '$($UserAD.Name)'."
Status = "Processing $CounterA of $($ListeUserAD.Count)"
PercentComplete = $([math]::Round($percentCompleteA, 2))
}
Write-Progress @ProgressA -Id 1
# recherche inforamtiopn 1 utilisateur
$InfoUser = Get-ADUser -identity $UserAD.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
$C = $UserAD.C
$City = $UserAD.City
$Cn = $UserAD.Cn
$Company = $UserAD.Company
$department = $UserAD.Department
$displayName = $UserAD.DisplayName
$EmailAddress = $UserAD.EmailAddress
$Enable = $UserAD.Enabled
$GivenName = $UserAD.GivenName
$Name = $UserAD.Name
$Office = $UserAD.Office
$Organization = $UserAD.Organization
$PostalCode = $UserAD.PostalCode
$sn = $UserAD.Sn
$Surname = $UserAD.Surname
$ExtensionAttribute1 = $InfoUser.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUser.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUser.Mail
$EmployeeID = $InfoUser.employeeID
$EmployeeNumber = $InfoUser.EmployeeNumber
$EmployeeType = $InfoUser.EmployeeType
$Title = $InfoUser.Title
$Initials = $InfoUser.Initials
# Est-ce qu'il est actif
If ($Enable -eq "True") {
# Est-ce qu'il est interne
If($EmployeeType -eq "Interne") {
# Est-ce qu'il a un ID
If ($EmployeeID) {
# Si l'employeeID est bien présent
$EtatUtilisateurD = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID' And DAT_SRT IS NOT NULL"
$EtatUtilisateurU = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE MTR = '$EmployeeID'"
# Desactivation du compte ?
If ($EtatUtilisateurD) {
If ($DateExpiration -gt $EtatUtilisateurD.DAT_SRT) {
Get-ADUser -Identity $UserAD.sAMAccountName | Move-ADObject -TargetPath "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
Set-ADAccountExpiration -Identity $UserAD.sAMAccountName -DateTime $dateExpiration
Set-ADUser -Identity $Utilisateur -Clear msDS-cloudExtensionAttribute2
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute2' = "$DateExpiration"}
Disable-ADAccount -Identity $UserAD.sAMAccountName
$TitreA = "Désactivation du compte Active Directory : $UserAD.sAMAccountName "
$MessageA = "Bonjour, `r`n `r`n" `
+"Nous venons de désactiver le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte restera en état désactivé pendant 30 jours avant d'être supprimé `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreA $MessageA "213"
}
}
# Mise en place de la civilité
If ($EtatUtilisateurU) {
If (($Initials -ne "Mr") -And ($EtatUtilisateurU.COD_SEX -eq "H")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mr"
Write-Host " - Update civilité - Mr"
}
ElseIf (($Initials -ne "Mme") -And ($EtatUtilisateurU.COD_SEX -eq "F")) {
Set-ADUser -Identity $UserAD.sAMAccountName -Clear Initials
Set-ADUser -Identity $UserAD.sAMAccountName -Initials "Mme"
Write-Host " - Update civilité - Mme"
}
Else {
# Write-Host " - Pas de modification"
}
}
# Mise en place du Employee Number
If ($EmployeeNumber -ne $EtatUtilisateurU.NUM_ALC) {
If ($EmployeeID.substring(0, 1) -eq 0 ) {
$tmp = ($EtatUtilisateurU.NUM_ALC).Remove(0,1)
If (!($EmployeeNumber -eq $tmp)) {
Write-host " - 2erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
Else {
Write-host " - erreur : "$EtatUtilisateurU.MTR" > $EmployeeID | "$EtatUtilisateurU.NUM_ALC" > $EmployeeNumber"
}
}
# Controle du status
If (($ExtensionAttribute1 -eq $null) -Or ($ExtensionAttribute1 -ne $EmployeeType)) {
Set-ADUser -Identity $UserAD.sAMAccountName -Add @{'msDS-cloudExtensionAttribute1' = $EmployeeType}
}
}
Else {
# Si l'employé ID n'est pas présent
$EtatUtilisateurID = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE NOM = '$Surname' And PRN ='$GivenName' And DAT_SRT IS NULL"
If ($EtatUtilisateurID) {
Set-ADUser -Identity $UserAD.sAMAccountName -EmployeeID $EtatUtilisateurID.MTR
Write-Host " - Mise en place de employee ID"
}
}
}
Else {
# Passage d'un externe en interne
}
}
$EtatUtilisateurD = $null
$EtatUtilisateurU = $null
$CounterA++
}
## Suppression des comptes de plus 1 mois
$OuPathDelete = "OU=_A_SUPPRIMER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group"
$ListeUserADDelete = Get-ADUser -Filter * -SearchBase $OuPathDelete -Properties cn,description,sAMAccountName
Foreach ($UserADDelete in $ListeUserADDelete) {
# Barre de progression
$percentCompleteB = $(($CounterB / $ListeUserADDelete.Count) * 100 )
$ProgressB = @{
Activity = "Getting folder information for '$($UserADDelete.Name)'."
Status = "Processing $CounterB of $($ListeUserADDelete.Count)"
PercentComplete = $([math]::Round($percentCompleteB, 2))
}
Write-Progress @ProgressB -Id 1
$InfoUserDelete = Get-ADUser -identity $UserADDelete.sAMAccountName -properties 'msDS-cloudExtensionAttribute2'
$ExtensionAttributeDelete2 = $InfoUserDelete.'msDS-cloudExtensionAttribute2'
If ($Enable -eq $False) {
If ($DateDelete -gt $ExtensionAttributeDelete2) {
Remove-ADUser -Identity $UserADDelete.sAMAccountName
$TitreB = "Suppression du compte Active Directory : $UserAD.sAMAccountName "
$MessageB = "Bonjour, `r`n `r`n" `
+"Nous venons de supprimer le compte de : $DisplayName `r`n `r`n" `
+"Prénom : $GivenName `r`n" `
+"Nom : $Surname `r`n" `
+"Mail : $Mail `r`n" `
+"Matricule : $EmployeeID `r`n" `
+"Fonction : $Title `r`n" `
+"`r`n" `
+"Conformément à la politique entreprise le compte est resté en état désactivé pendant 30 jours `r`n" `
+"La suppression du compte GMAIL se fait également en automatique."
QueryGLPI $TitreB $MessageB "213"
}
}
$EtatUtilisateur = $null
$CounterB++
}
## Creation compte
$ListeNouveau = QuerySQLServer "SWDHBBDDP01.fr.dgs.group" "dhb_prd" "SELECT NOM,PRN,NOM_PAT,LIB_EMP,ADR_EML,MTR,NUM_ALC,COD_SEX,FLG_AGT,DAT_SRT,NUM_MAG_AGT FROM [dhb_prd].[dhbref].[TAB_RH_SAL] WHERE DTH_CRE >= '$DateCreation' ORDER BY DTH_CRE DESC"
$ListeNouveau | Format-Table
Pause
If ($ListeNouveau) {
Foreach ($NouveauUtilisateur in $ListeNouveau) {
$InfoUserNew = Get-ADUser -Filter * | Where-Object {$_.GivenName -like $NouveauUtilisateur.PRN -and $_.Surname -like $NouveauUtilisateur.NOM}
If ($InfoUserNew) {
$InfoUserNewA = Get-ADUser -identity $InfoUserNew.sAMAccountName -properties 'msDS-cloudExtensionAttribute1','msDS-cloudExtensionAttribute2',mail,employeeID,EmployeeNumber,EmployeeType,Title,Initials
}
$C = $InfoUserNew.c
$City = $InfoUserNew.City
$Cn = $InfoUserNew.cn
$Company = $InfoUserNew.company
$department = $InfoUserNew.department
$DisplayName = $InfoUserNew.displayName
$EmailAddress = $InfoUserNew.EmailAddress
$Enable = $InfoUserNew.Enabled
$GivenName = $InfoUserNew.GivenName
$Name = $InfoUserNew.Name
$Office = $InfoUserNew.Office
$Organization = $InfoUserNew.Organization
$PostalCode = $InfoUserNew.PostalCode
$sn = $InfoUserNew.sn
$Surname = $InfoUserNew.Surname
$ExtensionAttribute1 = $InfoUserNewA.'msDS-cloudExtensionAttribute1'
$ExtensionAttribute2 = $InfoUserNewA.'msDS-cloudExtensionAttribute2'
$Mail = $InfoUserNewA.Mail
$EmployeeID = $InfoUserNewA.employeeID
$EmployeeNumber = $InfoUserNewA.EmployeeNumber
$EmployeeType = $InfoUserNewA.EmployeeType
$Title = $InfoUserNewA.Title
$Initials = $InfoUserNewA.Initials
If ($NouveauUtilisateur.MTR -eq $EmployeeID) {
Write-host "Existe deja"
}
Else {
Write-Host "A creer"
$Surnametmp = ($NouveauUtilisateur.NOM).ToLower()
$GivenNametmp = ($NouveauUtilisateur.PRN).ToLower()
$Titletmp = ($NouveauUtilisateur.LIB_EMP).ToLower()
$Initialstmp = $NouveauUtilisateur.COD_SEX
$CodeMagtmp = $NouveauUtilisateur.NUM_MAG_AGT
$SurnameNew = (Get-Culture).TextInfo.ToTitleCase($Surnametmp)
$GivenNameNew = (Get-Culture).TextInfo.ToTitleCase($GivenNametmp)
$TitleNew = (Get-Culture).TextInfo.ToTitleCase($Titletmp)
$EmployeeIDNew = $NouveauUtilisateur.MTR
If ($NouveauUtilisateur.NOM_PAT) {
$SurnamePattmp = ($NouveauUtilisateur.NOM_PAT).ToLower()
$SurnamePatNew = (Get-Culture).TextInfo.ToTitleCase($SurnamePattmp)
}
$NameNew = $GivenNameNew+" "+$SurnameNew
$DisplayNameNew = $GivenNameNew+" "+$SurnameNew+" "+$SurnamePatNew
$SamAccountNameNew = (("$GivenNameNew.$SurnameNew").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$UserPrincipalNameNew = (("$GivenNameNew.$SurnameNew@fr.dgs.group").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$MailNew = (("$GivenNameNew.$SurnameNew@saint-maclou.com").Replace(' ','').Replace('é','e').Replace('è','e').Replace('ç','c').Replace('ï','i').Replace('î','i').Replace('ë','e').Replace('ö','o').Replace('ô','o')).ToLower()
$Password = ([System.Guid]::NewGuid()).ToString()
If ($SamAccountNameNew.Length -gt 20) {
$tmp = ($SamAccountNameNew).substring(0, 20)
$SamAccountNameNew = $tmp
}
Write-host $NameNew
Write-host $DisplayNameNew
Write-host $SamAccountNameNew
Write-host $UserPrincipalNameNew
Write-host $MailNew
Write-host $Password
Write-host $EmployeeIDNew
Write-host $TitleNew
New-ADUser -Name "$NameNew" -DisplayName "$DisplayNameNew" -GivenName "$GivenNameNew" -Surname "$SurnameNew" -SamAccountName "$SamAccountNameNew" -UserPrincipalName "$UserPrincipalNameNew" -Path "OU=_ARRIVER,OU=Utilisateurs,DC=fr,DC=dgs,DC=group" -AccountPassword (ConvertTo-SecureString "$Password" -AsPlainText -force) -Enabled $true -EmailAddress $MailNew
sleep 10
Set-ADUser -Identity $SamAccountNameNew -replace @{c="FR";co="France";countrycode=250}
Set-ADUser -Identity $SamAccountNameNew -Add @{'msDS-cloudExtensionAttribute1' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeType' = "Interne"}
Set-ADUser -Identity $SamAccountNameNew -Add @{'EmployeeID' = "$EmployeeIDNew"}
Set-ADUser -Identity $SamAccountNameNew -Title "$TitleNew"
Set-ADUser -Identity $SamAccountNameNew -Description "A remplir par le Helpdesk"
Set-ADUser -Identity $SamAccountNameNew -City "A remplir par le Helpdesk"
If ($Initialstmp -eq "H") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mr"
Write-Host "Update civilite - Mr"
}
ElseIf ($Initialstmp -eq "F") {
Set-ADUser -Identity $SamAccountNameNew -Initials "Mme"
Write-Host "Update civilite - Mme"
}
Else {
}
$TitreC = "Creation du compte de : $DisplayNameNew "
$MessageC = "Bonjour, `r`n `r`n" `
+"la creation de compte automatique a cree le compte de : $DisplayNameNew `r`n `r`n" `
+"Prenom : $GivenNameNew `r`n" `
+"Nom : $SurnameNew `r`n" `
+"Mail : $MailNew `r`n" `
+"Password temporaire : $Password `r`n" `
+"Matricule : $EmployeeIDNew `r`n" `
+"Fonction : $TitleNew `r`n"
QueryGLPI $TitreC $MessageC "104"
$C = $Null
$City = $Null
$Cn = $Null
$Company = $Null
$department = $Null
$DisplayName = $Null
$EmailAddress = $Null
$Enable = $Null
$GivenName = $Null
$Name = $Null
$Office = $Null
$Organization = $Null
$PostalCode = $Null
$sn = $Null
$Surname = $Null
$ExtensionAttribute1 = $Null
$ExtensionAttribute2 = $Null
$Mail = $Null
$EmployeeID = $Null
$EmployeeNumber = $Null
$EmployeeType = $Null
$Title = $Null
$Initials = $Null
$Surnametmp = $Null
$GivenNametmp = $Null
$Titletmp = $Null
$Initialstmp = $Null
$CodeMagtmp = $Null
$SurnameNew = $Null
$SurnamePatNew = $Null
$GivenNameNew = $Null
$TitleNew = $Null
$EmployeeIDNew = $Null
}
}
}
Stop-Transcript