1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
| Function OU
{
New-ADOrganizationalUnit -Name $service -path "DC=cesievol,DC=local" -server "2008R2" -ProtectedFromAccidentalDeletion $false
}
Function Groupe
{
New-ADGroup -name "G_$service" -GroupScope 'Global' -GroupCategory 'Security' -Path "OU=$service,DC=cesievol,DC=local"
}
Function User
{
New-ADUser -Name "$nom $prenom" -GivenName "$prenom" -Surname "$nom" -UserPrincipalName "$nom.$prenom@cesievol.local" -MobilePhone "$poste" -SamAccountName "$nom.$prenom" -Path "OU=$service,DC=cesievol,DC=local" -server '2008R2'
Set-ADAccountPassword -Identity "$nom.$prenom" -NewPassword $password -Reset
Set-ADUser -Identity "$nom.$prenom" -Enabled $true -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership "$nom.$prenom" -MemberOf "G_$service"
}
Function file
{
new-item -Path "E:\Commun\SERVICE\$service\" -Name "$nom.$prenom" -type directory
}
Function share
{
$partage = "$nom.$prenom$"
$dossier = "E:\Commun\SERVICE\$service\$nom.$prenom"
$trustee = ([WMIClass] "Win32_Trustee").CreateInstance()
$trustee.Domain = $null
$trustee.Name = "Tout le monde"
$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
$ace = ([WMIClass] "Win32_ACE").CreateInstance()
$ace.AccessMask = [int][System.Security.AccessControl.FileSystemRights]"FullControl"
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$sd = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$wmiShares = [WMICLASS] "WIN32_Share"
$wmiShares.Create("E:\Commun\SERVICE\$service\$nom.$prenom","$nom.$prenom$",0,2,$desc,$Null,$sd)
}
Import-Module ntfssecurity
Function ntfs
{
$SamMember = "$nom.$prenom"
$account = New-Object System.Security.Principal.NTAccount("cesievol.local",$SamMember)
$accountSid = $account.Translate([System.Security.Principal.SecurityIdentifier])
#Supprimer l'héritage
Disable-Inheritance E:\Commun\SERVICE\$service\$nom.$prenom
#Supprimer ACE
Remove-Ace E:\Commun\SERVICE\$service\$nom.$prenom\ -account S-1-5-32-545 -accessRights FullControl -Passthru
#Ajouter ACE
Add-Ace E:\Commun\SERVICE\$service\$nom.$prenom -account S-1-5-32-544 -accessRights FullControl -Passthru
Add-Ace E:\Commun\SERVICE\$service\$nom.$prenom -account $accountSid -accessRights write, Delete, ReadAndExecute, DeleteSubdirectoriesAndFiles -PassThru
}
$ligne=Get-Content c:\evolution.txt
Write-Host $ligne
# On compte le nombre de ligne
$nbligne = $ligne.length
#Write-Host $nbligne
# Afficher chaques lignes
Import-Module activedirectory
#Boucle permettant de prendre la colone
$password ='Password58!'
$password=ConvertTo-SecureString $password -AsPlainText -Force
For ($i=1;$i -lt $nbligne;$i++)
{
#Write-Host $ligne[$i]
$decoupe=$ligne[$i].split(";")
$nom=$decoupe[0]
$prenom=$decoupe[1]
$mobile=$decoupe[2]
$poste=$decoupe[3]
$service=$decoupe[4]
OU
Groupe
User
file
share
ntfs
} |
Partager